diff --git a/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff b/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff
index 233f4c3f4..2d43a2c27 100644
--- a/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff
+++ b/tests/macOS/2023.3CX/libffmpeg.change_decrease.mdiff
@@ -5,10 +5,10 @@
 | RISK | KEY | DESCRIPTION | EVIDENCE |
 |:--|:--|:--|:--|
 | -CRITICAL | [3P/sekoia/downloader_smooth_operator](https://github.com/SEKOIA-IO/Community/blob/a47734fa931e56f8646dab2abf31629431982429/yara_rules/downloader_mac_smooth_operator.yar#L1-L16) | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
-| -CRITICAL | [3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275) | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$sa1`<br>`$sa2`<br>`$op1`<br>`$op2` |
-| -CRITICAL | [3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214) | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
-| -CRITICAL | [3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_xor_hunting.yar#L2-L25) | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xof1`<br>`$fpa1`<br>`$fpa2`<br>`$fpb1`<br>`$xo1` |
-| -CRITICAL | [3P/volexity/iconic](https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50) | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`<br>`$str2`<br>`$str3` |
+| -CRITICAL | [3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275) | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$sa1`<br>`$sa2`<br>`$op1`<br>`$op2` |
+| -CRITICAL | [3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214) | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
+| -CRITICAL | [3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_xor_hunting.yar#L2-L25) | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xof1`<br>`$fpa1`<br>`$fpa2`<br>`$fpb1`<br>`$xo1` |
+| -CRITICAL | [3P/volexity/iconic](https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50) | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`<br>`$str2`<br>`$str3` |
 | -CRITICAL | [anti-static/xor/user_agent](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/xor/xor-user_agent.yara#xor_mozilla) | XOR'ed user agent, often found in backdoors, by Florian Roth | [xor_mozilla::$Mozilla_5_0](https://github.com/search?q=xor_mozilla%3A%3A%24Mozilla_5_0&type=code) |
 | -CRITICAL | [impact/remote_access/net_exec](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/net_exec.yara#lazarus_darwin_nsurl) | executes programs, sets permissions, sleeps, makes HTTP requests | [NSMutableURLRequest](https://github.com/search?q=NSMutableURLRequest&type=code)<br>[gethostname](https://github.com/search?q=gethostname&type=code)<br>[localtime](https://github.com/search?q=localtime&type=code)<br>[strncpy](https://github.com/search?q=strncpy&type=code)<br>[sprintf](https://github.com/search?q=sprintf&type=code)<br>[pclose](https://github.com/search?q=pclose&type=code)<br>[flock](https://github.com/search?q=flock&type=code)<br>[sleep](https://github.com/search?q=sleep&type=code)<br>[chmod](https://github.com/search?q=chmod&type=code)<br>[popen](https://github.com/search?q=popen&type=code)<br>[rand](https://github.com/search?q=rand&type=code) |
 | -HIGH | [exec/shell/arbitrary_command_dev_null](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/shell/arbitrary_command-dev_null.yara#cmd_dev_null_quoted) | runs quoted templated commands, discards output | ["%s" >/dev/null](https://github.com/search?q=%22%25s%22+%3E%2Fdev%2Fnull&type=code) |
diff --git a/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff b/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff
index a5927a374..8818ec436 100644
--- a/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff
+++ b/tests/macOS/2023.3CX/libffmpeg.change_increase.mdiff
@@ -5,10 +5,10 @@
 | RISK | KEY | DESCRIPTION | EVIDENCE |
 |:--|:--|:--|:--|
 | +CRITICAL | **[3P/sekoia/downloader_smooth_operator](https://github.com/SEKOIA-IO/Community/blob/a47734fa931e56f8646dab2abf31629431982429/yara_rules/downloader_mac_smooth_operator.yar#L1-L16)** | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
-| +CRITICAL | **[3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$sa1`<br>`$sa2`<br>`$op1`<br>`$op2` |
-| +CRITICAL | **[3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
-| +CRITICAL | **[3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xof1`<br>`$fpa1`<br>`$fpa2`<br>`$fpb1`<br>`$xo1` |
-| +CRITICAL | **[3P/volexity/iconic](https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50)** | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`<br>`$str2`<br>`$str3` |
+| +CRITICAL | **[3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$sa1`<br>`$sa2`<br>`$op1`<br>`$op2` |
+| +CRITICAL | **[3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
+| +CRITICAL | **[3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xof1`<br>`$fpa1`<br>`$fpa2`<br>`$fpb1`<br>`$xo1` |
+| +CRITICAL | **[3P/volexity/iconic](https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50)** | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`<br>`$str2`<br>`$str3` |
 | +CRITICAL | **[anti-static/xor/user_agent](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/xor/xor-user_agent.yara#xor_mozilla)** | XOR'ed user agent, often found in backdoors, by Florian Roth | [xor_mozilla::$Mozilla_5_0](https://github.com/search?q=xor_mozilla%3A%3A%24Mozilla_5_0&type=code) |
 | +CRITICAL | **[impact/remote_access/net_exec](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/net_exec.yara#lazarus_darwin_nsurl)** | executes programs, sets permissions, sleeps, makes HTTP requests | [NSMutableURLRequest](https://github.com/search?q=NSMutableURLRequest&type=code)<br>[gethostname](https://github.com/search?q=gethostname&type=code)<br>[localtime](https://github.com/search?q=localtime&type=code)<br>[strncpy](https://github.com/search?q=strncpy&type=code)<br>[sprintf](https://github.com/search?q=sprintf&type=code)<br>[pclose](https://github.com/search?q=pclose&type=code)<br>[flock](https://github.com/search?q=flock&type=code)<br>[sleep](https://github.com/search?q=sleep&type=code)<br>[chmod](https://github.com/search?q=chmod&type=code)<br>[popen](https://github.com/search?q=popen&type=code)<br>[rand](https://github.com/search?q=rand&type=code) |
 | +HIGH | **[exec/shell/arbitrary_command_dev_null](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/shell/arbitrary_command-dev_null.yara#cmd_dev_null_quoted)** | runs quoted templated commands, discards output | ["%s" >/dev/null](https://github.com/search?q=%22%25s%22+%3E%2Fdev%2Fnull&type=code) |
diff --git a/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff b/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff
index a5927a374..8818ec436 100644
--- a/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff
+++ b/tests/macOS/2023.3CX/libffmpeg.dirty.mdiff
@@ -5,10 +5,10 @@
 | RISK | KEY | DESCRIPTION | EVIDENCE |
 |:--|:--|:--|:--|
 | +CRITICAL | **[3P/sekoia/downloader_smooth_operator](https://github.com/SEKOIA-IO/Community/blob/a47734fa931e56f8646dab2abf31629431982429/yara_rules/downloader_mac_smooth_operator.yar#L1-L16)** | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
-| +CRITICAL | **[3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$sa1`<br>`$sa2`<br>`$op1`<br>`$op2` |
-| +CRITICAL | **[3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
-| +CRITICAL | **[3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xof1`<br>`$fpa1`<br>`$fpa2`<br>`$fpb1`<br>`$xo1` |
-| +CRITICAL | **[3P/volexity/iconic](https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50)** | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`<br>`$str2`<br>`$str3` |
+| +CRITICAL | **[3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$sa1`<br>`$sa2`<br>`$op1`<br>`$op2` |
+| +CRITICAL | **[3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
+| +CRITICAL | **[3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xof1`<br>`$fpa1`<br>`$fpa2`<br>`$fpb1`<br>`$xo1` |
+| +CRITICAL | **[3P/volexity/iconic](https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50)** | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`<br>`$str2`<br>`$str3` |
 | +CRITICAL | **[anti-static/xor/user_agent](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/xor/xor-user_agent.yara#xor_mozilla)** | XOR'ed user agent, often found in backdoors, by Florian Roth | [xor_mozilla::$Mozilla_5_0](https://github.com/search?q=xor_mozilla%3A%3A%24Mozilla_5_0&type=code) |
 | +CRITICAL | **[impact/remote_access/net_exec](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/net_exec.yara#lazarus_darwin_nsurl)** | executes programs, sets permissions, sleeps, makes HTTP requests | [NSMutableURLRequest](https://github.com/search?q=NSMutableURLRequest&type=code)<br>[gethostname](https://github.com/search?q=gethostname&type=code)<br>[localtime](https://github.com/search?q=localtime&type=code)<br>[strncpy](https://github.com/search?q=strncpy&type=code)<br>[sprintf](https://github.com/search?q=sprintf&type=code)<br>[pclose](https://github.com/search?q=pclose&type=code)<br>[flock](https://github.com/search?q=flock&type=code)<br>[sleep](https://github.com/search?q=sleep&type=code)<br>[chmod](https://github.com/search?q=chmod&type=code)<br>[popen](https://github.com/search?q=popen&type=code)<br>[rand](https://github.com/search?q=rand&type=code) |
 | +HIGH | **[exec/shell/arbitrary_command_dev_null](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/shell/arbitrary_command-dev_null.yara#cmd_dev_null_quoted)** | runs quoted templated commands, discards output | ["%s" >/dev/null](https://github.com/search?q=%22%25s%22+%3E%2Fdev%2Fnull&type=code) |
diff --git a/tests/macOS/2023.3CX/libffmpeg.increase.mdiff b/tests/macOS/2023.3CX/libffmpeg.increase.mdiff
index a5927a374..8818ec436 100644
--- a/tests/macOS/2023.3CX/libffmpeg.increase.mdiff
+++ b/tests/macOS/2023.3CX/libffmpeg.increase.mdiff
@@ -5,10 +5,10 @@
 | RISK | KEY | DESCRIPTION | EVIDENCE |
 |:--|:--|:--|:--|
 | +CRITICAL | **[3P/sekoia/downloader_smooth_operator](https://github.com/SEKOIA-IO/Community/blob/a47734fa931e56f8646dab2abf31629431982429/yara_rules/downloader_mac_smooth_operator.yar#L1-L16)** | Detect the Smooth_Operator malware, by [Sekoia.io](https://github.com/SEKOIA-IO/Community) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code) |
-| +CRITICAL | **[3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$sa1`<br>`$sa2`<br>`$op1`<br>`$op2` |
-| +CRITICAL | **[3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
-| +CRITICAL | **[3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xof1`<br>`$fpa1`<br>`$fpa2`<br>`$fpb1`<br>`$xo1` |
-| +CRITICAL | **[3P/volexity/iconic](https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50)** | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`<br>`$str2`<br>`$str3` |
+| +CRITICAL | **[3P/sig_base/3cxdesktopapp_backdoor](https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275)** | [Detects 3CXDesktopApp MacOS Backdoor component](https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/), by X__Junior (Nextron Systems) | [%s/.main_storage](https://github.com/search?q=%25s%2F.main_storage&type=code)<br>[%s/UpdateAgent](https://github.com/search?q=%25s%2FUpdateAgent&type=code)<br>`$sa1`<br>`$sa2`<br>`$op1`<br>`$op2` |
+| +CRITICAL | **[3P/sig_base/nk_3cx_dylib](https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214)** | [Detects malicious DYLIB files related to 3CX compromise](https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/), by Florian Roth (Nextron Systems) | `$xc1`<br>`$xc2`<br>`$xc3` |
+| +CRITICAL | **[3P/sig_base/susp_xored_mozilla](https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_xor_hunting.yar#L2-L25)** | [Detects suspicious single byte XORed keyword 'Mozilla/5.0' - it uses yara's XOR modifier and therefore cannot print the XOR key](https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()), by Florian Roth | `$xof1`<br>`$fpa1`<br>`$fpa2`<br>`$fpb1`<br>`$xo1` |
+| +CRITICAL | **[3P/volexity/iconic](https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-03-30%203CX/indicators/rules.yar#L32-L50)** | [Detects the MACOS version of the ICONIC loader.](https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/), by threatintel@volexity.com | `$str1`<br>`$str2`<br>`$str3` |
 | +CRITICAL | **[anti-static/xor/user_agent](https://github.com/chainguard-dev/malcontent/blob/main/rules/anti-static/xor/xor-user_agent.yara#xor_mozilla)** | XOR'ed user agent, often found in backdoors, by Florian Roth | [xor_mozilla::$Mozilla_5_0](https://github.com/search?q=xor_mozilla%3A%3A%24Mozilla_5_0&type=code) |
 | +CRITICAL | **[impact/remote_access/net_exec](https://github.com/chainguard-dev/malcontent/blob/main/rules/impact/remote_access/net_exec.yara#lazarus_darwin_nsurl)** | executes programs, sets permissions, sleeps, makes HTTP requests | [NSMutableURLRequest](https://github.com/search?q=NSMutableURLRequest&type=code)<br>[gethostname](https://github.com/search?q=gethostname&type=code)<br>[localtime](https://github.com/search?q=localtime&type=code)<br>[strncpy](https://github.com/search?q=strncpy&type=code)<br>[sprintf](https://github.com/search?q=sprintf&type=code)<br>[pclose](https://github.com/search?q=pclose&type=code)<br>[flock](https://github.com/search?q=flock&type=code)<br>[sleep](https://github.com/search?q=sleep&type=code)<br>[chmod](https://github.com/search?q=chmod&type=code)<br>[popen](https://github.com/search?q=popen&type=code)<br>[rand](https://github.com/search?q=rand&type=code) |
 | +HIGH | **[exec/shell/arbitrary_command_dev_null](https://github.com/chainguard-dev/malcontent/blob/main/rules/exec/shell/arbitrary_command-dev_null.yara#cmd_dev_null_quoted)** | runs quoted templated commands, discards output | ["%s" >/dev/null](https://github.com/search?q=%22%25s%22+%3E%2Fdev%2Fnull&type=code) |
diff --git a/tests/windows/2024.aspdasdksa2/callback.bat.json b/tests/windows/2024.aspdasdksa2/callback.bat.json
index ba3950b43..0988c51e7 100644
--- a/tests/windows/2024.aspdasdksa2/callback.bat.json
+++ b/tests/windows/2024.aspdasdksa2/callback.bat.json
@@ -12,11 +12,11 @@
                     ],
                     "RiskScore": 4,
                     "RiskLevel": "CRITICAL",
-                    "RuleURL": "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_susp.yar#L52-L91",
+                    "RuleURL": "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_susp.yar#L52-L91",
                     "ReferenceURL": "Internal%20Research",
                     "RuleAuthor": "Florian Roth (Nextron Systems)",
                     "RuleLicense": "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE",
-                    "RuleLicenseURL": "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE",
+                    "RuleLicenseURL": "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE",
                     "ID": "3P/sig_base/powershell_webdownload",
                     "RuleName": "SIGNATURE_BASE_Suspicious_Powershell_Webdownload_1"
                 },
diff --git a/third_party/yara/YARAForge/RELEASE b/third_party/yara/YARAForge/RELEASE
index 69422b874..5c375ef77 100644
--- a/third_party/yara/YARAForge/RELEASE
+++ b/third_party/yara/YARAForge/RELEASE
@@ -1 +1 @@
-20250907
+20250921
diff --git a/third_party/yara/YARAForge/yara-rules-full.yar b/third_party/yara/YARAForge/yara-rules-full.yar
index 9ae3eb910..a8bcfd2e2 100644
--- a/third_party/yara/YARAForge/yara-rules-full.yar
+++ b/third_party/yara/YARAForge/yara-rules-full.yar
@@ -12,24 +12,24 @@
  * Force Exclude Importance Level: 0
  * Minimum Age (in days): 0
  * Minimum Score: 40
- * Creation Date: 2025-09-07
- * Number of Rules: 11360
- * Skipped: 0 (age), 232 (quality), 8 (score), 0 (importance)
+ * Creation Date: 2025-09-21
+ * Number of Rules: 11378
+ * Skipped: 0 (age), 222 (quality), 8 (score), 0 (importance)
  */
 
-import "console"
+import "pe"
+import "elf"
+import "math"
 import "dotnet"
 import "hash"
-import "math"
-import "elf"
-import "pe"
+import "console"
 
 
 /*
  * YARA Rule Set
  * Repository Name: ReversingLabs
  * Repository: https://github.com/reversinglabs/reversinglabs-yara-rules/
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: d85d8e171d7ca1b13d7853886150b6de884454ed
  * Number of Rules: 1234
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -10491,8 +10491,8 @@ rule REVERSINGLABS_Bytecode_MSIL_Ransomware_Oct : TC_DETECTION MALICIOUS MALWARE
 		description = "Yara rule that detects Oct ransomware."
 		author = "ReversingLabs"
 		id = "e811a0ba-52df-5e88-ab71-df91d5cb584a"
-		date = "2025-10-07"
-		date = "2025-10-07"
+		date = "2025-10-21"
+		date = "2025-10-21"
 		modified = "2021-08-12"
 		reference = "ReversingLabs"
 		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d85d8e171d7ca1b13d7853886150b6de884454ed/yara/ransomware/ByteCode.MSIL.Ransomware.Oct.yara#L1-L68"
@@ -14282,8 +14282,8 @@ rule REVERSINGLABS_Win32_Ransomware_ONI : TC_DETECTION MALICIOUS MALWARE FILE
 		description = "Yara rule that detects Oni ransomware."
 		author = "ReversingLabs"
 		id = "9190aee2-1119-546e-82ca-a7aba44a9d7f"
-		date = "2025-09-07"
-		date = "2025-09-07"
+		date = "2025-09-21"
+		date = "2025-09-21"
 		modified = "2020-12-07"
 		reference = "ReversingLabs"
 		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d85d8e171d7ca1b13d7853886150b6de884454ed/yara/ransomware/Win32.Ransomware.Oni.yara#L1-L82"
@@ -58068,8 +58068,8 @@ rule REVERSINGLABS_Linux_Virus_Vit : TC_DETECTION MALICIOUS MALWARE FILE
 		description = "Yara rule that detects Vit virus."
 		author = "ReversingLabs"
 		id = "4515fe43-4c5a-521d-82b7-273823f0c64e"
-		date = "2025-09-07"
-		date = "2025-09-07"
+		date = "2025-09-21"
+		date = "2025-09-21"
 		modified = "2023-06-07"
 		reference = "ReversingLabs"
 		source_url = "https://github.com/reversinglabs/reversinglabs-yara-rules//blob/d85d8e171d7ca1b13d7853886150b6de884454ed/yara/virus/Linux.Virus.Vit.yara#L3-L36"
@@ -59309,7 +59309,7 @@ rule REVERSINGLABS_Win32_Exploit_CVE20200601 : TC_DETECTION MALICIOUS EXPLOIT CV
  * YARA Rule Set
  * Repository Name: R3c0nst
  * Repository: https://github.com/fboldewin/YARA-rules/
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 54e9e6899b258b72074b2b4db6909257683240c2
  * Number of Rules: 26
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -60068,9 +60068,9 @@ rule R3C0NST_UNC2891_Steelcorgi : FILE
  * YARA Rule Set
  * Repository Name: CAPE
  * Repository: https://github.com/kevoreilly/CAPEv2
- * Retrieval Date: 2025-09-07
- * Git Commit: cfc97e71ad538366f5d87d36a0116c27dcc72988
- * Number of Rules: 172
+ * Retrieval Date: 2025-09-21
+ * Git Commit: 4612c4699b865d0f60d8379b7bed86e53ab3bec8
+ * Number of Rules: 173
  * Skipped: 0 (age), 16 (quality), 3 (score), 0 (importance)
  *
  *
@@ -60751,8 +60751,8 @@ rule CAPE_Blister : FILE
 		date = "2023-09-20"
 		modified = "2023-09-20"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Blister.yar#L1-L17"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Blister.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "afb77617a4ca637614c429440c78da438e190dd1ca24dc78483aa731d80832c2"
 		hash = "d3eab2a134e7bd3f2e8767a6285b38d19cd3df421e8af336a7852b74f194802c"
 		logic_hash = "f26d85fdf0eb07e67fe38c43c5f6d024bfb7b2a333cb3411f5cdcff6bf5db12d"
@@ -60780,8 +60780,8 @@ rule CAPE_Masslogger : FILE
 		date = "2020-11-24"
 		modified = "2020-11-24"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/MassLogger.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/MassLogger.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "c8d82694810aafbdc6a35a661e7431e9536035e2f7fef90b9359064c4209b66c"
 		score = 75
 		quality = 70
@@ -60804,8 +60804,8 @@ rule CAPE_Obfuscar : FILE
 		date = "2025-03-07"
 		modified = "2025-03-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Obfuscar.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Obfuscar.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "54581e83e5fa13fae4bda74016b3fa1d18c92e2659f493ebe54d70fd5f77bba5"
 		score = 75
 		quality = 70
@@ -60826,8 +60826,8 @@ rule CAPE_Emotetloader : FILE
 		date = "2022-05-31"
 		modified = "2022-05-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/EmotetLoader.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/EmotetLoader.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "410872d25ed3a89a2cba108f952d606cd1c3bf9ccc89ae6ab3377b83665c2773"
 		score = 75
 		quality = 70
@@ -60849,8 +60849,8 @@ rule CAPE_Petya : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Petya.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Petya.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "f819261bb34f3b2eb7dc2f843b56be25105570fe902a77940a632a54fbe0d014"
 		score = 75
 		quality = 70
@@ -60874,8 +60874,8 @@ rule CAPE_Seduploader : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Seduploader.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Seduploader.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "d70c886699169d4dafc5b063c93682a34af5667df6d293b52256ddc19ab9c516"
 		score = 75
 		quality = 70
@@ -60897,8 +60897,8 @@ rule CAPE_Hermes : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Hermes.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Hermes.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "9bc974173f39a57e7adfbf8ae106a20d960557696b4c3ce16e9b4e47d3e9e95b"
 		score = 75
 		quality = 70
@@ -60922,8 +60922,8 @@ rule CAPE_Zeuspanda : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/ZeusPanda.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/ZeusPanda.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "43d8a56cae9fd23c053f6956851734d3270b46a906236854502c136e3bb1e761"
 		score = 75
 		quality = 70
@@ -60947,8 +60947,8 @@ rule CAPE_Nighthawk
 		date = "2022-12-05"
 		modified = "2022-12-05"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Nighthawk.yar#L3-L24"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Nighthawk.yar#L3-L24"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "2d77912678e06503ffef0e8ed84aa4f9ac74357480d57742fbae619acebfb5f2"
 		score = 75
 		quality = 70
@@ -60972,8 +60972,8 @@ rule CAPE_Doomedloader : FILE
 		date = "2024-05-09"
 		modified = "2024-05-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/DoomedLoader.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/DoomedLoader.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "54a5962ef49ebf987908c4ea1559788f7c96a7e4ea61d2973636e998a0239c77"
 		score = 75
 		quality = 70
@@ -60997,8 +60997,8 @@ rule CAPE_Gandcrab : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Gandcrab.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Gandcrab.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "354ed566dbafbe8e9531bb771d9846952eb8c0e70ee94c26d09368159ce4142c"
 		score = 75
 		quality = 70
@@ -61023,8 +61023,8 @@ rule CAPE_Icedid
 		date = "2021-12-16"
 		modified = "2021-12-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/IcedID.yar#L1-L18"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/IcedID.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "e60ccbab7a360020744eba65961156ca3e2ae9cf23671014f913d71c1a96a331"
 		score = 75
 		quality = 45
@@ -61053,8 +61053,8 @@ rule CAPE_Latrodectus
 		date = "2025-05-10"
 		modified = "2025-05-10"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Latrodectus.yar#L1-L16"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Latrodectus.yar#L1-L16"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "a547cff9991a713535e5c128a0711ca68acf9298cc2220c4ea0685d580f36811"
 		logic_hash = "a8430299930f4c8de0a88c6836d4821871f7183cc5ff44ea9be84fbea47bbb13"
 		score = 75
@@ -61081,8 +61081,8 @@ rule CAPE_Latrodectus_AES
 		date = "2025-05-10"
 		modified = "2025-05-10"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Latrodectus.yar#L18-L34"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Latrodectus.yar#L18-L34"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "5cecb26a3f33c24b92a0c8f6f5175da0664b21d7c4216a41694e4a4cad233ca8"
 		logic_hash = "058d278c16527969066d1b4ea7f0e3ab2809d5480cdab06ec476b465e0c4795a"
 		score = 75
@@ -61110,8 +61110,8 @@ rule CAPE_Buerloader : FILE
 		date = "2022-05-31"
 		modified = "2022-05-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/BuerLoader.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/BuerLoader.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "05c1f008f0a2bb8232867977fb23a5ae8312f10f0637c6265561052596319c29"
 		score = 75
 		quality = 70
@@ -61135,8 +61135,8 @@ rule CAPE_Trickbot
 		date = "2023-02-07"
 		modified = "2023-02-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/TrickBot.yar#L1-L20"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/TrickBot.yar#L1-L20"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "47cc2070b43957601a72745329a9d14fb3fbfd4d2b31cacc35d4ac750dde31ea"
 		score = 75
 		quality = 70
@@ -61167,8 +61167,8 @@ rule CAPE_Trickbot_Permadll_UEFI_Module
 		date = "2023-02-07"
 		modified = "2023-02-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/TrickBot.yar#L22-L38"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/TrickBot.yar#L22-L38"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "491115422a6b94dc952982e6914adc39"
 		logic_hash = "564055f56fd19bed8900e6d451ba050b4e9013a9208a3bdc3d3d563567d225d2"
 		score = 75
@@ -61196,8 +61196,8 @@ rule CAPE_Ursnif : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Ursnif.yar#L1-L19"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Ursnif.yar#L1-L19"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "46e79fde81ff5352314618021e394b2e0322df07170c7279363290b7134935fd"
 		score = 75
 		quality = 70
@@ -61226,8 +61226,8 @@ rule CAPE_Conti : FILE
 		date = "2021-03-15"
 		modified = "2021-03-15"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Conti.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Conti.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "c9842f93d012d0189b9c6f10ad558b37ae66226bbb619ad677f6906ccaf0e848"
 		score = 75
 		quality = 70
@@ -61251,8 +61251,8 @@ rule CAPE_Tscookie : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/TSCookie.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/TSCookie.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "0461c7fd14c74646437654f0a63a4a89d4efad620e197a8ca1e8d390618842c3"
 		score = 75
 		quality = 70
@@ -61276,8 +61276,8 @@ rule CAPE_Cobaltstrikestager
 		date = "2023-01-18"
 		modified = "2023-01-18"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/CobaltStrikeStager.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "6a55b0c3ab5f557dfb7a3f8bd616ede1bd9b93198590fc9d52aa19c1154388c5"
 		score = 75
 		quality = 70
@@ -61302,8 +61302,8 @@ rule CAPE_Xenorat
 		date = "2024-10-09"
 		modified = "2024-10-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/XenoRAT.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/XenoRAT.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "26f520fb69a52d05786fac0e9e38f5db9601da0a3e7768e00975a9684f3560ef"
 		score = 75
 		quality = 66
@@ -61330,8 +61330,8 @@ rule CAPE_Dridexloader : FILE
 		date = "2021-03-10"
 		modified = "2021-03-10"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/DridexLoader.yar#L1-L17"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/DridexLoader.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "20696b1f14539c8ecf21bffc696596040c20b1ee2fcedc173945482c0baca588"
 		score = 75
 		quality = 70
@@ -61358,8 +61358,8 @@ rule CAPE_Kovter : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Kovter.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Kovter.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "888fccb8fbfbe6c05ec63bc5658b4743f8e10a96ef51b3868c2ff94afec76f2d"
 		score = 75
 		quality = 70
@@ -61384,8 +61384,8 @@ rule CAPE_Smokeloader
 		date = "2024-11-12"
 		modified = "2024-11-12"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/SmokeLoader.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/SmokeLoader.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "779e2ac213e5ced7bc06e6208826b65cf8fc3113a69ede6408b84055542fa76d"
 		score = 75
 		quality = 70
@@ -61410,8 +61410,8 @@ rule CAPE_Lumma : FILE
 		date = "2025-07-08"
 		modified = "2025-07-08"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Lumma.yar#L1-L16"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Lumma.yar#L1-L16"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "ca7822292c58af68e7a1610362bf0b5d27c93e3222ceec8d216e05a442008f37"
 		score = 75
 		quality = 70
@@ -61438,8 +61438,8 @@ rule CAPE_Ursnifv3 : FILE
 		date = "2023-03-23"
 		modified = "2023-03-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/UrsnifV3.yar#L1-L18"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/UrsnifV3.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "501cd52388aba16f9d33b4555f310e1ad58326916b15358a485c701acb87abd8"
 		score = 75
 		quality = 70
@@ -61468,8 +61468,8 @@ rule CAPE_Tclient : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/TClient.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/TClient.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "6edcd01e4722b367723ed77d9596877d16ee35dc4c160885d125f83e45cee24d"
 		score = 75
 		quality = 70
@@ -61491,8 +61491,8 @@ rule CAPE_Bazar : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Bazar.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Bazar.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "9375f59b56e47fd0b90b089afdf3be8f16f960038fc625523a2e2d5509ab099d"
 		score = 75
 		quality = 70
@@ -61515,8 +61515,8 @@ rule CAPE_Hancitor : FILE
 		date = "2020-10-20"
 		modified = "2020-10-20"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Hancitor.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Hancitor.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "84003542a2f587b5fbd43731c4240759806f8ee46df2bd96aae4a3c09d97e41c"
 		score = 75
 		quality = 70
@@ -61541,8 +61541,8 @@ rule CAPE_Nemty : FILE
 		date = "2020-04-03"
 		modified = "2020-04-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Nemty.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Nemty.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "a05974b561c67b4f1e0812639b74831edcf65686a06c0d380f0b45739e342419"
 		score = 75
 		quality = 70
@@ -61566,8 +61566,8 @@ rule CAPE_Bitpaymer : FILE
 		date = "2019-11-27"
 		modified = "2019-11-27"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/BitPaymer.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/BitPaymer.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "6ae0dc9a36da13e483d8d653276b06f59ecc15c95c754c268dcc91b181677c4c"
 		score = 75
 		quality = 70
@@ -61590,8 +61590,8 @@ rule CAPE_Megacortex : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/MegaCortex.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/MegaCortex.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "5de1d8241260070241c91b97f18feb2a90069e3b158e863e2d9f568799c244e6"
 		score = 75
 		quality = 70
@@ -61615,8 +61615,8 @@ rule CAPE_Rhadamanthys
 		date = "2023-09-18"
 		modified = "2023-09-18"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Rhadamanthys.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Rhadamanthys.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "f71bee3ef1dd7b16a55397645d16c0a20d1fdd3bf662f241c0b11796629b11ff"
 		score = 75
 		quality = 70
@@ -61641,8 +61641,8 @@ rule CAPE_Cerber : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Cerber.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Cerber.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "16a8f808c28d3b142c079a305aba7f553f2452e439710bf610a06f8f2924d5a3"
 		score = 75
 		quality = 70
@@ -61664,8 +61664,8 @@ rule CAPE_Koiloader
 		date = "2024-10-25"
 		modified = "2024-10-25"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/KoiLoader.yar#L1-L35"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/KoiLoader.yar#L1-L35"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "b462e3235c7578450b2b56a8aff875a3d99d22f6970a01db3ba98f7ecb6b01a0"
 		logic_hash = "264a536632f8f11c904b00c9d2e505b3263c733ad8fbc2ef19c25a5ad58cef90"
 		score = 75
@@ -61709,8 +61709,8 @@ rule CAPE_Wanacry : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/WanaCry.yar#L1-L16"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/WanaCry.yar#L1-L16"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "16d5e39f043d27bbf22f8f21e13971b7e0709b07e44746dd157d11ee4cc51944"
 		score = 75
 		quality = 70
@@ -61736,8 +61736,8 @@ rule CAPE_Badrabbit : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/BadRabbit.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/BadRabbit.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "309e14ab4ea2f919358631f9d8b2aaff1f51e7708b6114e4e6bf4a9d9a5fc86c"
 		score = 75
 		quality = 70
@@ -61761,8 +61761,8 @@ rule CAPE_Azorult : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Azorult.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Azorult.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "4691cf48d513d1965416b0cce1b6e19c8f7b393a940afd68b7c6ca8c0d125d90"
 		score = 75
 		quality = 70
@@ -61785,8 +61785,8 @@ rule CAPE_Rozena
 		date = "2024-03-15"
 		modified = "2024-03-15"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Rozena.yar#L1-L10"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Rozena.yar#L1-L10"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "c415a8108b58a125a604031bb8d73b58a8aae5429b5b765e35fa8a4add9cd135"
 		score = 75
 		quality = 70
@@ -61809,8 +61809,8 @@ rule CAPE_Cryptoshield : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Cryptoshield.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Cryptoshield.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "46064b4c69cb1af01330c5d194ef50728e0f0479e9fbf72828822935f8e37ac6"
 		score = 75
 		quality = 70
@@ -61834,8 +61834,8 @@ rule CAPE_Socks5Systemz : FILE
 		date = "2025-05-23"
 		modified = "2025-05-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Socks5Systemz.yar#L1-L19"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Socks5Systemz.yar#L1-L19"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "7e324bacd1ea57585435b6a5a4c93bda63ca146c100f2361a1c5530b87668299"
 		score = 75
 		quality = 70
@@ -61865,8 +61865,8 @@ rule CAPE_Dridexv4 : FILE
 		date = "2022-05-31"
 		modified = "2022-05-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/DridexV4.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/DridexV4.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "cb103fe5f2d4792e3c612db4e2d84a4c8b0ce0f9a8443e9147e2c345f1dbdff6"
 		score = 75
 		quality = 70
@@ -61892,8 +61892,8 @@ rule CAPE_Remcos : FILE
 		date = "2022-05-10"
 		modified = "2022-05-10"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Remcos.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Remcos.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "38142e784ad437d9592353b924f74777bb62e5ed176c811230a2021a437d4710"
 		score = 75
 		quality = 68
@@ -61918,8 +61918,8 @@ rule CAPE_Vidar : FILE
 		date = "2023-04-21"
 		modified = "2023-04-21"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Vidar.yar#L1-L22"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Vidar.yar#L1-L22"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "5d4c030536ed41cf4e0dcb77b2fe4553d789ee2b8095a4b3e050692335a8709d"
 		score = 75
 		quality = 70
@@ -61952,8 +61952,8 @@ rule CAPE_Cargobayloader : FILE
 		date = "2023-02-20"
 		modified = "2023-02-20"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/CargoBayLoader.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/CargoBayLoader.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "75e975031371741498c5ba310882258c23b39310bd258239277708382bdbee9c"
 		logic_hash = "1d5c4ca79f97e1fac358189a8c6530be12506974fc2fb42f63b0b621536a45c9"
 		score = 75
@@ -61977,8 +61977,8 @@ rule CAPE_Sedreco : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Sedreco.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Sedreco.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "f735549606917f59a19157e604e54766e4456bc5d46e94cae3e0a3c18b52a7ca"
 		score = 75
 		quality = 70
@@ -62002,8 +62002,8 @@ rule CAPE_Dreambot : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Dreambot.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Dreambot.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "29c6d648d5d38667c5824c2d20a83a20448c2ae6054ddddb2b2b7f8bdb69f74b"
 		score = 75
 		quality = 70
@@ -62028,8 +62028,8 @@ rule CAPE_Rcsession
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/RCSession.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/RCSession.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "ebd1e9e615a91c35b36332cad55519607323469df738cec4464288b45787630d"
 		score = 75
 		quality = 70
@@ -62052,8 +62052,8 @@ rule CAPE_Ramnit : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Ramnit.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Ramnit.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "6f661f47bdf8377b0fb96f190fcb964c0ed2b43ce7ae7880f9dfce9e43837efd"
 		score = 75
 		quality = 70
@@ -62077,8 +62077,8 @@ rule CAPE_Lockbit : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Lockbit.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Lockbit.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "80ab705c8246a0bd5b3de65146cf32b102f39bf9444bdf1d366b5a794c1229b9"
 		score = 75
 		quality = 70
@@ -62104,8 +62104,8 @@ rule CAPE_Atlas : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Atlas.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Atlas.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "c3f73b29df5caf804dbfe3e6ac07a9e2c772bd2a126f0487e4a65e72bd501e6e"
 		score = 75
 		quality = 70
@@ -62129,8 +62129,8 @@ rule CAPE_Adaptixbeacon
 		date = "2025-06-16"
 		modified = "2025-06-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AdaptixBeacon.yar#L1-L16"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AdaptixBeacon.yar#L1-L16"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "f78f5803be5704420cbb2e0ac3c57fcb3d9cdf443fbf1233c069760bee115b5d"
 		logic_hash = "a05b5fed6328229f8490731ef9884f5b8225f8628b81dc199ea5c11fa25b8d0c"
 		score = 75
@@ -62157,8 +62157,8 @@ rule CAPE_Kronos : FILE
 		date = "2020-07-02"
 		modified = "2020-07-02"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Kronos.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Kronos.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "52ce9caf3627efe8ae86df6ca59e51e9f738e13ac0265f797e8d70123dbcaeb3"
 		score = 75
 		quality = 70
@@ -62183,8 +62183,8 @@ rule CAPE_Carbanak : FILE
 		date = "2024-03-18"
 		modified = "2024-03-18"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Carbanak.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Carbanak.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "c9c1b06cb9c9bd6fc4451f5e2847a1f9524bb2870d7bb6f0ee09b9dd4e3e4c84"
 		logic_hash = "8ed5ab07f1635dc7cdf296e86a71a0a99d0b2faef8fc460f43d426b24b8c8367"
 		score = 75
@@ -62209,8 +62209,8 @@ rule CAPE_Kpot : FILE
 		date = "2020-10-19"
 		modified = "2020-10-19"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Kpot.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Kpot.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "75abaab9a10e8ac8808425c389238285ab9bd9cb76f0cd03cc1e35b3ea0a1b0f"
 		score = 75
 		quality = 70
@@ -62234,8 +62234,8 @@ rule CAPE_Bumblebee : FILE
 		date = "2024-10-29"
 		modified = "2024-10-29"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/BumbleBee.yar#L35-L50"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/BumbleBee.yar#L35-L50"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "bc7c2ce9d3cd598c9510dc64d78048999f2f89ee5a84cd0d6046dbdfabe260ee"
 		score = 75
 		quality = 70
@@ -62262,8 +62262,8 @@ rule CAPE_Bumblebee2024
 		date = "2024-10-29"
 		modified = "2024-10-29"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/BumbleBee.yar#L52-L68"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/BumbleBee.yar#L52-L68"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "db58272c1ba74bc6e6a90bdacf7e8feec94be5da2b5123e0475ce86448f3edb2"
 		score = 75
 		quality = 70
@@ -62291,8 +62291,8 @@ rule CAPE_Amadey : FILE
 		date = "2025-08-15"
 		modified = "2025-08-15"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Amadey.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Amadey.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "988258716d5296c1323303e8fe4efd7f4642c87bfdbe970fe9a3bb3f410f70a4"
 		logic_hash = "5a7405a174b63826500f3b04c6f10bc9b40d5b49e85377bef027204e75dd1e9e"
 		score = 75
@@ -62318,8 +62318,8 @@ rule CAPE_Scarab : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Scarab.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Scarab.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "0d8fa7ab4c8e5699f17f9e9444e85a42563a840a8e7ee9eda54add3a6845d1c6"
 		score = 75
 		quality = 70
@@ -62343,8 +62343,8 @@ rule CAPE_Lokibot : FILE
 		date = "2022-02-01"
 		modified = "2022-02-01"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/LokiBot.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/LokiBot.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "a5b3d518371138740e913d2d6ce4fa22d3da5cea7e034c7d6b4b502e6bf44b06"
 		score = 75
 		quality = 70
@@ -62367,8 +62367,8 @@ rule CAPE_Stealc : FILE
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Stealc.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Stealc.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d"
 		logic_hash = "a6165168b7c74761b91d1691465688c748227b830813067edb4e9bdc934271c4"
 		score = 75
@@ -62392,8 +62392,8 @@ rule CAPE_Stealcv2 : FILE
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Stealc.yar#L15-L32"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Stealc.yar#L15-L32"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "911c6a7f63e91a788898f3cc6e66396e39d5bd48f8fbaac49ee5dbbdaa64d5a0"
 		score = 75
 		quality = 70
@@ -62422,8 +62422,8 @@ rule CAPE_Aurastealer
 		date = "2025-09-02"
 		modified = "2025-09-02"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AuraStealer.yar#L1-L18"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AuraStealer.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "960b83639a898509dc272f3235822401a8f861fa6607991993285b618b882d8b"
 		score = 75
 		quality = 70
@@ -62452,8 +62452,8 @@ rule CAPE_Formbook
 		date = "2023-10-13"
 		modified = "2023-10-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Formbook.yar#L1-L18"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Formbook.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "63ee4dd6fe5ed2a3e5ee88ba7de48d2c9e0024961a550d0fdb68891c9885e05e"
 		score = 75
 		quality = 70
@@ -62482,8 +62482,8 @@ rule CAPE_Magniber : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Magniber.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Magniber.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "1875754bdf98c1886f31f6c6e29992a98180f74d8fa168ae391e2c660d760618"
 		score = 75
 		quality = 70
@@ -62505,8 +62505,8 @@ rule CAPE_Rokrat : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/RokRat.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/RokRat.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "2aaa7de7ccd59e0da690f4bc0c7deaacf61314d61f8d2aa3ce6f6892f50612ec"
 		score = 75
 		quality = 70
@@ -62529,8 +62529,8 @@ rule CAPE_Eternalromance : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/EternalRomance.yar#L1-L33"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/EternalRomance.yar#L1-L33"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "5390fae3e2411a715cdc965df8648c0c4c511d53d5f76031714f1b784b58eb0d"
 		score = 75
 		quality = 68
@@ -62574,8 +62574,8 @@ rule CAPE_Varenyky : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Varenyky.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Varenyky.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "602f1b8b60b29565eabe2171fde4eb58546af68f8acecad402a7a51ea9a08ed9"
 		score = 75
 		quality = 70
@@ -62597,11 +62597,11 @@ rule CAPE_Asyncrat_Kingrat
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AsyncRAT.yar#L1-L30"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AsyncRAT.yar#L1-L30"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "1400d2029dfb66d8f2dc34db8643d6301f3af9bd356639f883d2c10bcc0c3947"
 		score = 75
-		quality = 33
+		quality = 58
 		tags = ""
 		cape_type = "AsyncRAT Payload"
 
@@ -62636,11 +62636,11 @@ rule CAPE_Stormkitty : FILE
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AsyncRAT.yar#L32-L57"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AsyncRAT.yar#L32-L57"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "258f5d9da80ff912459194b1139f062491df21a44456942951e2bd98e4b86c9b"
 		score = 75
-		quality = 41
+		quality = 66
 		tags = "FILE"
 		cape_type = "StormKitty Payload"
 
@@ -62672,11 +62672,11 @@ rule CAPE_Worldwind : FILE
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AsyncRAT.yar#L60-L82"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AsyncRAT.yar#L60-L82"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "9bb04fad460193cd877ea7f2de9337f69aadda01aee6c79f0a23cdf564b1e6c8"
 		score = 75
-		quality = 45
+		quality = 70
 		tags = "FILE"
 		cape_type = "WorldWind Payload"
 
@@ -62708,11 +62708,11 @@ rule CAPE_Prynt : FILE
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AsyncRAT.yar#L85-L107"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AsyncRAT.yar#L85-L107"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "84f2b33285ab1d129a62940a02990639cc8f7c92d490d7257e6aed9170d1e34e"
 		score = 75
-		quality = 45
+		quality = 70
 		tags = "FILE"
 		cape_type = "Prynt Payload"
 
@@ -62744,11 +62744,11 @@ rule CAPE_Xworm : FILE
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AsyncRAT.yar#L110-L136"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AsyncRAT.yar#L110-L136"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "5a86c2f0a188135e53d86c176806a208abbe3dd830bde364016859ffa5294bd7"
 		score = 75
-		quality = 43
+		quality = 68
 		tags = "FILE"
 		cape_type = "XWorm Payload"
 
@@ -62784,8 +62784,8 @@ rule CAPE_Xworm_Kingrat
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AsyncRAT.yar#L138-L155"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AsyncRAT.yar#L138-L155"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "3914be652bb7271e5e6b89d05edf10a54f8ddaf9e22d194b60501aa2cdd495d3"
 		score = 75
 		quality = 66
@@ -62816,11 +62816,11 @@ rule CAPE_Dcrat : FILE
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AsyncRAT.yar#L157-L222"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AsyncRAT.yar#L157-L222"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "5a02dcc2b9c7eb3efdba39047e37886240b45fb7e2db3b82aa5b4b9526dfb7f8"
 		score = 75
-		quality = 20
+		quality = 45
 		tags = "FILE"
 		cape_type = "DCRat Payload"
 
@@ -62890,8 +62890,8 @@ rule CAPE_Dcrat_Kingrat
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AsyncRAT.yar#L224-L243"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AsyncRAT.yar#L224-L243"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "73ac27c3f0fc71d053e89690b5a7d29c1f8b0ea0a22e8595148a9001799fae54"
 		score = 75
 		quality = 62
@@ -62923,8 +62923,8 @@ rule CAPE_Quasarrat : FILE
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AsyncRAT.yar#L245-L266"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AsyncRAT.yar#L245-L266"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "556b19dc0980761198ea31a285f281adae084463d24bff1eda15326436ad562b"
 		score = 75
 		quality = 70
@@ -62958,8 +62958,8 @@ rule CAPE_Quasarrat_Kingrat
 		date = "2025-02-03"
 		modified = "2025-02-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AsyncRAT.yar#L268-L287"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AsyncRAT.yar#L268-L287"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "1f4296a592134edbe52e256dc353143af02e897ff1afad98f3dac0c5ab13f3f7"
 		score = 75
 		quality = 70
@@ -62991,8 +62991,8 @@ rule CAPE_Arkei : FILE
 		date = "2025-01-10"
 		modified = "2025-01-10"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Arkei.yar#L1-L50"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Arkei.yar#L1-L50"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "296e420880d8d2f24424d0411e7ef4939e18147689557512f410da48498a44c9"
 		score = 75
 		quality = 70
@@ -63048,8 +63048,8 @@ rule CAPE_Bruteratel
 		date = "2024-07-11"
 		modified = "2024-07-11"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/BruteRatel.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/BruteRatel.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "0984977c716d6f8e068c045166eb5db77c9fbce27513e555dceca348375f1a66"
 		score = 75
 		quality = 70
@@ -63074,8 +63074,8 @@ rule CAPE_Agent_Tesla
 		date = "2025-03-07"
 		modified = "2025-03-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AgentTesla.yar#L1-L17"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AgentTesla.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "3945754129dcc58e0abfd7485f5ff0c0afdd1078ae2cf164ca8f59a6f79db1be"
 		score = 75
 		quality = 70
@@ -63101,8 +63101,8 @@ rule CAPE_Agenttesla : FILE
 		date = "2025-03-07"
 		modified = "2025-03-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AgentTesla.yar#L19-L41"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AgentTesla.yar#L19-L41"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "1bf9b26c4cf87e674ddffabe40aba5a45499c6a04d4ff3e43c3cda4cbcb4d188"
 		score = 75
 		quality = 70
@@ -63134,8 +63134,8 @@ rule CAPE_Agentteslav2 : FILE
 		date = "2025-03-07"
 		modified = "2025-03-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AgentTesla.yar#L43-L67"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AgentTesla.yar#L43-L67"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "b45296b3b94fa1ff32de48c94329a17402461fb6696e9390565c4dba9738ed78"
 		score = 75
 		quality = 70
@@ -63171,8 +63171,8 @@ rule CAPE_Agentteslav3 : FILE
 		date = "2025-03-07"
 		modified = "2025-03-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AgentTesla.yar#L69-L111"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AgentTesla.yar#L69-L111"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "26c4fa0ce8de6982eb599f3872e8ab2a6e83da4741db7f3500c94e0a8fe5d459"
 		score = 75
 		quality = 68
@@ -63225,8 +63225,8 @@ rule CAPE_Agentteslav4 : FILE
 		date = "2025-03-07"
 		modified = "2025-03-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AgentTesla.yar#L113-L126"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AgentTesla.yar#L113-L126"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "0a39036f408728ab312a54ff3354453d171424f57f9a8f3b42af867be3037ca9"
 		score = 75
 		quality = 70
@@ -63251,8 +63251,8 @@ rule CAPE_Agentteslav4Jit
 		date = "2025-03-07"
 		modified = "2025-03-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AgentTesla.yar#L128-L141"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AgentTesla.yar#L128-L141"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "8f7144d2a989ce8d291af926b292f5f0f7772e707b0e49797eba13ecf91b90bc"
 		score = 75
 		quality = 70
@@ -63277,8 +63277,8 @@ rule CAPE_Doppelpaymer : FILE
 		date = "2022-06-27"
 		modified = "2022-06-27"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/DoppelPaymer.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/DoppelPaymer.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "73a2575671bafc31a70af3ce072d6f94ae172b12202baebba586a02524cb6f9d"
 		score = 75
 		quality = 70
@@ -63301,8 +63301,8 @@ rule CAPE_Darkgate
 		date = "2024-02-26"
 		modified = "2024-02-26"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/DarkGate.yar#L1-L16"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/DarkGate.yar#L1-L16"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "25c0e77a83676c6a18445f8df0b1f7a9148de5f64eeb532f9a4f4d4652dd8191"
 		score = 75
 		quality = 70
@@ -63329,8 +63329,8 @@ rule CAPE_Aurorastealer : FILE
 		date = "2022-12-14"
 		modified = "2023-03-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/AuroraStealer.yar#L1-L74"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/AuroraStealer.yar#L1-L74"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "0d10e9268184f494a73d5b4ab0d9a478ad0c26d2ef13d5134f8c9769f028b8f5"
 		score = 75
 		quality = 45
@@ -63409,8 +63409,8 @@ rule CAPE_Fareit : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Fareit.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Fareit.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "ed35391ffc949219f380da3f22bc8397a7d5c742bd68e227c3becdebcab5cf83"
 		score = 75
 		quality = 70
@@ -63432,8 +63432,8 @@ rule CAPE_Nitrogenloader
 		date = "2025-07-28"
 		modified = "2025-07-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/NitrogenLoader.yar#L1-L35"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/NitrogenLoader.yar#L1-L35"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "4aab353aacc8f6910884e722f2d57439891680963accb906c2cee245437732c6"
 		score = 75
 		quality = 68
@@ -63479,8 +63479,8 @@ rule CAPE_Ryuk : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Ryuk.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Ryuk.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "b4463993d8956e402b927a3dcfa2ca9693a959908187f720372f2d3a40e6db0c"
 		score = 75
 		quality = 70
@@ -63505,8 +63505,8 @@ rule CAPE_Oyster
 		date = "2024-05-30"
 		modified = "2024-05-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Oyster.yar#L1-L19"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Oyster.yar#L1-L19"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "8bae0fa9f589cd434a689eebd7a1fde949cc09e6a65e1b56bb620998246a1650"
 		logic_hash = "23ab1518712dbce8319b87785d7ffc0c2b61de82c2bbf533ebf0aae39ec33540"
 		score = 75
@@ -63536,8 +63536,8 @@ rule CAPE_Gootkit : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Gootkit.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Gootkit.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "26704b6b0adca51933fc9d5e097930320768fd0e9355dcefc725aee7775316e7"
 		score = 75
 		quality = 70
@@ -63559,8 +63559,8 @@ rule CAPE_Mole : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Mole.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Mole.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "8be4d190d554a610360c0e04b33da59eb00319395e5b2000d580546ce6503786"
 		score = 75
 		quality = 70
@@ -63584,8 +63584,8 @@ rule CAPE_Pikabotloader : FILE
 		date = "2024-03-13"
 		modified = "2024-03-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/PikaBot.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/PikaBot.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "7e5f1f2911545ee6bd36b54f2627fbdec1b957f4b91df901dd1c6cbd4dff0231"
 		score = 75
 		quality = 70
@@ -63609,8 +63609,8 @@ rule CAPE_Pikabot : FILE
 		date = "2024-03-13"
 		modified = "2024-03-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/PikaBot.yar#L15-L28"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/PikaBot.yar#L15-L28"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "ed07217c373831a9a67d914854154988696e6fcea70dedabf333385f0e7bb8b7"
 		score = 75
 		quality = 70
@@ -63635,8 +63635,8 @@ rule CAPE_Pik23 : FILE
 		date = "2024-03-13"
 		modified = "2024-03-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/PikaBot.yar#L30-L44"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/PikaBot.yar#L30-L44"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "59f42ecde152f78731e54ea27e761bba748c9309a6ad1c2fd17f0e8b90f8aed1"
 		logic_hash = "71a71df2f2a075294941c54eed06cafaaa4d3294e45b3a0098c1cffddd0438bc"
 		score = 75
@@ -63662,8 +63662,8 @@ rule CAPE_Codoso : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Codoso.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Codoso.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "32c9ed2ac29e8905266977a9ee573a252442d96fb9ec97d88642180deceec3f8"
 		score = 75
 		quality = 70
@@ -63687,8 +63687,8 @@ rule CAPE_Nanolocker : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/NanoLocker.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/NanoLocker.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "fe6c8a4e259c3c526f8f50771251f6762b2b92a4df2e8bfc705f282489f757db"
 		score = 75
 		quality = 70
@@ -63703,6 +63703,32 @@ rule CAPE_Nanolocker : FILE
 	condition:
 		uint16( 0 ) == 0x5A4D and ( all of ( $a* ) )
 }
+rule CAPE_Vipkeylogger : FILE
+{
+	meta:
+		description = "Detects VIPKeyLogger Keylogger"
+		author = "kevoreilly"
+		id = "71606fcc-89b4-519a-833a-b6cb4b569cb8"
+		date = "2025-09-11"
+		modified = "2025-09-11"
+		reference = "https://github.com/kevoreilly/CAPEv2"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/VIPKeyLogger.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
+		logic_hash = "b9dba7562bba4807c0789692d44650996e62c8d0c4031dedd65773877621b1de"
+		score = 75
+		quality = 70
+		tags = "FILE"
+		cape_type = "VIPKeyLogger Payload"
+		packed = "edaba79c3d43a416a86003f336d879ed3a513aa24dd401340584615647ed6da2"
+
+	strings:
+		$s1 = "/ VIP Recovery \\" wide
+		$s2 = "Clipboard Logs ID" wide
+		$s3 = "Keylogger" wide
+
+	condition:
+		uint16( 0 ) == 0x5a4d and all of them
+}
 rule CAPE_Blackdropper
 {
 	meta:
@@ -63712,8 +63738,8 @@ rule CAPE_Blackdropper
 		date = "2024-10-22"
 		modified = "2024-10-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/BlackDropper.yar#L1-L17"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/BlackDropper.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "f8026ae3237bdd885e5fcaceb86bcab4087d8857e50ba472ca79ce44c12bc257"
 		logic_hash = "c7f7bc740d413b479ebe45611ddfc04f7e4f2978516b2882069b2569c7acdf28"
 		score = 75
@@ -63741,8 +63767,8 @@ rule CAPE_Amatera : FILE
 		date = "2025-06-19"
 		modified = "2025-06-19"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Amatera.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Amatera.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "35eb93548a0c037d392f870c05e0e9fb1aeff3a5a505e1d4a087f7465ed1f6af"
 		logic_hash = "1c02f04846568b85acbd4101b2e944dc824179f7cff1bceaec1c657939b610d5"
 		score = 75
@@ -63767,8 +63793,8 @@ rule CAPE_Zloader : FILE
 		date = "2025-04-07"
 		modified = "2025-04-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Zloader.yar#L1-L18"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Zloader.yar#L1-L18"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "adbd0c7096a7373be82dd03df1aae61cb39e0a155c00bbb9c67abc01d48718aa"
 		logic_hash = "525670973b67aac048199529c97d6be00b0a8cca9bc90deb647366d92a5ea540"
 		score = 75
@@ -63797,8 +63823,8 @@ rule CAPE_Zerot : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/ZeroT.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/ZeroT.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "f60ae25ac3cd741b8bdc5100b5d3c474b5d9fbe8be88bfd184994bae106c3803"
 		score = 75
 		quality = 68
@@ -63824,8 +63850,8 @@ rule CAPE_Jaff : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Jaff.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Jaff.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "6806a5eeee04b7436ff694addc334bfc0f1ee611116904d57be9506acfd47418"
 		score = 75
 		quality = 70
@@ -63850,8 +63876,8 @@ rule CAPE_Azer : FILE
 		date = "2019-10-30"
 		modified = "2019-10-30"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Azer.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Azer.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "48bd4a4e071f10d1911c4173a0cd39c69fed7a3b29eb92beffe709899f4cefa5"
 		score = 75
 		quality = 70
@@ -63875,8 +63901,8 @@ rule CAPE_Squirrelwaffle : FILE
 		date = "2021-10-13"
 		modified = "2021-10-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/SquirrelWaffle.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/SquirrelWaffle.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "5f799333398421d537ec7a87ca94f6cc9cf1e53e55b353036a5132440990e500"
 		score = 75
 		quality = 70
@@ -63899,8 +63925,8 @@ rule CAPE_Petrwrap : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/PetrWrap.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/PetrWrap.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "6dd1cf5639b63d0ab41b24080dad68d285f2e3969ad34fd724c83e7a0dd4b968"
 		score = 75
 		quality = 70
@@ -63925,8 +63951,8 @@ rule CAPE_Qakbot5 : FILE
 		date = "2024-04-28"
 		modified = "2024-04-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/QakBot.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/QakBot.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "59559e97962e40a15adb2237c4d01cfead03623aff1725616caeaa5a8d273a35"
 		logic_hash = "cc23a92f45619d44af824128b743c259dd9dfa7cb5106932f3425f3dfd1dccdf"
 		score = 75
@@ -63952,8 +63978,8 @@ rule CAPE_Qakbot4 : FILE
 		date = "2024-04-28"
 		modified = "2024-04-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/QakBot.yar#L17-L35"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/QakBot.yar#L17-L35"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "b2870e33abffbb3ff49b7891b0f5c538ab48ee63da5553929d4e37dec921344f"
 		score = 75
 		quality = 70
@@ -63983,8 +64009,8 @@ rule CAPE_Locky : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/CAPE/Locky.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/CAPE/Locky.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "9786c54a2644d9581fefe64be11b26e22806398e54e961fa4f19d26eae039cd7"
 		score = 75
 		quality = 70
@@ -64008,8 +64034,8 @@ rule CAPE_Themida : FILE
 		date = "2024-09-11"
 		modified = "2024-09-11"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/data/yara/binaries/Themida.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/data/yara/binaries/Themida.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "c4f1e01a3fe3cb66062ce03253bfe9edc09dc6f1a77db99b281106e8ceff9257"
 		score = 75
 		quality = 70
@@ -64031,8 +64057,8 @@ rule CAPE_Blister_1 : FILE
 		date = "2024-05-09"
 		modified = "2024-05-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Blister.yar#L1-L17"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Blister.yar#L1-L17"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "aba379b93c85241cf250829832b2c8a5eaafb3abd0ff955dbaf0d06489c00deb"
 		score = 75
 		quality = 70
@@ -64060,8 +64086,8 @@ rule CAPE_Slowloader
 		date = "2024-09-23"
 		modified = "2024-09-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/SlowLoader.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/SlowLoader.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "f07528c646ebd980a5e843caa4a4715e31b22c3cd091576600e9fe45d7fc2fe4"
 		score = 75
 		quality = 70
@@ -64084,8 +64110,8 @@ rule CAPE_Vbcrypter
 		date = "2021-03-28"
 		modified = "2021-03-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/VBCrypter.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/VBCrypter.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "a62bca62ab624ab1a2c2e612c5b7e6d543006026a49c07c46800499e31e41c4e"
 		score = 75
 		quality = 70
@@ -64107,8 +64133,8 @@ rule CAPE_Pikahook : FILE
 		date = "2024-03-12"
 		modified = "2024-03-12"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Pikabot.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Pikabot.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "2a50a5f2d905122a5b7ac8ca3666b47caa24d325e246841129e53807daf2a1dd"
 		score = 75
 		quality = 70
@@ -64133,8 +64159,8 @@ rule CAPE_Pikexport : FILE
 		date = "2024-03-12"
 		modified = "2024-03-12"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Pikabot.yar#L16-L28"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Pikabot.yar#L16-L28"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "238dcc5611ed9066b63d2d0109c9b623f54f8d7b61d5f9de59694cfc60a4e646"
 		logic_hash = "33f58703a0e40c2361343dbdcc17111aafbf5cc912393edda79005c6ec566f42"
 		score = 75
@@ -64158,8 +64184,8 @@ rule CAPE_Risepro : FILE
 		date = "2023-12-16"
 		modified = "2023-12-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/RisePro.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/RisePro.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "1b69a1dd5961241b926605f0a015fa17149c3b2759fb077a30a22d4ddcc273f6"
 		logic_hash = "055ca8328923b91f93c116e4a856366356fa11155f4e9fde95da31129b51386a"
 		score = 75
@@ -64184,8 +64210,8 @@ rule CAPE_Icedidsyscallwritemem : FILE
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/IcedID.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/IcedID.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "6b068106b038e9efeb9057cadf314d400c1ada1a1cc70336d3272da3a212c993"
 		score = 75
 		quality = 70
@@ -64209,8 +64235,8 @@ rule CAPE_Icedidhook
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/IcedID.yar#L15-L25"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/IcedID.yar#L15-L25"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "fd62e0ed6f2a18472fa9336daee0e8a3a55e21779a8385394e85f96da928e24f"
 		score = 75
 		quality = 70
@@ -64232,8 +64258,8 @@ rule CAPE_Icedidpackera : FILE
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/IcedID.yar#L27-L40"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/IcedID.yar#L27-L40"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "fbad60002286599ca06d0ecb3624740efbf13ee5fda545341b3e0bf4d5348cfe"
 		logic_hash = "aa0681e7794546355e6d61f739c49035a493cdfca7e666531d74e3835ec44408"
 		score = 75
@@ -64258,8 +64284,8 @@ rule CAPE_Icedidpackerb : FILE
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/IcedID.yar#L42-L56"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/IcedID.yar#L42-L56"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "6517ef2c579002ec62ddeb01a3175917c75d79ceca355c415a4462922c715cb6"
 		logic_hash = "fde1e2c0124d180b2fa3d0675b35e8d78fdd7b06cd27e9228c148aa29ce30ee7"
 		score = 75
@@ -64284,8 +64310,8 @@ rule CAPE_Icedidpackerc : FILE
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/IcedID.yar#L58-L71"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/IcedID.yar#L58-L71"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "c06805b6efd482c1a671ec60c1469e47772c8937ec0496f74e987276fa9020a5"
 		hash = "265c1857ac7c20432f36e3967511f1be0b84b1c52e4867889e367c0b5828a844"
 		logic_hash = "f1e75e380ab0947fdfda012b7a5077a1c2ef51163239846ab2dc29cac95ba166"
@@ -64310,8 +64336,8 @@ rule CAPE_Icedidpackerd : FILE
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/IcedID.yar#L73-L86"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/IcedID.yar#L73-L86"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "7b226f8cc05fa7d846c52eb0ec386ab37f9bae04372372509daa6bacc9f885d8"
 		logic_hash = "6685e0246f5a11ce0ca33447837de06506b447a5f8591423e2b76f2ab0274dc7"
 		score = 75
@@ -64336,8 +64362,8 @@ rule CAPE_Icedsleep : FILE
 		date = "2023-11-28"
 		modified = "2023-11-28"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/IcedID.yar#L88-L99"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/IcedID.yar#L88-L99"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "0b1a8be95b1b8a3b066837f9e47561ee8202d741b39d64e626c0461c2fbf7c70"
 		score = 75
 		quality = 70
@@ -64360,8 +64386,8 @@ rule CAPE_Gettickcountantivm
 		date = "2022-02-25"
 		modified = "2022-02-25"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/GetTickCountAntiVM.yar#L1-L20"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/GetTickCountAntiVM.yar#L1-L20"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "662bc7839ed7ddd82d5fdafa29fafd9a9ec299c28820fe4104fbba9be1a09c42"
 		hash = "00f1537b13933762e1146e41f3bac668123fac7eacd0aa1f7be0aa37a91ef3ce"
 		hash = "549bca48d0bac94b6a1e6eb36647cd007fed5c0e75a0e4aa315ceabdafe46541"
@@ -64392,8 +64418,8 @@ rule CAPE_Latrodectus_1 : FILE
 		date = "2024-02-26"
 		modified = "2024-02-26"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Latrodectus.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Latrodectus.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "378d220bc863a527c2bca204daba36f10358e058df49ef088f8b1045604d9d05"
 		logic_hash = "c2c9f23e287253d766425c05eb774f6e07bdcbabc259e04b723a1a87c8b91fbd"
 		score = 75
@@ -64416,8 +64442,8 @@ rule CAPE_Buerloader_1 : FILE
 		date = "2021-03-13"
 		modified = "2021-03-13"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/BuerLoader.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/BuerLoader.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "6f9f9b4c01251c0643c61701084cca2bdfeea08ca95f982355565cf05483d940"
 		score = 75
 		quality = 70
@@ -64439,8 +64465,8 @@ rule CAPE_Dridexloader_1 : FILE
 		date = "2021-03-09"
 		modified = "2021-03-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/DridexLoader.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/DridexLoader.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "00a3e4e80a2558ee52035f091e2339fa2dad6f6515b9dc099f2f3800e4c70bce"
 		score = 75
 		quality = 70
@@ -64462,8 +64488,8 @@ rule CAPE_Smokeloader_1 : FILE
 		date = "2023-02-06"
 		modified = "2023-02-06"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/SmokeLoader.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/SmokeLoader.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "4b15162f4b754cdd6a9124f29f0fd979085734063a0b17f2a97a9750f29e2e0b"
 		score = 75
 		quality = 70
@@ -64485,8 +64511,8 @@ rule CAPE_Lumma_1 : FILE
 		date = "2024-05-09"
 		modified = "2024-05-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Lumma.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Lumma.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "a8f9212b619796f91f14c4164e4d2f30c66b51118f22f3d6c310841b6707b7b0"
 		score = 75
 		quality = 70
@@ -64511,8 +64537,8 @@ rule CAPE_Lummaremap
 		date = "2024-05-09"
 		modified = "2024-05-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Lumma.yar#L16-L27"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Lumma.yar#L16-L27"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "51093379fbd041f75bdfe161bc9dfcc7d782c23ce16d625ca558bb58d8d57713"
 		score = 75
 		quality = 70
@@ -64535,8 +64561,8 @@ rule CAPE_Ursnifv3_1
 		date = "2023-03-23"
 		modified = "2023-03-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/UrsnifV3.yar#L1-L16"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/UrsnifV3.yar#L1-L16"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "d679546e37ee58087fce75920b2ce4e6d2b9ae55fb1ef80d14ec14309396757c"
 		score = 75
 		quality = 70
@@ -64563,8 +64589,8 @@ rule CAPE_Rhadamanthys_1
 		date = "2023-04-18"
 		modified = "2023-04-18"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Rhadamanthys.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Rhadamanthys.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "3c8fbfe14f81e099fc900023d9c856e3f45b99af38889ed952b2ac67a636f51d"
 		score = 75
 		quality = 70
@@ -64589,8 +64615,8 @@ rule CAPE_Privateloader
 		date = "2024-10-04"
 		modified = "2024-10-04"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/PrivateLoader.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/PrivateLoader.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "204a86bb3743f19fed0fe55ff5ccd716661f7f315b5966a29e434ccb3e160526"
 		score = 75
 		quality = 70
@@ -64613,8 +64639,8 @@ rule CAPE_Singlestepantihook
 		date = "2021-08-26"
 		modified = "2021-08-26"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/SingleStepAntiHook.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/SingleStepAntiHook.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "fc9f36b0ecc13192fe8b6caaff256ac52c1f14480223d629a38ba84e90dd0809"
 		score = 75
 		quality = 70
@@ -64636,8 +64662,8 @@ rule CAPE_Heavenssyscall : FILE
 		date = "2024-03-25"
 		modified = "2024-03-25"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/HeavensSyscall.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/HeavensSyscall.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "aeb981fcba0936ff8b1be4c601445fd45e5d3b74856a9439d351edd57f5a50c3"
 		score = 75
 		quality = 70
@@ -64661,8 +64687,8 @@ rule CAPE_Emotetpacker : FILE
 		date = "2022-06-09"
 		modified = "2022-06-09"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/EmotetPacker.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/EmotetPacker.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "5a95d1d87ce69881b58a0e3aafc1929861e2633cdd960021d7b23e2a36409e0d"
 		logic_hash = "5f27d9d18884f7e0805f69960869b332c1577bf8be8ac103285e8bf98cda0ffd"
 		score = 75
@@ -64686,8 +64712,8 @@ rule CAPE_Modiloader : FILE
 		date = "2025-01-31"
 		modified = "2025-01-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/ModiLoader.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/ModiLoader.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "1f0cbf841a6bc18d632e0bc3c591266e77c99a7717a15fc4b84d3e936605761f"
 		logic_hash = "9e64e0c40192cc832a1ffa7b3ac65a704596af82515d03706cd7aa1f4498f32f"
 		score = 75
@@ -64711,8 +64737,8 @@ rule CAPE_Modiloaderold : FILE
 		date = "2025-01-31"
 		modified = "2025-01-31"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/ModiLoader.yar#L15-L53"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/ModiLoader.yar#L15-L53"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "fc006377e6d41515503b0b234ff87f59d930a7d9f8b32d2e072de79b9c52ddc4"
 		score = 75
 		quality = 66
@@ -64756,8 +64782,8 @@ rule CAPE_Bumblebeeshellcode_1
 		date = "2023-02-08"
 		modified = "2023-02-08"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/BumbleBee.yar#L18-L32"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/BumbleBee.yar#L18-L32"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "865510868ee7c089c2ada0645098e851ca2bb9084a74315ce16296eb19c93ab4"
 		score = 75
 		quality = 70
@@ -64783,8 +64809,8 @@ rule CAPE_Darkgateloader
 		date = "2025-04-07"
 		modified = "2025-04-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/DarkGateLoader.yar#L1-L15"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/DarkGateLoader.yar#L1-L15"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "00692123615d2f7eaf8aea07754fc9439cf58e1fb8eb4f44f0428b362f27e794"
 		score = 75
 		quality = 70
@@ -64810,8 +64836,8 @@ rule CAPE_Stealcanti : FILE
 		date = "2025-09-01"
 		modified = "2025-09-01"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Stealc.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Stealc.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "77d6f1914af6caf909fa2a246fcec05f500f79dd56e5d0d466d55924695c702d"
 		logic_hash = "4132e8094b0b49a89e9f40a8b1a6abbf105bbb04e4ddf3ce739e39fc2baf0d13"
 		score = 75
@@ -64835,8 +64861,8 @@ rule CAPE_Stealcstrings : FILE
 		date = "2025-09-01"
 		modified = "2025-09-01"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Stealc.yar#L15-L26"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Stealc.yar#L15-L26"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "6d402446a979c00b6257ace9924db381d98c530b22968bd2776c66d58c7faefc"
 		score = 75
 		quality = 70
@@ -64859,8 +64885,8 @@ rule CAPE_Stealcv2Strings : FILE
 		date = "2025-09-01"
 		modified = "2025-09-01"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Stealc.yar#L28-L43"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Stealc.yar#L28-L43"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "923f70edb3ad70957576994008729bf7a087479eed1973c42161aa96fa694baa"
 		score = 75
 		quality = 70
@@ -64887,8 +64913,8 @@ rule CAPE_Stealcv2Datecheck : FILE
 		date = "2025-09-01"
 		modified = "2025-09-01"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Stealc.yar#L45-L56"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Stealc.yar#L45-L56"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "f074aceb7c111156752891acac8690c00dad7c26240fb0752cc12a9a65aa3d30"
 		score = 75
 		quality = 70
@@ -64911,8 +64937,8 @@ rule CAPE_Anticuckoo : FILE
 		date = "2023-03-17"
 		modified = "2023-03-17"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/AntiCuckoo.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/AntiCuckoo.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "ad5e52f144bb4a1dae3090978c6ecb4c7732538c9b62a6cedd32eccee6094be5"
 		logic_hash = "a039aeca2dae44980e8bffafacfda90975e107001be50f11ac916b35ad43592e"
 		score = 75
@@ -64935,8 +64961,8 @@ rule CAPE_Guloaderprecursor : FILE
 		date = "2023-10-02"
 		modified = "2023-10-02"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Guloader.yar#L17-L28"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Guloader.yar#L17-L28"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "ea05c352739366a03da302074b01537382ba26f7fd5049004f156e47d284f070"
 		score = 75
 		quality = 70
@@ -64959,8 +64985,8 @@ rule CAPE_Aurastealerbypass
 		date = "2025-09-02"
 		modified = "2025-09-02"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/AuraStealer.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/AuraStealer.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "ae174c96c262b1734c58bd6c5f7112221b08596c180612e4970acada35dbd070"
 		score = 75
 		quality = 70
@@ -64985,8 +65011,8 @@ rule CAPE_Formhooka
 		date = "2025-07-16"
 		modified = "2025-07-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Formbook.yar#L1-L14"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Formbook.yar#L1-L14"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "21b8101a7039cfad0e9d49cc1f055bc23a2eb4c973dcda2a81a007e452d77a6d"
 		score = 75
 		quality = 70
@@ -65011,8 +65037,8 @@ rule CAPE_Formconfa
 		date = "2025-07-16"
 		modified = "2025-07-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Formbook.yar#L32-L44"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Formbook.yar#L32-L44"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "b0aa4cec55a21245d8104380c531dd6cc0fdef64fbefd79616eadfb4e95b2d75"
 		score = 75
 		quality = 70
@@ -65036,8 +65062,8 @@ rule CAPE_Formhelper
 		date = "2025-07-16"
 		modified = "2025-07-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Formbook.yar#L46-L58"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Formbook.yar#L46-L58"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "77cdfc94aac089c4f2590f4afbab35351fc6e104e67813548c68c59d27019a63"
 		score = 75
 		quality = 70
@@ -65061,8 +65087,8 @@ rule CAPE_Formconfb
 		date = "2025-07-16"
 		modified = "2025-07-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Formbook.yar#L60-L75"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Formbook.yar#L60-L75"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "bb8f54220394420e698b5eac9276c3d0ab03148808cfb9e98feb56437ce2a5a7"
 		score = 75
 		quality = 70
@@ -65089,8 +65115,8 @@ rule CAPE_Bruteratelsyscall
 		date = "2024-07-22"
 		modified = "2024-07-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/BruteRatel.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/BruteRatel.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "5ed054b3cd5d2659c250945d55d6adac90945963c34ad2af0f8d7436141e86b6"
 		score = 75
 		quality = 70
@@ -65113,8 +65139,8 @@ rule CAPE_Bruteratelpacker
 		date = "2024-07-22"
 		modified = "2024-07-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/BruteRatel.yar#L14-L26"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/BruteRatel.yar#L14-L26"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "2ccb17efe378d034df34d20d7580c58171d0fd11c18fef6c9a23f1ba238514e6"
 		score = 75
 		quality = 70
@@ -65138,8 +65164,8 @@ rule CAPE_Bruterateldate
 		date = "2024-07-22"
 		modified = "2024-07-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/BruteRatel.yar#L28-L39"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/BruteRatel.yar#L28-L39"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "88589b2d08aea03565668ff1b9af20b6fe11cda50d867c60db7cb4d1826b0fd7"
 		score = 75
 		quality = 70
@@ -65162,8 +65188,8 @@ rule CAPE_Bruteratelconfig
 		date = "2024-07-22"
 		modified = "2024-07-22"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/BruteRatel.yar#L41-L51"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/BruteRatel.yar#L41-L51"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "b1815aafec940ab6c8daafc68ccf294845221ada260de5209dcb7e49ccd061c7"
 		score = 75
 		quality = 70
@@ -65185,8 +65211,8 @@ rule CAPE_Agentteslav3Jit
 		date = "2024-02-27"
 		modified = "2024-02-27"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/AgentTesla.yar#L16-L26"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/AgentTesla.yar#L16-L26"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "62a49cf4295df637f96ba7c127cfc4aeb9af2fcced497fdf34d726a062edc1ec"
 		score = 75
 		quality = 70
@@ -65208,8 +65234,8 @@ rule CAPE_Loadersyscall
 		date = "2025-07-23"
 		modified = "2025-07-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/NitrogenLoader.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/NitrogenLoader.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "3c7ffd8b95032cffecff7fa7e5f5f561cce13e1109f6a9b30bc743642b495e45"
 		score = 75
 		quality = 70
@@ -65233,8 +65259,8 @@ rule CAPE_Nitrogenloaderaes
 		date = "2025-07-23"
 		modified = "2025-07-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/NitrogenLoader.yar#L15-L27"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/NitrogenLoader.yar#L15-L27"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "de8ed0e98948cfadfd579e334fd9ce9f777ddbd988de897529ba71cb5eb2d396"
 		score = 75
 		quality = 70
@@ -65258,8 +65284,8 @@ rule CAPE_Nitrogenloaderbypass
 		date = "2025-07-23"
 		modified = "2025-07-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/NitrogenLoader.yar#L29-L41"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/NitrogenLoader.yar#L29-L41"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "3a034d3ddd18723ea1f91814c8c2a2c47a749dfd1496a5d4777d8ff8bfab3457"
 		score = 75
 		quality = 70
@@ -65283,8 +65309,8 @@ rule CAPE_Nitrogenloaderconfig
 		date = "2025-07-23"
 		modified = "2025-07-23"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/NitrogenLoader.yar#L43-L66"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/NitrogenLoader.yar#L43-L66"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "06d49ebf3f67476c83a77734dff0245a51027a35d92e5af07bb9146db5b156ca"
 		score = 75
 		quality = 70
@@ -65319,8 +65345,8 @@ rule CAPE_Xworm_1
 		date = "2023-11-07"
 		modified = "2023-11-07"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/XWorm.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/XWorm.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "d8e103f3470e83d71cd4992b74698c0721b8a69d764fdb7a4543997b2853014a"
 		score = 75
 		quality = 70
@@ -65342,8 +65368,8 @@ rule CAPE_Rdtscpantivm
 		date = "2021-12-11"
 		modified = "2021-12-11"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/RdtscpAntiVM.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/RdtscpAntiVM.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "be0f9b52fb630730a38160f4ad2d50b6b4bea5edd82e3ea4d1e257cf7b090910"
 		score = 75
 		quality = 70
@@ -65365,8 +65391,8 @@ rule CAPE_Mysterysnail
 		date = "2021-10-16"
 		modified = "2021-10-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/MysterySnail.yar#L1-L11"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/MysterySnail.yar#L1-L11"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "9402dbbbfdd286e2309ee83fc08194f70f73657a3a4e3785dfbcb564dbee86a8"
 		score = 75
 		quality = 70
@@ -65388,8 +65414,8 @@ rule CAPE_Zloader_1 : FILE
 		date = "2024-05-03"
 		modified = "2024-05-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Zloader.yar#L1-L12"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Zloader.yar#L1-L12"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "319adca805083c7f5854fe840447cf961addbd748f1f25eb8ec8cdeed7af38aa"
 		score = 75
 		quality = 70
@@ -65412,8 +65438,8 @@ rule CAPE_Zloader_2024 : FILE
 		date = "2024-05-03"
 		modified = "2024-05-03"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/Zloader.yar#L14-L26"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/Zloader.yar#L14-L26"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "38d555ef5f613cf7ca043697c479100a7a22e7f043acf8b6a46f8009eb92fd7e"
 		score = 75
 		quality = 70
@@ -65437,8 +65463,8 @@ rule CAPE_Qakbot5_1 : FILE
 		date = "2024-02-16"
 		modified = "2024-02-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/QakBot.yar#L1-L13"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/QakBot.yar#L1-L13"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "303ea2d8d1a7f0fd0ca5508dae2c1b83c03b1e3e975760f15d36d93bcc152767"
 		score = 75
 		quality = 70
@@ -65462,8 +65488,8 @@ rule CAPE_Qakbot4_1 : FILE
 		date = "2024-02-16"
 		modified = "2024-02-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/QakBot.yar#L15-L29"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/QakBot.yar#L15-L29"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		logic_hash = "ad75b07b9b786f634fd46cbe6dc089d3f732673320e70714e8ab058f0392c9f5"
 		score = 75
 		quality = 70
@@ -65489,8 +65515,8 @@ rule CAPE_Qakbotloader : FILE
 		date = "2024-02-16"
 		modified = "2024-02-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/QakBot.yar#L31-L46"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/QakBot.yar#L31-L46"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "6f99171c95a8ed5d056eeb9234dbbee123a6f95f481ad0e0a966abd2844f0e1a"
 		logic_hash = "00869c0a9bf62cde3f46ca915b0ef689557b09dc58d6de34609e3998abfa7e98"
 		score = 75
@@ -65517,8 +65543,8 @@ rule CAPE_Qakbotantivm
 		date = "2024-02-16"
 		modified = "2024-02-16"
 		reference = "https://github.com/kevoreilly/CAPEv2"
-		source_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/analyzer/windows/data/yara/QakBot.yar#L48-L59"
-		license_url = "https://github.com/kevoreilly/CAPEv2/blob/cfc97e71ad538366f5d87d36a0116c27dcc72988/LICENSE"
+		source_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/analyzer/windows/data/yara/QakBot.yar#L48-L59"
+		license_url = "https://github.com/kevoreilly/CAPEv2/blob/4612c4699b865d0f60d8379b7bed86e53ab3bec8/LICENSE"
 		hash = "e269497ce458b21c8427b3f6f6594a25d583490930af2d3395cb013b20d08ff7"
 		logic_hash = "20f1cd28f38945a3aa328e77e78525fb1ffc47ecf54d5a40c2f18264c3973989"
 		score = 75
@@ -65536,7 +65562,7 @@ rule CAPE_Qakbotantivm
  * YARA Rule Set
  * Repository Name: BinaryAlert
  * Repository: https://github.com/airbnb/binaryalert/
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: a9c0f06affc35e1f8e45bb77f835b92350c68a0b
  * Number of Rules: 78
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -67947,10 +67973,10 @@ rule BINARYALERT_Hacktool_Windows_Moyix_Creddump
  * YARA Rule Set
  * Repository Name: DeadBits
  * Repository: https://github.com/deadbits/yara-rules/
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: d002f7ecee23e09142a3ac3e79c84f71dda3f001
- * Number of Rules: 18
- * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance)
+ * Number of Rules: 19
+ * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
  *
  *
  * LICENSE
@@ -68117,7 +68143,7 @@ rule DEADBITS_Crescentcore_DMG : INSTALLER MACOSMALWARE FILE
 		license_url = "N/A"
 		logic_hash = "819f01fdacea1e95f0f4d4f8e59ebae97ff9489a1be2c60e33253580a8f9e418"
 		score = 75
-		quality = 26
+		quality = 51
 		tags = "INSTALLER, MACOSMALWARE, FILE"
 		Author = "Adam M. Swanda"
 
@@ -68307,7 +68333,7 @@ rule DEADBITS_Jsworm : MALWARE FILE
 		license_url = "N/A"
 		logic_hash = "99074e25ec15c5b25fa41bef19203f5ddc227acd51fadca1e2c3ece538b3da01"
 		score = 75
-		quality = 53
+		quality = 78
 		tags = "MALWARE, FILE"
 
 	strings:
@@ -68411,7 +68437,7 @@ rule DEADBITS_Acbackdoor_ELF : LINUX MALWARE BACKDOOR
 		description = "No description has been set in the source file - DeadBits"
 		author = "Adam M. Swanda"
 		id = "82eb41bf-cd1d-5b00-973b-31a79c75cfc0"
-		date = "2019-11-07"
+		date = "2019-11-21"
 		modified = "2019-12-04"
 		reference = "https://www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-backdoor/"
 		source_url = "https://github.com/deadbits/yara-rules//blob/d002f7ecee23e09142a3ac3e79c84f71dda3f001/rules/ACBackdoor_Linux.yara#L1-L41"
@@ -68445,6 +68471,51 @@ rule DEADBITS_Acbackdoor_ELF : LINUX MALWARE BACKDOOR
 	condition:
 		( uint32be( 0x0 ) == 0x7f454c46 ) and ( ( $ua_str and all of ( $header* ) and $initd and all of ( $rcd* ) ) or ( $ua_str and all of ( $header* ) and 10 of ( $str* ) ) )
 }
+rule DEADBITS_Godlua_Linux : LINUXMALWARE FILE
+{
+	meta:
+		description = "No description has been set in the source file - DeadBits"
+		author = "Adam Swanda"
+		id = "1a05c88a-8199-5c6d-9352-9ef60df40078"
+		date = "2019-07-18"
+		modified = "2019-07-22"
+		reference = "https://github.com/deadbits/yara-rules"
+		source_url = "https://github.com/deadbits/yara-rules//blob/d002f7ecee23e09142a3ac3e79c84f71dda3f001/rules/godlua_linux.yara#L1-L57"
+		license_url = "N/A"
+		logic_hash = "70a8078f261648f050807e82009493e39fa32c0748576b3df76d8aaaa117103e"
+		score = 75
+		quality = 51
+		tags = "LINUXMALWARE, FILE"
+		Author = "Adam M. Swanda"
+
+	strings:
+		$tmp0 = "/tmp" ascii fullword
+		$tmp1 = "TMPDIR" ascii
+		$str1 = "\"description\": \"" ascii fullword
+		$str2 = "searchers" ascii fullword
+		$str3 = "/dev/misc/watchdog" ascii fullword
+		$str4 = "/dev/wdt" ascii fullword
+		$str5 = "/dev/misc/wdt"
+		$str6 = "lcurl.safe" ascii fullword
+		$str7 = "luachild" ascii fullword
+		$str8 = "cjson.safe" ascii fullword
+		$str9 = "HostUrl" ascii fullword
+		$str10 = "HostConnect" ascii fullword
+		$str11 = "LUABOX" ascii fullword
+		$str12 = "Infinity" ascii fullword
+		$str13 = "/bin/sh" ascii fullword
+		$str14 = /\.onion(\.)?/ ascii fullword
+		$str15 = "/etc/resolv.conf" ascii fullword
+		$str16 = "hosts:" ascii fullword
+		$resolvers = /([0-9]{1,3}\.){3}[0-9]{1,3}:53,([0-9]{1,3}\.){3}[0-9]{1,3},([0-9]{1,3}\.){3}[0-9]{1,3}:5353,([0-9]{1,3}\.){3}[0-9]{1,3}:443/ ascii
+		$identifier0 = "$LuaVersion: God " ascii
+		$identifier1 = /fbi\/d\.\/d.\/d/ ascii
+		$identifier2 = "Copyright (C) FBI Systems, 2012-2019, https://fbi.gov" fullword ascii
+		$identifier3 = "God 5.1"
+
+	condition:
+		uint16( 0 ) == 0x457f and ( all of them or ( any of ( $identifier* ) and $resolvers and any of ( $tmp* ) and 4 of ( $str* ) ) or ( any of ( $identifier* ) and any of ( $tmp* ) and 4 of ( $str* ) ) )
+}
 rule DEADBITS_TA505_Flowerpippi : TA505 FINANCIAL BACKDOOR WINMALWARE FILE
 {
 	meta:
@@ -68563,7 +68634,7 @@ rule DEADBITS_Watchdog_Botnet : BOTNET LINUXMALWARE EXPLOITATION CVE_2019_11581
 		license_url = "N/A"
 		logic_hash = "aea8afdf118b79f701941ddd4306ee0f1c947ea59de5485ff977beff95e06d35"
 		score = 75
-		quality = 53
+		quality = 78
 		tags = "BOTNET, LINUXMALWARE, EXPLOITATION, CVE_2019_11581, CVE_2019_10149"
 		Author = "Adam M. Swanda"
 
@@ -68614,7 +68685,7 @@ rule DEADBITS_KPOT_V2 : WINMALWARE INFOSTEALER FILE
 		license_url = "N/A"
 		logic_hash = "dc8cce2ae3a427f771b19b4d0e027b653ff03a7bf816303460398987535c5351"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "WINMALWARE, INFOSTEALER, FILE"
 		Description = "Attempts to detect KPOT version 2 payloads"
 		Author = "Adam M. Swanda"
@@ -68755,7 +68826,7 @@ rule DEADBITS_Dnspionage : APT DNSCHANGER FILE
  * YARA Rule Set
  * Repository Name: DelivrTo
  * Repository: https://github.com/delivr-to/detections
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: f85e1d0c477cbf4689d1cfe4a80049c465673b23
  * Number of Rules: 13
  * Skipped: 0 (age), 2 (quality), 0 (score), 0 (importance)
@@ -68942,7 +69013,7 @@ rule DELIVRTO_SUSP_ZPAQ_Archive_Nov23 : FILE
 		license_url = "N/A"
 		logic_hash = "348144ee7137def00b37e074507e8148e51d34c484802a56bcd6e090d4628f18"
 		score = 40
-		quality = 55
+		quality = 80
 		tags = "FILE"
 
 	strings:
@@ -69074,8 +69145,8 @@ rule DELIVRTO_SUSP_Onenote_Win_Script_Encoding_Feb23 : FILE
  * YARA Rule Set
  * Repository Name: ESET
  * Repository: https://github.com/eset/malware-ioc
- * Retrieval Date: 2025-09-07
- * Git Commit: 1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13
+ * Retrieval Date: 2025-09-21
+ * Git Commit: ce59e9b9aa3b50c66675392b71a93c4854de8c2b
  * Number of Rules: 99
  * Skipped: 0 (age), 8 (quality), 1 (score), 0 (importance)
  *
@@ -69116,8 +69187,8 @@ private rule ESET_Invisimole_Blob_PRIVATE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/invisimole/invisimole.yar#L34-L52"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/invisimole/invisimole.yar#L34-L52"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "8bddaf874da58fbe6362498f8979b511f39531fe2b98d4be8c099bdafb6d0067"
 		score = 75
 		quality = 80
@@ -69144,8 +69215,8 @@ private rule ESET_Not_Ms_PRIVATE
 		date = "2018-09-05"
 		modified = "2018-09-05"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/turla/turla-outlook.yar#L34-L40"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/turla/turla-outlook.yar#L34-L40"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "71f492eaa80bee5e8cc5bec67b2a7fd6f5f71ee2594d9f531043747533c80443"
 		score = 75
 		quality = 80
@@ -69163,8 +69234,8 @@ private rule ESET_Potaosecondstage_PRIVATE
 		date = "2015-07-30"
 		modified = "2015-07-30"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/potao/PotaoNew.yara#L81-L95"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/potao/PotaoNew.yara#L81-L95"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "55f9fc2da09aa9c2e76725985c836f7b8ba5e0b69a9327fb911e8265b340b88c"
 		score = 75
 		quality = 28
@@ -69190,8 +69261,8 @@ private rule ESET_Potaousb_PRIVATE
 		date = "2015-07-30"
 		modified = "2015-07-30"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/potao/PotaoNew.yara#L71-L80"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/potao/PotaoNew.yara#L71-L80"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "8f72afbf3b123ea3914b3eade267bd21f7435fbf9fbde4049ca2600513bb31d9"
 		score = 75
 		quality = 28
@@ -69214,8 +69285,8 @@ private rule ESET_Potaodll_PRIVATE
 		date = "2015-07-30"
 		modified = "2015-07-30"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/potao/PotaoNew.yara#L46-L70"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/potao/PotaoNew.yara#L46-L70"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "1d1154eb10cc70b3252e3ca4a85789e8605f2f3b7044f03ec960fd56ab81886a"
 		score = 75
 		quality = 28
@@ -69252,8 +69323,8 @@ private rule ESET_Potaodecoy_PRIVATE
 		date = "2015-07-30"
 		modified = "2015-07-30"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/potao/PotaoNew.yara#L32-L45"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/potao/PotaoNew.yara#L32-L45"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "93cbe1d1545d1fb85b3218b68619e67a1dda80d5888d2685a04915b861dfce01"
 		score = 75
 		quality = 28
@@ -69280,8 +69351,8 @@ private rule ESET_Prikormkaearlyversion_PRIVATE
 		date = "2019-08-28"
 		modified = "2019-08-28"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/groundbait/prikormka.yar#L112-L128"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/groundbait/prikormka.yar#L112-L128"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "681c7fb322953da162c10b76e453aa8ace6673720012383e3cd5528b59b42de3"
 		score = 75
 		quality = 28
@@ -69311,8 +69382,8 @@ private rule ESET_Prikormkamodule_PRIVATE
 		date = "2019-08-28"
 		modified = "2019-08-28"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/groundbait/prikormka.yar#L53-L110"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/groundbait/prikormka.yar#L53-L110"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "d5d7f1a46cbf9ff545c0fa840228d19ee7d45307078b4ae0b5a2fdf1c94d2978"
 		score = 75
 		quality = 26
@@ -69367,8 +69438,8 @@ private rule ESET_Prikormkadropper_PRIVATE
 		date = "2019-08-28"
 		modified = "2019-08-28"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/groundbait/prikormka.yar#L33-L51"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/groundbait/prikormka.yar#L33-L51"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "cf524cdf4ffeb5c9280c5c8e7fca524c41e1ce4f9bc46b1fc8cb8b50ea68ec39"
 		score = 75
 		quality = 28
@@ -69399,8 +69470,8 @@ private rule ESET_IIS_Native_Module_PRIVATE : FILE
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/badiis/badiis.yar#L34-L92"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/badiis/badiis.yar#L34-L92"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "5a388dc3253df606e2648d1f9c018e6dde373bbddce66dba69b7aecdd95bac18"
 		score = 75
 		quality = 55
@@ -69466,8 +69537,8 @@ private rule ESET_Is_Elf_PRIVATE
 		date = "2016-11-01"
 		modified = "2016-11-01"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/moose/linux-moose.yar#L32-L39"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/moose/linux-moose.yar#L32-L39"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "2a3c9a875852cd3ce86d43b9e4a6ba786ecbae1f18bba73a3bef5b7e8ba67a3b"
 		score = 75
 		quality = 80
@@ -69488,8 +69559,8 @@ rule ESET_Apt_Windows_TA410_Tendyron_Dropper
 		date = "2020-12-09"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L34-L53"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L34-L53"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "45f7300a4b85624ad3fda5c73a24f53f53cb7990def4d84e04dcd8e5747f4f2e"
 		score = 75
 		quality = 80
@@ -69517,8 +69588,8 @@ rule ESET_Apt_Windows_TA410_Tendyron_Installer
 		date = "2020-12-09"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L55-L73"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L55-L73"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "9c3afb924747614f27c31cf2c3d98f4932a9d11597a3ac94263bf93be02801da"
 		score = 75
 		quality = 80
@@ -69545,8 +69616,8 @@ rule ESET_Apt_Windows_TA410_Tendyron_Downloader
 		date = "2020-12-09"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L75-L107"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L75-L107"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "16030a78ae9af8783f5913644294ceff861c8264ead8ca99435032be6d7949ef"
 		score = 75
 		quality = 80
@@ -69578,8 +69649,8 @@ rule ESET_Apt_Windows_TA410_X4_Strings
 		date = "2020-10-09"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L109-L125"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L109-L125"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "d4b2321a6d0eb0ca8d7c47596af2a45c22b3aef15d1832d64d6588a62cab312a"
 		score = 75
 		quality = 74
@@ -69604,8 +69675,8 @@ rule ESET_Apt_Windows_TA410_X4_Hash_Values : FILE
 		date = "2020-10-09"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L127-L149"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L127-L149"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "bcf3891ff888ca99af9aa0e239b29241ae819022607fb829c5731267add308ea"
 		score = 75
 		quality = 80
@@ -69635,8 +69706,8 @@ rule ESET_Apt_Windows_TA410_X4_Hash_Fct : FILE
 		date = "2020-10-09"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L151-L187"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L151-L187"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "3b2d44cb7685a99e9aeb08f886f6876d43ee99d1e52e40705c3fa97ce3bfa9a0"
 		score = 75
 		quality = 80
@@ -69668,8 +69739,8 @@ rule ESET_Apt_Windows_TA410_Lookback_Decryption : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L189-L254"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L189-L254"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "016dca6be654fcd193acc481e6a998efbb77e7ebd09b26614422be1136dd02c0"
 		score = 75
 		quality = 80
@@ -69743,8 +69814,8 @@ rule ESET_Apt_Windows_TA410_Lookback_Loader : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L256-L309"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L256-L309"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "98390dd664227ad747e5572771d12e7ebd2475d26db27e85508347ac6f44f3bf"
 		score = 75
 		quality = 80
@@ -69807,8 +69878,8 @@ rule ESET_Apt_Windows_TA410_Lookback_Strings : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L311-L331"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L311-L331"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "d17ed604e3691c20fe489f95197b7b802ec951ed13d538fa6643449485b326b2"
 		score = 75
 		quality = 80
@@ -69836,8 +69907,8 @@ rule ESET_Apt_Windows_TA410_Lookback_HTTP : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L333-L349"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L333-L349"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "0e777f56136cd11d62abdf4f120410d5fe9cd522cfc06afbf085414a96279bf7"
 		score = 75
 		quality = 80
@@ -69861,8 +69932,8 @@ rule ESET_Apt_Windows_TA410_Lookback_Magic : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L351-L377"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L351-L377"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "442a08a77fd2db03e507c0d5a32b17ab4e5936a209f7af23ef3c33a4b9f3d0d5"
 		score = 75
 		quality = 80
@@ -69896,8 +69967,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Loader_Strings : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L379-L415"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L379-L415"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "3c90723e009ffe2603910566ac52a324256676ee3ff128d94427681010e10e8b"
 		score = 75
 		quality = 78
@@ -69938,11 +70009,11 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Header_Decryption : FILE
 		description = "Matches the function used to decrypt resources headers in TA410 FlowCloud"
 		author = "ESET Research"
 		id = "403c1845-bc25-5a49-8553-8a0be18d6970"
-		date = "2025-01-07"
+		date = "2025-01-21"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L417-L496"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L417-L496"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "74b6c42bf2de159b2b0a15637e6bd94069367e3000c887714d6e3b50aa3646be"
 		score = 75
 		quality = 80
@@ -69996,8 +70067,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Dll_Hijacking_Strings : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L498-L517"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L498-L517"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "e8082d4216364a12ba395f772b5caed94b3068d26a2b3a97ef711d61a82f65b3"
 		score = 75
 		quality = 80
@@ -70025,8 +70096,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Malicious_Dll_Antianalysis : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L519-L552"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L519-L552"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "8f14352118d32a43c17f70bd753acc48bd314965f10ab97818e8a434bbda96d9"
 		score = 75
 		quality = 80
@@ -70059,8 +70130,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Pdb : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L554-L567"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L554-L567"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "ff95ab0f8e68efe612a6e0d70cebd8bf815d6b5e3877c098ac0761382dc310d6"
 		score = 75
 		quality = 80
@@ -70080,8 +70151,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Shellcode_Decryption : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L569-L615"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L569-L615"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "939ffe6a41c957aa5d6c012484b2deab49a5e71a4b7e203a41c180f872803921"
 		score = 75
 		quality = 80
@@ -70119,8 +70190,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Fcclient_Strings : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L617-L639"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L617-L639"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "c05b7031a5aec1bcf29eca06c010c402edeb24a093a2043dbc21781dff22c7fe"
 		score = 75
 		quality = 80
@@ -70150,8 +70221,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_Fcclientdll_Strings : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L641-L669"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L641-L669"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "3a93f58cf14b57a96157077ec14aa6fb181e3da80f4ba46c0379a58b67c08a0e"
 		score = 75
 		quality = 80
@@ -70187,8 +70258,8 @@ rule ESET_Apt_Windows_TA410_Rootkit_Strings : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L671-L697"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L671-L697"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "1d3ad63508c5e4bca32b9a44b738cb4a7384ccfa5704ce329260adb342ea4e60"
 		score = 75
 		quality = 80
@@ -70223,8 +70294,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_V5_Resources : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L699-L720"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L699-L720"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "58f75dda53c6d4b3d88f464c452d855ac6dc88add5f4fba2641f52e7a1ae00ed"
 		score = 75
 		quality = 80
@@ -70245,8 +70316,8 @@ rule ESET_Apt_Windows_TA410_Flowcloud_V4_Resources : FILE
 		date = "2021-10-12"
 		modified = "2022-04-27"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/ta410/ta410.yar#L722-L741"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/ta410/ta410.yar#L722-L741"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "7b475cfddb5f995f7e8e3293b8e6ae59a9e36143998bc444499b5dce467f8e9d"
 		score = 75
 		quality = 80
@@ -70266,8 +70337,8 @@ rule ESET_Moose_1
 		date = "2015-04-21"
 		modified = "2016-11-01"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/moose/linux-moose.yar#L41-L76"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/moose/linux-moose.yar#L41-L76"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "8bedac80a1f754ce56294ba9786b62a002aacd074f756724401efc61def127e6"
 		score = 75
 		quality = 30
@@ -70311,8 +70382,8 @@ rule ESET_Moose_2
 		date = "2016-10-02"
 		modified = "2016-11-01"
 		reference = "http://www.welivesecurity.com/2016/11/02/linuxmoose-still-breathing/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/moose/linux-moose.yar#L78-L110"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/moose/linux-moose.yar#L78-L110"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "3f50d2d81d4c27e44d93804adcf93971017767ed0e020447cdb343931c2fbc43"
 		score = 75
 		quality = 80
@@ -70354,8 +70425,8 @@ rule ESET_Cw_Windows_Redline_Panel_Tab_Headers : FILE
 		date = "2022-10-11"
 		modified = "2024-11-12"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/redline/redline.yar#L32-L55"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/redline/redline.yar#L32-L55"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		hash = "a154dfaedc237c047f419eb6884dab1ef4e2a17d"
 		logic_hash = "3198aa9df2814a5f1d5568c6eed5f3189b2f72b3928cc97645f9bf57eebab9ac"
 		score = 75
@@ -70386,8 +70457,8 @@ rule ESET_Cw_Windows_Redline_Panel_Distinctive_Strings : FILE
 		date = "2022-10-11"
 		modified = "2024-11-12"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/redline/redline.yar#L57-L77"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/redline/redline.yar#L57-L77"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		hash = "a154dfaedc237c047f419eb6884dab1ef4e2a17d"
 		logic_hash = "7ff0239426c4c3b46a269fad71232295c038c09f276cdc3c7f1142c830260a6d"
 		score = 75
@@ -70414,8 +70485,8 @@ rule ESET_Cw_Windows_Redline_Panel_Prompts : FILE
 		date = "2022-10-11"
 		modified = "2024-11-12"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/redline/redline.yar#L79-L113"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/redline/redline.yar#L79-L113"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		hash = "a154dfaedc237c047f419eb6884dab1ef4e2a17d"
 		logic_hash = "0dfab05a9383ba13b3c610f1ab0c81e95804470002f27171ab39706f7723983a"
 		score = 75
@@ -70457,8 +70528,8 @@ rule ESET_Cw_Windows_Redline_Panel_Status_Message_Strings : FILE
 		date = "2022-10-11"
 		modified = "2024-11-12"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/redline/redline.yar#L115-L142"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/redline/redline.yar#L115-L142"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		hash = "a154dfaedc237c047f419eb6884dab1ef4e2a17d"
 		logic_hash = "c60fabc81967b083be72ff564af744ab60441de5d563ea6d88d873c0a99bfbdd"
 		score = 75
@@ -70493,8 +70564,8 @@ rule ESET_Cw_Windows_Redline_Panel_Commands : FILE
 		date = "2022-10-11"
 		modified = "2024-11-12"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/redline/redline.yar#L144-L172"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/redline/redline.yar#L144-L172"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		hash = "a154dfaedc237c047f419eb6884dab1ef4e2a17d"
 		logic_hash = "724516101264aa89259e847e4703d4eb993f330f82bd2df2433176b11d0c8974"
 		score = 75
@@ -70531,8 +70602,8 @@ rule ESET_Beds_Plugin
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/stantinko/stantinko.yar#L34-L51"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/stantinko/stantinko.yar#L34-L51"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "024cb91288f133e4cdf5993ac0477de6de76d38fa06f7affa348c6a28a4600da"
 		score = 75
 		quality = 80
@@ -70555,8 +70626,8 @@ rule ESET_Beds_Dropper
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/stantinko/stantinko.yar#L53-L67"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/stantinko/stantinko.yar#L53-L67"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "4b5d121e182e3fddd766a7a1227c5de273995e9336156e7a6e8a17faad681bea"
 		score = 75
 		quality = 80
@@ -70578,8 +70649,8 @@ rule ESET_Facebook_Bot : FILE
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/stantinko/stantinko.yar#L69-L100"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/stantinko/stantinko.yar#L69-L100"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "8ea779f90fa6080398403e3e6f9d342360c35e93c756ed43cb699f090106504e"
 		score = 75
 		quality = 55
@@ -70618,8 +70689,8 @@ rule ESET_Pds_Plugins : FILE
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/stantinko/stantinko.yar#L102-L130"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/stantinko/stantinko.yar#L102-L130"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "26bbd380b72fb45206178639d67c8737b9984b140ba1048432949e159946c847"
 		score = 75
 		quality = 80
@@ -70656,8 +70727,8 @@ rule ESET_Stantinko_Pdb
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/stantinko/stantinko.yar#L132-L148"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/stantinko/stantinko.yar#L132-L148"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "902c0ee086ce1a8def831d2f30c868165198c6c304faac3a93116a524f8e2fbf"
 		score = 75
 		quality = 80
@@ -70682,8 +70753,8 @@ rule ESET_Stantinko_Droppers : FILE
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/stantinko/stantinko.yar#L150-L170"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/stantinko/stantinko.yar#L150-L170"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "c56fc85834a3e1bb1c14da37fb509c7de3009bf81d52800fe0093dc489f6deaa"
 		score = 75
 		quality = 80
@@ -70710,8 +70781,8 @@ rule ESET_Stantinko_D3D
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/stantinko/stantinko.yar#L172-L187"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/stantinko/stantinko.yar#L172-L187"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "4e8da3f11df15e4aa469db62961ae390c4c4df2a5335eec0bdab19b14cc8343d"
 		score = 75
 		quality = 80
@@ -70733,8 +70804,8 @@ rule ESET_Stantinko_Ihctrl32
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/stantinko/stantinko.yar#L189-L209"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/stantinko/stantinko.yar#L189-L209"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "1829e08fb2289f738d0e75ad9977169e9a94379da764b1766f23fa47e8bc2543"
 		score = 75
 		quality = 80
@@ -70763,8 +70834,8 @@ rule ESET_Stantinko_Wsaudio
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/stantinko/stantinko.yar#L211-L233"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/stantinko/stantinko.yar#L211-L233"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "45d92f1475f316ba50a9a4a3dd519d1186ed16c68bd2debe326736a1e3154562"
 		score = 75
 		quality = 80
@@ -70792,8 +70863,8 @@ rule ESET_Stantinko_Ghstore
 		date = "2017-07-17"
 		modified = "2017-07-20"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/stantinko/stantinko.yar#L235-L255"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/stantinko/stantinko.yar#L235-L255"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "e5628d6ffb2d3684264b3a88c4d7b5d2ce8983aa22badf5839ccb8ba2e3ef2d4"
 		score = 75
 		quality = 80
@@ -70822,8 +70893,8 @@ rule ESET_IIS_Group02
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/badiis/badiis.yar#L134-L155"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/badiis/badiis.yar#L134-L155"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "3fa2b8fed3c580f446b55412a920a5cfed2317b06aa93d059e9f89fdbec8f683"
 		score = 75
 		quality = 76
@@ -70851,8 +70922,8 @@ rule ESET_IIS_Group03
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/badiis/badiis.yar#L157-L176"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/badiis/badiis.yar#L157-L176"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "d811c2ac610780bf968e86e8fd302cffc9434902e547399d06fdeb30d1719f51"
 		score = 75
 		quality = 80
@@ -70878,8 +70949,8 @@ rule ESET_IIS_Group04_Rgdoor
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/badiis/badiis.yar#L178-L199"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/badiis/badiis.yar#L178-L199"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "be615dc0cc8bf0fd52cc5a88a3759c1cb1cd18703de74d16f5cce3eabccf91c6"
 		score = 75
 		quality = 80
@@ -70906,8 +70977,8 @@ rule ESET_IIS_Group05_Iistealer
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/badiis/badiis.yar#L201-L232"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/badiis/badiis.yar#L201-L232"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "5dff445121fda59df805d6fcb5db3f8f8e52a6e63e2da2a6875f8c9ad9cafc72"
 		score = 75
 		quality = 80
@@ -70941,8 +71012,8 @@ rule ESET_IIS_Group06_ISN
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/badiis/badiis.yar#L234-L259"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/badiis/badiis.yar#L234-L259"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "2f59034a642a9b92fc88922433cd5923be02332159cba5e16d99d9523ed43205"
 		score = 75
 		quality = 80
@@ -70973,8 +71044,8 @@ rule ESET_IIS_Group07_Iispy
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/badiis/badiis.yar#L261-L296"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/badiis/badiis.yar#L261-L296"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "ec5db5f36d06f9b0bdfe598fc72431da35afc1473dcc29f437a0f48ea9835a03"
 		score = 75
 		quality = 80
@@ -71011,8 +71082,8 @@ rule ESET_IIS_Group08
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/badiis/badiis.yar#L298-L337"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/badiis/badiis.yar#L298-L337"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "d5826d454d25ecbbb5da464da974023a247517d873cf10dc0eafa91e185451da"
 		score = 75
 		quality = 53
@@ -71057,8 +71128,8 @@ rule ESET_IIS_Group09
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/badiis/badiis.yar#L339-L387"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/badiis/badiis.yar#L339-L387"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "5f89f9488221b8db8d493b3c23b7f5edd957c15511148eca890558886c128192"
 		score = 75
 		quality = 76
@@ -71111,8 +71182,8 @@ rule ESET_IIS_Group10
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/badiis/badiis.yar#L389-L423"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/badiis/badiis.yar#L389-L423"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "48701168d7da726222227ef757f1a4005a49c0bf300123319ce03db09445b3ef"
 		score = 75
 		quality = 80
@@ -71152,8 +71223,8 @@ rule ESET_IIS_Group11
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/badiis/badiis.yar#L425-L455"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/badiis/badiis.yar#L425-L455"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "a67b6b49b5fc2c7f260c06201c59478f5472de63091c510af82d526c410abb0c"
 		score = 75
 		quality = 80
@@ -71182,8 +71253,8 @@ rule ESET_IIS_Group12
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/badiis/badiis.yar#L457-L495"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/badiis/badiis.yar#L457-L495"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "8da03328e3702aff8ea5de77fc220f326030c31972d27c0bd9b5918dca550aba"
 		score = 75
 		quality = 78
@@ -71226,8 +71297,8 @@ rule ESET_IIS_Group13_Iiserpent
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/badiis/badiis.yar#L497-L523"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/badiis/badiis.yar#L497-L523"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "7077b842c53ee1581ad4150cdfaac3502bfc0fbd3b823190ad648e09f36e442d"
 		score = 75
 		quality = 80
@@ -71260,8 +71331,8 @@ rule ESET_IIS_Group14
 		date = "2021-08-04"
 		modified = "2021-08-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/badiis/badiis.yar#L525-L552"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/badiis/badiis.yar#L525-L552"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "ef10a4dfb1a9164533677416a7c9ada715ce10bfc1e5f92b56cf54bd890d4575"
 		score = 75
 		quality = 80
@@ -71293,8 +71364,8 @@ rule ESET_Keydnap_Downloader
 		date = "2016-07-06"
 		modified = "2016-07-06"
 		reference = "http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-is-hungry-for-credentials"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/keydnap/keydnap.yar#L33-L49"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/keydnap/keydnap.yar#L33-L49"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "71c8885193a92fa9c71055c37e629a54d50070cf6820b9216a824ecc4db2ce3c"
 		score = 75
 		quality = 80
@@ -71318,8 +71389,8 @@ rule ESET_Keydnap_Backdoor_Packer
 		date = "2016-07-06"
 		modified = "2016-07-06"
 		reference = "http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-is-hungry-for-credentials"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/keydnap/keydnap.yar#L51-L67"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/keydnap/keydnap.yar#L51-L67"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "b1740bf38376be81d3b42306c2ce81f578c0b5c9db804f063836bf98f57ed147"
 		score = 75
 		quality = 80
@@ -71343,8 +71414,8 @@ rule ESET_Keydnap_Backdoor
 		date = "2016-07-06"
 		modified = "2016-07-06"
 		reference = "http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-is-hungry-for-credentials"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/keydnap/keydnap.yar#L69-L86"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/keydnap/keydnap.yar#L69-L86"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "fa209577a562ef9088d3ad3df3fbc0edda96f09d19177842f0ddea42c658f530"
 		score = 75
 		quality = 80
@@ -71370,8 +71441,8 @@ rule ESET_Mumblehard_Packer
 		date = "2015-04-07"
 		modified = "2015-05-01"
 		reference = "http://www.welivesecurity.com"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/mumblehard/mumblehard_packer.yar#L32-L47"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/mumblehard/mumblehard_packer.yar#L32-L47"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "a04f50a7054c4ce8ad9be4e7f3373ad4f36eb9443e223601974e852c25603f5f"
 		score = 75
 		quality = 80
@@ -71395,8 +71466,8 @@ rule ESET_Prikormka
 		date = "2016-05-10"
 		modified = "2019-08-28"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/groundbait/prikormka.yar#L130-L141"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/groundbait/prikormka.yar#L130-L141"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "f64195e680fbaefedba248aa15b37ed30ba72f42958cc48963a140165e951bff"
 		score = 75
 		quality = 80
@@ -71418,8 +71489,8 @@ rule ESET_Potao
 		date = "2015-07-29"
 		modified = "2015-07-30"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/potao/PotaoNew.yara#L96-L108"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/potao/PotaoNew.yara#L96-L108"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "c68addb14f7c22cec0c4d58bfffd373b2e3eb5c53a5b65532c84574e073fcbba"
 		score = 75
 		quality = 80
@@ -71442,8 +71513,8 @@ rule ESET_Gazer_Certificate_Subject
 		date = "2017-08-30"
 		modified = "2017-08-29"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/turla/gazer.yar#L33-L46"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/turla/gazer.yar#L33-L46"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "6e870c9cdcee33769162de62ea143ff401af50b22a63d2f212c44d06f5771dec"
 		score = 75
 		quality = 80
@@ -71463,8 +71534,8 @@ rule ESET_Gazer_Certificate : FILE
 		date = "2017-08-30"
 		modified = "2017-08-29"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/turla/gazer.yar#L48-L65"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/turla/gazer.yar#L48-L65"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "eb3afbaefd23d4fc6ded494d3378dc910a0832b160e733ab79c590128dd74cea"
 		score = 75
 		quality = 80
@@ -71488,8 +71559,8 @@ rule ESET_Gazer_Logfile_Name : FILE
 		date = "2017-08-30"
 		modified = "2017-08-29"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/turla/gazer.yar#L67-L85"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/turla/gazer.yar#L67-L85"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "b50553f4b4b07f124e5bd390e7dc8ac6b60a8ef185f3bc227894f957d6483478"
 		score = 75
 		quality = 80
@@ -71514,8 +71585,8 @@ rule ESET_Generic_Carbon : FILE
 		date = "2017-03-30"
 		modified = "2017-03-30"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/turla/carbon.yar#L33-L51"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/turla/carbon.yar#L33-L51"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "6481ccafb7c7c78bc52d01881cb96f3aa6209fdd35e090bdc9d5f5105b4e38ea"
 		score = 75
 		quality = 80
@@ -71541,8 +71612,8 @@ rule ESET_Carbon_Metadata
 		date = "2017-03-30"
 		modified = "2017-03-30"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/turla/carbon.yar#L53-L69"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/turla/carbon.yar#L53-L69"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "81b59e9566f3b3356acf12dadb80abdcbee28e0b1a9efead66fcb95bf6fc1aa5"
 		score = 75
 		quality = 80
@@ -71562,8 +71633,8 @@ rule ESET_Turla_Outlook_Gen
 		date = "2018-05-09"
 		modified = "2018-09-05"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/turla/turla-outlook.yar#L42-L74"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/turla/turla-outlook.yar#L42-L74"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "f709e517e9d957775601670c426cc9def1c4104cb1ff647d269800d2af4372c7"
 		score = 75
 		quality = 78
@@ -71605,8 +71676,8 @@ rule ESET_Turla_Outlook_Filenames
 		date = "2018-08-22"
 		modified = "2018-09-05"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/turla/turla-outlook.yar#L76-L91"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/turla/turla-outlook.yar#L76-L91"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "3be86c9325de6634c032321beed131fdf1e1952afcb43258fb202d0097610501"
 		score = 75
 		quality = 80
@@ -71631,8 +71702,8 @@ rule ESET_Turla_Outlook_Log
 		date = "2018-08-22"
 		modified = "2018-09-05"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/turla/turla-outlook.yar#L93-L107"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/turla/turla-outlook.yar#L93-L107"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "e7dc00c33a643c0940aaea2096d099192b27df3c81c518f1dc2b3d45a0a74312"
 		score = 75
 		quality = 80
@@ -71656,8 +71727,8 @@ rule ESET_Turla_Outlook_Exports
 		date = "2018-08-22"
 		modified = "2018-09-05"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/turla/turla-outlook.yar#L109-L125"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/turla/turla-outlook.yar#L109-L125"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "a961fdb43ea1e99b308f55b8f5e264b1f3fa817eaf463d512e2ad8b98a18ee99"
 		score = 75
 		quality = 80
@@ -71677,8 +71748,8 @@ rule ESET_Apt_Windows_Invisimole_Logs : FILE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/invisimole/invisimole.yar#L54-L77"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/invisimole/invisimole.yar#L54-L77"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "d42423ccc768f1823c76d5cb2aec26434c796fc35bd4e2fbf435fcf7997d3ff0"
 		score = 75
 		quality = 80
@@ -71698,8 +71769,8 @@ rule ESET_Apt_Windows_Invisimole_SFX_Dropper : FILE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/invisimole/invisimole.yar#L79-L95"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/invisimole/invisimole.yar#L79-L95"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "6ca248d42c1e889988e5931d80df071cb20e623fb0c4a208044cabe073f71ce4"
 		score = 75
 		quality = 80
@@ -71722,8 +71793,8 @@ rule ESET_Apt_Windows_Invisimole_CPL_Loader : FILE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/invisimole/invisimole.yar#L97-L118"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/invisimole/invisimole.yar#L97-L118"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "cd5c19e14faa7fd3758b30193ccf2bed3692ad29d8216466523ca25d2abcfe88"
 		score = 75
 		quality = 80
@@ -71753,8 +71824,8 @@ rule ESET_Apt_Windows_Invisimole_Wrapper_DLL
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/invisimole/invisimole.yar#L120-L138"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/invisimole/invisimole.yar#L120-L138"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "156bc5bc7b0ed5c77a5a15e7799a3077d40150896476a60935cf21a9afe36856"
 		score = 75
 		quality = 80
@@ -71774,8 +71845,8 @@ rule ESET_Apt_Windows_Invisimole_DNS_Downloader : FILE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/invisimole/invisimole.yar#L140-L170"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/invisimole/invisimole.yar#L140-L170"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "88d6ed7ec1331153d19afc18473a4be2b214ad8af29fcf7051a2a8e40e088231"
 		score = 75
 		quality = 80
@@ -71811,8 +71882,8 @@ rule ESET_Apt_Windows_Invisimole_RC2CL_Backdoor : FILE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/invisimole/invisimole.yar#L172-L213"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/invisimole/invisimole.yar#L172-L213"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "c38550023515d33eaaf0669cc8b874bcfd09653a07c7edbf72e3344d1cf31541"
 		score = 75
 		quality = 78
@@ -71856,8 +71927,8 @@ rule ESET_Apt_Windows_Invisimole : FILE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/invisimole/invisimole.yar#L215-L255"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/invisimole/invisimole.yar#L215-L255"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "7a2cff9febe77d718089ba4e1a33f3487594588892e418cec685bf22b156fa2b"
 		score = 75
 		quality = 80
@@ -71888,8 +71959,8 @@ rule ESET_Apt_Windows_Invisimole_C2 : FILE
 		date = "2021-05-17"
 		modified = "2021-05-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/invisimole/invisimole.yar#L257-L297"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/invisimole/invisimole.yar#L257-L297"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "aff8456ce7a9ebe875c02e51c09b77ee7b1fddfc11d4ad236e12c8c5240a01a8"
 		score = 75
 		quality = 78
@@ -71936,8 +72007,8 @@ rule ESET_Kobalos
 		date = "2020-11-02"
 		modified = "2021-02-01"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/kobalos/kobalos.yar#L32-L56"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/kobalos/kobalos.yar#L32-L56"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "9161d22f9fbb1700dc3121e32104240e34512cb280aaf950aec61513f89061ef"
 		score = 75
 		quality = 80
@@ -71968,8 +72039,8 @@ rule ESET_Kobalos_Ssh_Credential_Stealer
 		date = "2020-11-02"
 		modified = "2021-02-01"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/kobalos/kobalos.yar#L58-L73"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/kobalos/kobalos.yar#L58-L73"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "be238f5c2cc976a5638584a8c0fc580f2076735aadfe374e8d4162ba723bce10"
 		score = 75
 		quality = 80
@@ -71993,8 +72064,8 @@ rule ESET_Richheaders_Lazarus_Nukesped_Iconicpayloads_3CX_Q12023
 		date = "2023-03-31"
 		modified = "2023-04-19"
 		reference = "https://github.com/eset/malware-ioc"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/nukesped_lazarus/rich_headers_IconicPayloads_3CX.yar#L6-L23"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/nukesped_lazarus/rich_headers_IconicPayloads_3CX.yar#L6-L23"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		hash = "3b88cda62cdd918b62ef5aa8c5a73a46f176d18b"
 		hash = "cad1120d91b812acafef7175f949dd1b09c6c21a"
 		hash = "5b03294b72c0caa5fb20e7817002c600645eb475"
@@ -72017,8 +72088,8 @@ rule ESET_Sparklinggoblin_Chacha20Loader_Richheader
 		date = "2021-03-30"
 		modified = "2021-08-26"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/sparklinggoblin/SparklingGoblin.yar#L33-L57"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/sparklinggoblin/SparklingGoblin.yar#L33-L57"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		hash = "09ffe37a54bc4ebebd8d56098e4c76232f35d821"
 		hash = "29b147b76bb0d9e09f7297487cb972e6a2905586"
 		hash = "33f2c3de2457b758fc5824a2b253ad7c7c2e9e37"
@@ -72044,8 +72115,8 @@ rule ESET_Sparklinggoblin_Chacha20 : FILE
 		date = "2021-05-20"
 		modified = "2021-08-26"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/sparklinggoblin/SparklingGoblin.yar#L59-L368"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/sparklinggoblin/SparklingGoblin.yar#L59-L368"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		hash = "2edbea43f5c40c867e5b6bbd93cc972525df598b"
 		hash = "b6d245d3d49b06645c0578804064ce0c072cbe0f"
 		hash = "8be6d5f040d0085c62b1459afc627707b0de89cf"
@@ -72355,8 +72426,8 @@ rule ESET_Sparklinggoblin_Etweventwrite
 		date = "2021-05-20"
 		modified = "2021-08-26"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/sparklinggoblin/SparklingGoblin.yar#L370-L463"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/sparklinggoblin/SparklingGoblin.yar#L370-L463"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		hash = "2edbea43f5c40c867e5b6bbd93cc972525df598b"
 		hash = "b6d245d3d49b06645c0578804064ce0c072cbe0f"
 		hash = "8be6d5f040d0085c62b1459afc627707b0de89cf"
@@ -72451,8 +72522,8 @@ rule ESET_Sparklinggoblin_Mutex
 		date = "2021-05-20"
 		modified = "2021-08-26"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/sparklinggoblin/SparklingGoblin.yar#L465-L489"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/sparklinggoblin/SparklingGoblin.yar#L465-L489"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		hash = "2edbea43f5c40c867e5b6bbd93cc972525df598b"
 		hash = "b6d245d3d49b06645c0578804064ce0c072cbe0f"
 		hash = "8be6d5f040d0085c62b1459afc627707b0de89cf"
@@ -72482,8 +72553,8 @@ rule ESET_Libkeyutils_With_Ctor
 		date = "2024-02-01"
 		modified = "2024-04-29"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/windigo/ebury.yar#L3-L54"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/windigo/ebury.yar#L3-L54"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		hash = "e7debd6e453192ad8376db5bab03ed0d87566591"
 		logic_hash = "c6172aebc67a05fb044b0450aafcc71c7d1fd2831985587d1a9ad53f59e14214"
 		score = 40
@@ -72507,8 +72578,8 @@ rule ESET_Ebury_V1_7_Crypto
 		date = "2023-08-01"
 		modified = "2024-04-29"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/windigo/ebury.yar#L56-L97"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/windigo/ebury.yar#L56-L97"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		hash = "e7debd6e453192ad8376db5bab03ed0d87566591"
 		logic_hash = "41908951069a472d7528f2f228f3681f008d16a0436e341d339909efc4933e66"
 		score = 75
@@ -72553,8 +72624,8 @@ rule ESET_Onimiki : LINUX_ONIMIKI
 		date = "2014-02-06"
 		modified = "2014-04-04"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/windigo/windigo-onimiki.yar#L32-L59"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/windigo/windigo-onimiki.yar#L32-L59"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "eac30f5c9a9606d1d0e14c55e0532c54976fbb0d2e4f5cd2d9f719b77e07161a"
 		score = 75
 		quality = 80
@@ -72587,8 +72658,8 @@ rule ESET_Mozi_Killswitch : FILE
 		date = "2023-09-29"
 		modified = "2023-10-31"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/mozi/mozi.yar#L32-L51"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/mozi/mozi.yar#L32-L51"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "90eaed2f7f5595b145b2678a46ef6179082192215369fa9235024b0ce1574a49"
 		score = 75
 		quality = 80
@@ -72614,8 +72685,8 @@ rule ESET_Linux_Rakos
 		date = "2016-12-13"
 		modified = "2016-12-19"
 		reference = "http://www.welivesecurity.com/2016/12/20/new-linuxrakos-threat-devices-servers-ssh-scan/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/rakos/rakos.yar#L33-L53"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/rakos/rakos.yar#L33-L53"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "79a02ada56bf75c5f178b58822eb905977cace3483453ea8cf4dfc32f6b6c30d"
 		score = 75
 		quality = 80
@@ -72642,8 +72713,8 @@ rule ESET_Dino
 		date = "2015-07-14"
 		modified = "2015-08-17"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/animalfarm/animalfarm.yar#L73-L96"
-		license_url = "https://github.com/eset/malware-ioc/blob/1aeef9e3439fcf712bb549ed2b6a5c09c6de0b13/LICENSE"
+		source_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/animalfarm/animalfarm.yar#L73-L96"
+		license_url = "https://github.com/eset/malware-ioc/blob/ce59e9b9aa3b50c66675392b71a93c4854de8c2b/LICENSE"
 		logic_hash = "898e527eb8b05050135dee7cbe974100710a1a3a6a5cb8eb03563ee1c0aca01f"
 		score = 75
 		quality = 80
@@ -72670,7 +72741,7 @@ rule ESET_Dino
  * YARA Rule Set
  * Repository Name: FireEye-RT
  * Repository: https://github.com/mandiant/red_team_tool_countermeasures/
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 3561b71724dbfa3e2bb78106aaa2d7f8b892c43b
  * Number of Rules: 167
  * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
@@ -74312,7 +74383,7 @@ rule FIREEYE_RT_APT_Builder_PY_MATRYOSHKA_1
 		hash = "25a97f6dba87ef9906a62c1a305ee1dd"
 		logic_hash = "71b26f4b319429ac356b55d22bccd1da85894d61f8c96452422de78d2d893420"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = ""
 		rev = 1
 
@@ -74478,7 +74549,7 @@ rule FIREEYE_RT_Hacktool_PY_Impacketobfuscation_1
 		hash = "0b1e512afe24c31531d6db6b47bac8ee"
 		logic_hash = "45a4c0426b29b8c8bede9c4e8292131da7e756d48fc3ac4a07d08fd52383d21e"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = ""
 		rev = 1
 
@@ -74555,7 +74626,7 @@ rule FIREEYE_RT_FE_APT_Loader_MSIL_REVOLVER_1 : FILE
 		license_url = "https://github.com/mandiant/red_team_tool_countermeasures//blob/3561b71724dbfa3e2bb78106aaa2d7f8b892c43b/LICENSE.txt"
 		logic_hash = "1231f4c961dec122ebcb142052c2c7c03acf9b556cdb71a3efabde6bcf50a939"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -74763,7 +74834,7 @@ rule FIREEYE_RT_Hacktool_PY_Impacketobfuscation_2
 		hash = "f3dd8aa567a01098a8a610529d892485"
 		logic_hash = "ccbbe507798f16c7acf0780770fdb81b2e7dc333ab8bc51e6216816276c3f14b"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = ""
 		rev = 2
 
@@ -75575,7 +75646,7 @@ rule FIREEYE_RT_Hacktool_MSIL_Puppyhound_1 : FILE
 		hash = "eeedc09570324767a3de8205f66a5295"
 		logic_hash = "39073bbfef15ecd28c1772e5d01e54c3d5774ecb4c90f0076bda5dc400abacba"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		rev = 6
 
@@ -75650,7 +75721,7 @@ rule FIREEYE_RT_Loader_MSIL_DUEDLLIGENCE_2 : FILE
 		license_url = "https://github.com/mandiant/red_team_tool_countermeasures//blob/3561b71724dbfa3e2bb78106aaa2d7f8b892c43b/LICENSE.txt"
 		logic_hash = "5a2e0559e3b47c1957a42929fbbeba7a53c21619125381b01dcd8453b6ec4802"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -75674,7 +75745,7 @@ rule FIREEYE_RT_Loader_MSIL_DUEDLLIGENCE_3 : FILE
 		license_url = "https://github.com/mandiant/red_team_tool_countermeasures//blob/3561b71724dbfa3e2bb78106aaa2d7f8b892c43b/LICENSE.txt"
 		logic_hash = "41cc6a4c7765b1e5e88d12660b69e434c83938ca974b9ccf6545b4dd5dd78378"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -75723,7 +75794,7 @@ rule FIREEYE_RT_Loader_MSIL_DUEDLLIGENCE_1 : FILE
 		license_url = "https://github.com/mandiant/red_team_tool_countermeasures//blob/3561b71724dbfa3e2bb78106aaa2d7f8b892c43b/LICENSE.txt"
 		logic_hash = "56237d686b954950849adeedc87d5f9fbff2335a0ff033ba8571b3e3b93f587c"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -76170,7 +76241,7 @@ rule FIREEYE_RT_APT_Loader_Win_PGF_1 : FILE
 		hash = "013c7708f1343d684e3571453261b586"
 		logic_hash = "9dede268d33a38e980026917bd01bc47a72bfe60ba4a999c91eb727a2f377462"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 		rev = 6
 
@@ -76444,7 +76515,7 @@ rule FIREEYE_RT_APT_Loader_MSIL_LUALOADER_2 : FILE
 		license_url = "https://github.com/mandiant/red_team_tool_countermeasures//blob/3561b71724dbfa3e2bb78106aaa2d7f8b892c43b/LICENSE.txt"
 		logic_hash = "700927768669eda6976071306e991bfaae136279f4265980521597c699fbed88"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -76473,7 +76544,7 @@ rule FIREEYE_RT_APT_Loader_MSIL_LUALOADER_1 : FILE
 		license_url = "https://github.com/mandiant/red_team_tool_countermeasures//blob/3561b71724dbfa3e2bb78106aaa2d7f8b892c43b/LICENSE.txt"
 		logic_hash = "2d73d434ac39ebde990aca817a54208cd04bfbce33f1bcadcf48a50d9389658c"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -77368,7 +77439,7 @@ rule FIREEYE_RT_APT_Loader_Win32_Dshell_3 : FILE
  * YARA Rule Set
  * Repository Name: GCTI
  * Repository: https://github.com/chronicle/GCTI
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 1c5fd42b1895098527fde00c2d9757edf6b303bb
  * Number of Rules: 90
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -80585,7 +80656,7 @@ rule GCTI_Sliver_Implant_32Bit
  * YARA Rule Set
  * Repository Name: Malpedia
  * Repository: https://github.com/malpedia/signator-rules/
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 6558c417dcf07146b1309b6acde6be0aa96dea10
  * Number of Rules: 1468
  * Skipped: 0 (age), 16 (quality), 0 (score), 0 (importance)
@@ -141609,10 +141680,10 @@ rule MALPEDIA_Win_Mokes_Auto : FILE
  * YARA Rule Set
  * Repository Name: Trellix ARC
  * Repository: https://github.com/advanced-threat-research/Yara-Rules/
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 1919562a59f190bda60c982424f6a24c542ee3e0
- * Number of Rules: 163
- * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
+ * Number of Rules: 164
+ * Skipped: 0 (age), 3 (quality), 0 (score), 0 (importance)
  *
  *
  * LICENSE
@@ -143323,7 +143394,7 @@ rule TRELLIX_ARC_Anatova_Ransomware : RANSOMWARE FILE
 		hash = "97fb79ca6fc5d24384bf5ae3d01bf5e77f1d2c0716968681e79c097a7d95fb93"
 		logic_hash = "4fce15ad0ef2d3cb39f6092677f117308f847815cb2a5a491290a1f9d09776df"
 		score = 75
-		quality = 45
+		quality = 70
 		tags = "RANSOMWARE, FILE"
 		rule_version = "v1"
 		malware_type = "ransomware"
@@ -147218,6 +147289,36 @@ rule TRELLIX_ARC_Alina_POS_PDB : POS FILE
 	condition:
 		uint16( 0 ) == 0x5a4d and filesize < 100KB and any of them
 }
+rule TRELLIX_ARC_Vbs_Mykins_Botnet : BOTNET FILE
+{
+	meta:
+		description = "Rule to detect the VBS files used in Mykins botnet"
+		author = "Marc Rivero | McAfee ATR Team"
+		id = "de0e5284-41c2-5baf-99f5-23ef27d6ed91"
+		date = "2018-01-24"
+		modified = "2020-08-14"
+		reference = "https://blog.netlab.360.com/mykings-the-botnet-behind-multiple-active-spreading-botnets/"
+		source_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/1919562a59f190bda60c982424f6a24c542ee3e0/malware/MALW_vbs_mykins_botnet.yar#L1-L29"
+		license_url = "https://github.com/advanced-threat-research/Yara-Rules//blob/1919562a59f190bda60c982424f6a24c542ee3e0/LICENSE"
+		logic_hash = "ee48a2961e40c6be96b007794f585547ef337a46ca003152f15470069e2d2580"
+		score = 60
+		quality = 40
+		tags = "BOTNET, FILE"
+		rule_version = "v1"
+		malware_type = "botnet"
+		malware_family = "Botnet:W32/MyKins"
+		actor_type = "Cybercrime"
+		actor_group = "Unknown"
+
+	strings:
+		$s1 = "fso.DeleteFile(WScript.ScriptFullName)" fullword ascii
+		$s2 = "Set ws = CreateObject(\"Wscript.Shell\")" fullword ascii
+		$s3 = "Set fso = CreateObject(\"Scripting.Filesystemobject\")" fullword ascii
+		$r = /Windows\\ime|web|inf|\\c[0-9].bat/
+
+	condition:
+		uint16( 0 ) == 0x6553 and filesize < 1KB and any of ( $s* ) and $r
+}
 rule TRELLIX_ARC_Malw_Likseput_Backdoor_Pdb : BACKDOOR FILE
 {
 	meta:
@@ -147503,7 +147604,7 @@ rule TRELLIX_ARC_STEALER_Emirates_Statement : STEALER
  * YARA Rule Set
  * Repository Name: Arkbird SOLG
  * Repository: https://github.com/StrangerealIntel/DailyIOC
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: a873ff1298c43705e9c67286f3014f4300dd04f7
  * Number of Rules: 215
  * Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance)
@@ -154612,7 +154713,7 @@ rule ARKBIRD_SOLG_TA505_Maldoc_21Nov_2 : FILE
  * YARA Rule Set
  * Repository Name: Telekom Security
  * Repository: https://github.com/telekom-security/malware_analysis/
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: bf832d97e8fd292ec5e095e35bde992a6462e71c
  * Number of Rules: 12
  * Skipped: 0 (age), 5 (quality), 0 (score), 0 (importance)
@@ -154980,8 +155081,8 @@ rule TELEKOM_SECURITY_Win_Iceid_Core_202104 : FILE
  * YARA Rule Set
  * Repository Name: Volexity
  * Repository: https://github.com/volexity/threat-intel
- * Retrieval Date: 2025-09-07
- * Git Commit: 1ef34c2e4704d1e6e6768c2d6800863bbae05a0d
+ * Retrieval Date: 2025-09-21
+ * Git Commit: 809e5e28363540d57393bd4362af89066b1f2fbf
  * Number of Rules: 85
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
  *
@@ -155007,8 +155108,8 @@ rule VOLEXITY_Apt_Malware_Win_Avburner : DEVIOUSBAMBOO FILE MEMORY
 		date = "2023-01-02"
 		modified = "2024-08-16"
 		reference = "https://www.trendmicro.com/en_us/research/22/k/hack-the-real-box-apt41-new-subgroup-earth-longzhi.html"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-03-07 AVBurner/yara.yar#L1-L40"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-03-07 AVBurner/yara.yar#L1-L40"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		hash = "4b1b1a1293ccd2c0fd51075de9376ebb55ab64972da785153fcb0a4eb523a5eb"
 		logic_hash = "56ff6c8a4b737959a1219699a0457de1f0c34fead4299033840fb23c56a0caad"
 		score = 75
@@ -155050,8 +155151,8 @@ rule VOLEXITY_Apt_Win_Powerstar_Persistence_Batch : CHARMINGKITTEN
 		date = "2023-05-16"
 		modified = "2023-09-20"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L1-L19"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L1-L19"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "9c3a45b759516959eae1cdf8e73bf540b682c90359a6232aa4782a8d1fe15b7d"
 		score = 75
 		quality = 80
@@ -155079,8 +155180,8 @@ rule VOLEXITY_Apt_Win_Powerstar_Memonly : CHARMINGKITTEN
 		date = "2023-05-16"
 		modified = "2023-09-20"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L20-L65"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L20-L65"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "d790ff204e4e8adeb3e887d9ebce743e958b523c48317d017487b1b0c6aebc11"
 		score = 75
 		quality = 78
@@ -155130,8 +155231,8 @@ rule VOLEXITY_Apt_Win_Powerstar_Logmessage : CHARMINGKITTEN
 		date = "2023-05-16"
 		modified = "2023-09-20"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L66-L79"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L66-L79"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "539c9a8b3de24f2c8058d204900344756a8031822ebebc312612b8fb8422e341"
 		score = 75
 		quality = 80
@@ -155154,8 +155255,8 @@ rule VOLEXITY_Apt_Win_Powerstar_Lnk : CHARMINGKITTEN
 		date = "2023-05-16"
 		modified = "2023-09-20"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L80-L97"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L80-L97"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "da53aeaf69e80f697068779f4741b8c23cff82dd1bfb0640916a1bcc98c4892f"
 		score = 75
 		quality = 80
@@ -155181,8 +155282,8 @@ rule VOLEXITY_Apt_Win_Powerstar_Decrypt_Function : CHARMINGKITTEN
 		date = "2023-05-16"
 		modified = "2023-09-20"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L98-L121"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L98-L121"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "d022e363464488836a1c161f2b9c7463ac91ae6f60f14dfd574189233201c9aa"
 		score = 75
 		quality = 80
@@ -155212,8 +155313,8 @@ rule VOLEXITY_Apt_Win_Powerstar : CHARMINGKITTEN
 		date = "2021-10-13"
 		modified = "2023-09-20"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L122-L150"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-06-28 POWERSTAR/indicators/rules.yar#L122-L150"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "2cbf59eaee60a8f84b1ac35cec3b01592a2a0f56c92a2db218bb26a15be24bf3"
 		score = 75
 		quality = 80
@@ -155244,8 +155345,8 @@ rule VOLEXITY_Apt_Ico_Uta0040_B64_C2 : UTA0040 FILE
 		date = "2023-03-30"
 		modified = "2023-03-30"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-03-30 3CX/indicators/rules.yar#L1-L31"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-03-30 3CX/indicators/rules.yar#L1-L31"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "2667a36ce151c6e964f9ce9a6f587eedbffdd6ec76e451a23c5cfdd08248d15e"
 		score = 75
 		quality = 80
@@ -155270,8 +155371,8 @@ rule VOLEXITY_Apt_Mac_Iconic : UTA0040
 		date = "2023-03-30"
 		modified = "2023-03-30"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-03-30 3CX/indicators/rules.yar#L32-L50"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-03-30 3CX/indicators/rules.yar#L32-L50"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "7b689c3931632b01869ac2f21a1edca0a5ca9007299fe7cd16962d6866c27558"
 		score = 75
 		quality = 80
@@ -155297,8 +155398,8 @@ rule VOLEXITY_Apt_Win_Iconicstealer : UTA0040
 		date = "2023-03-30"
 		modified = "2023-03-30"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-03-30 3CX/indicators/rules.yar#L51-L69"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-03-30 3CX/indicators/rules.yar#L51-L69"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "ed7731d2361e7d96a6a35f8359b61a2af049b16bc457cf870db8831e142aebe2"
 		score = 75
 		quality = 80
@@ -155324,8 +155425,8 @@ rule VOLEXITY_Apt_Win_Iconic : UTA0040
 		date = "2023-03-30"
 		modified = "2023-03-30"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-03-30 3CX/indicators/rules.yar#L70-L93"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-03-30 3CX/indicators/rules.yar#L70-L93"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "b62b1543c9af3afb8fc885f313e1a5d2fcb688657e3807cce72b31b56381681e"
 		score = 75
 		quality = 55
@@ -155355,8 +155456,8 @@ rule VOLEXITY_Apt_Win_3Cx_Backdoored_Lib : UTA0040
 		date = "2023-03-30"
 		modified = "2023-03-30"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-03-30 3CX/indicators/rules.yar#L94-L133"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-03-30 3CX/indicators/rules.yar#L94-L133"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "40be2d46a318ff03724ea1f6628d78001c14c85a3ae6d032c0324ea849d707f2"
 		score = 75
 		quality = 80
@@ -155403,8 +155504,8 @@ rule VOLEXITY_Informational_Win_3Cx_Msi : UTA0040
 		date = "2023-03-30"
 		modified = "2023-03-30"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-03-30 3CX/indicators/rules.yar#L134-L152"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-03-30 3CX/indicators/rules.yar#L134-L152"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "c04de2653ef587f27c7ebf058c6f6c345e16b67f36ccc4306bc49f8c4394728e"
 		score = 75
 		quality = 80
@@ -155430,8 +155531,8 @@ rule VOLEXITY_Apt_Malware_Apk_Badbazaar_Common_Certificate : EVILBAMBOO FILE
 		date = "2023-06-01"
 		modified = "2023-06-13"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L230-L255"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L230-L255"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "861d4e1c40847c6ade04eddb047370d645afea6d5c16d55155fa58a16111c39e"
 		score = 75
 		quality = 80
@@ -155462,8 +155563,8 @@ rule VOLEXITY_Apt_Malware_Apk_Badbazaar_Stage2_Implant_May23 : EVILBAMBOO FILE
 		date = "2023-05-25"
 		modified = "2023-08-30"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L257-L285"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L257-L285"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "2186369298ebfa0b892ecb14ebacc93c6d14c9c35012e8e6cdff077634cf3773"
 		score = 75
 		quality = 80
@@ -155497,8 +155598,8 @@ rule VOLEXITY_Apt_Delivery_Web_Js_Jmask_Str_Array_Variant : EVILBAMBOO FILE
 		date = "2023-06-27"
 		modified = "2023-09-21"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L408-L444"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L408-L444"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "0ae7c96e0f866f21d66d7a23bf937d6ce48c9dd1ea19142dbb13487208780146"
 		score = 75
 		quality = 80
@@ -155538,8 +155639,8 @@ rule VOLEXITY_Apt_Delivery_Web_Js_Jmask : EVILBAMBOO FILE
 		date = "2023-06-15"
 		modified = "2023-09-21"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L446-L472"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2023/2023-09-22 EvilBamboo/indicators/rules.yar#L446-L472"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "64315ac05049954d36297a616a25ffdd7ce81c6313c0878d5ba4082da24c21bb"
 		score = 75
 		quality = 80
@@ -155570,8 +155671,8 @@ rule VOLEXITY_Apt_Malware_Py_Upstyle : UTA0218 FILE MEMORY
 		date = "2024-04-11"
 		modified = "2024-04-12"
 		reference = "TIB-20240412"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-04-12 Palo Alto Networks GlobalProtect/indicators/rules.yar#L1-L34"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-04-12 Palo Alto Networks GlobalProtect/indicators/rules.yar#L1-L34"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "51923600b23d23f4ce29eac7f5ab9f7e1ddb45bed5f6727ddec4dcb75872e473"
 		score = 75
 		quality = 80
@@ -155607,8 +155708,8 @@ rule VOLEXITY_Susp_Any_Jarischf_User_Path : FILE MEMORY
 		date = "2024-04-10"
 		modified = "2024-04-15"
 		reference = "TIB-20240412"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-04-12 Palo Alto Networks GlobalProtect/indicators/rules.yar#L59-L81"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-04-12 Palo Alto Networks GlobalProtect/indicators/rules.yar#L59-L81"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "574d5b1fadb91c39251600e7d73d4993d4b16565bd1427a0e8d6ed4e7905ab54"
 		score = 50
 		quality = 80
@@ -155637,8 +155738,8 @@ rule VOLEXITY_Hacktool_Golang_Reversessh_Fahrj : FILE MEMORY
 		date = "2024-04-10"
 		modified = "2024-04-12"
 		reference = "TIB-20240412"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-04-12 Palo Alto Networks GlobalProtect/indicators/rules.yar#L82-L116"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-04-12 Palo Alto Networks GlobalProtect/indicators/rules.yar#L82-L116"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "38b40cc7fc1e601da2c7a825f1c2eff209093875a5829ddd2f4c5ad438d660f8"
 		score = 75
 		quality = 80
@@ -155676,8 +155777,8 @@ rule VOLEXITY_Apt_Webshell_Pl_Complyshell : UTA0178 FILE MEMORY
 		date = "2023-12-13"
 		modified = "2024-01-12"
 		reference = "TIB-20231215"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L3-L25"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L3-L25"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "ff46691f1add20cff30fe996e2fb199ce42408e86d5642a8a43c430f2245b1f5"
 		score = 75
 		quality = 80
@@ -155707,11 +155808,11 @@ rule VOLEXITY_Apt_Webshell_Aspx_Glasstoken : UTA0178 FILE MEMORY
 		date = "2023-12-12"
 		modified = "2024-09-30"
 		reference = "TIB-20231215"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L26-L52"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L26-L52"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "6b8183ac1e87a86c58760db51f767ed278cc0c838ed89e7435af7d0373e58b26"
 		score = 75
-		quality = 30
+		quality = 55
 		tags = "UTA0178, FILE, MEMORY"
 		hash1 = "26cbb54b1feb75fe008e36285334d747428f80aacdb57badf294e597f3e9430d"
 		os = "win"
@@ -155738,8 +155839,8 @@ rule VOLEXITY_Webshell_Aspx_Regeorg : FILE MEMORY
 		date = "2018-08-29"
 		modified = "2024-01-09"
 		reference = "TIB-20231215"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L53-L86"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L53-L86"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		hash = "9d901f1a494ffa98d967ee6ee30a46402c12a807ce425d5f51252eb69941d988"
 		logic_hash = "4fed023e85a32052917f6db1e2e155c91586538938c03acc59f200a8264888ca"
 		score = 75
@@ -155774,8 +155875,8 @@ rule VOLEXITY_Hacktool_Py_Pysoxy : FILE MEMORY
 		date = "2024-01-09"
 		modified = "2024-01-09"
 		reference = "TIB-20240109"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L87-L114"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-01-10 Ivanti Connect Secure/indicators/yara.yar#L87-L114"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "f73e9d3c2f64c013218469209f3b69fc868efafc151a7de979dde089bfdb24b2"
 		score = 75
 		quality = 80
@@ -155808,8 +155909,8 @@ rule VOLEXITY_Apt_Malware_Linux_Disgomoji_Modules : TRANSPARENTJASMINE FILE MEMO
 		date = "2024-02-22"
 		modified = "2024-07-05"
 		reference = "TIB-20240229"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L1-L24"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L1-L24"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "7880288e3230b688b780bdfbac2b0761fd7831b7df233672c2242c21a86e1297"
 		score = 75
 		quality = 80
@@ -155839,8 +155940,8 @@ rule VOLEXITY_Apt_Malware_Linux_Disgomoji_Loader : TRANSPARENTJASMINE FILE MEMOR
 		date = "2024-02-22"
 		modified = "2024-07-05"
 		reference = "TIB-20240229"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L25-L47"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L25-L47"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "d9be4846bab5fffcfd60eaec377443819404f30ec088905c2ee26bd3b7525832"
 		score = 75
 		quality = 80
@@ -155869,8 +155970,8 @@ rule VOLEXITY_Apt_Malware_Linux_Disgomoji_Debug_String : TRANSPARENTJASMINE FILE
 		date = "2024-02-22"
 		modified = "2024-11-27"
 		reference = "TIB-20240229"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L48-L71"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L48-L71"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "6bb130eead39bd8128983e0f2e76cfeff8865ce8ed3cb73b132ed32d68fc0db0"
 		score = 75
 		quality = 80
@@ -155900,8 +156001,8 @@ rule VOLEXITY_Apt_Malware_Linux_Disgomoji_2 : TRANSPARENTJASMINE FILE MEMORY
 		date = "2024-02-22"
 		modified = "2024-07-05"
 		reference = "TIB-20240229"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L72-L103"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L72-L103"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "e03a774cca2946c1becdbd775ef465033dae089d578ea18a4f43fd7bdae9168e"
 		score = 75
 		quality = 80
@@ -155939,8 +156040,8 @@ rule VOLEXITY_Apt_Malware_Linux_Disgomoji_1 : TRANSPARENTJASMINE FILE MEMORY
 		date = "2024-02-22"
 		modified = "2024-07-05"
 		reference = "TIB-20240229"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L104-L131"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L104-L131"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "dd3535079881ae9cfe25c129803668cb595be89b7f62eb82af19cc3839f92b6d"
 		score = 75
 		quality = 80
@@ -155974,8 +156075,8 @@ rule VOLEXITY_Apt_Malware_Linux_Disgomoji_Bogus_Strings : TRANSPARENTJASMINE FIL
 		date = "2024-03-14"
 		modified = "2024-07-05"
 		reference = "TIB-20240318"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L132-L159"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L132-L159"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "0d8a2b371ffb182e60a8cc0cc500d1a9f906718a55f23f35f6c12f7faabbe971"
 		score = 75
 		quality = 80
@@ -156009,8 +156110,8 @@ rule VOLEXITY_Apt_Malware_Linux_Disgomoji_Script_Uevent_Seqnum : TRANSPARENTJASM
 		date = "2024-03-07"
 		modified = "2024-07-05"
 		reference = "TIB-20240318"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L160-L187"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L160-L187"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "e390e83d9fc15499c9f32ad47d1c526273105602bda7b3532720b0a3f6abc835"
 		score = 75
 		quality = 80
@@ -156044,8 +156145,8 @@ rule VOLEXITY_Apt_Malware_Linux_Disgomoji_Script_Lan_Conf : TRANSPARENTJASMINE F
 		date = "2024-03-07"
 		modified = "2024-07-05"
 		reference = "TIB-20240318"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L188-L215"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L188-L215"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "2a19d5cff7adc9b1b92538a5df4e3cadea694f925f65080f5093fc5425e840f4"
 		score = 75
 		quality = 80
@@ -156079,8 +156180,8 @@ rule VOLEXITY_Malware_Golang_Discordc2_Bmdyy_1 : FILE MEMORY
 		date = "2024-03-28"
 		modified = "2024-07-05"
 		reference = "TIB-20240229"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L216-L243"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L216-L243"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "22b3e5109d0738552fbc310344b2651ab3297e324bc883d5332c1e8a7a1df29b"
 		score = 75
 		quality = 80
@@ -156113,8 +156214,8 @@ rule VOLEXITY_Malware_Golang_Discordc2_Bmdyy : FILE MEMORY
 		date = "2024-02-22"
 		modified = "2024-07-05"
 		reference = "https://github.com/bmdyy/discord-c2"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L244-L267"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-06-13 DISGOMOJI/indicators/rules.yar#L244-L267"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "38b860a43b9937351f74b01983888f18ad101cbe66560feb7455d46b713eba0f"
 		score = 75
 		quality = 80
@@ -156143,8 +156244,8 @@ rule VOLEXITY_Apt_Malware_Any_Reloadext_Plugin : STORMBAMBOO FILE MEMORY
 		date = "2024-02-23"
 		modified = "2024-08-02"
 		reference = "TIB-20240227"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-08-02 StormBamboo/rules.yar#L4-L36"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-08-02 StormBamboo/rules.yar#L4-L36"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "2b11f8fc5b6260ebf00bde83585cd7469709a4979ca579cdf065724bc15052fc"
 		score = 75
 		quality = 80
@@ -156177,8 +156278,8 @@ rule VOLEXITY_Apt_Malware_Macos_Reloadext_Installer : STORMBAMBOO FILE MEMORY
 		date = "2024-02-23"
 		modified = "2024-08-02"
 		reference = "TIB-20240227"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-08-02 StormBamboo/rules.yar#L37-L62"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-08-02 StormBamboo/rules.yar#L37-L62"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "8688796839202d95ded15e10262a7a7c7cbbae4a332b60305402e5984005d452"
 		score = 75
 		quality = 80
@@ -156210,8 +156311,8 @@ rule VOLEXITY_Apt_Malware_Any_Macma_A : STORMBAMBOO FILE MEMORY
 		date = "2021-11-12"
 		modified = "2024-08-02"
 		reference = "https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-08-02 StormBamboo/rules.yar#L63-L111"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-08-02 StormBamboo/rules.yar#L63-L111"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "7ebaff9fddf6491d6b1ed9ab14c1b87dc8df850536e55aa723d625a593b33ed7"
 		score = 75
 		quality = 53
@@ -156264,8 +156365,8 @@ rule VOLEXITY_Apt_Malware_Macos_Gimmick : STORMBAMBOO FILE MEMORY
 		date = "2021-10-18"
 		modified = "2024-08-02"
 		reference = "https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-08-02 StormBamboo/rules.yar#L112-L170"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-08-02 StormBamboo/rules.yar#L112-L170"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "00fba9df2212874a45d44b3d098a7b76c97fcd53ff083c76b784d2b510a4a467"
 		score = 75
 		quality = 78
@@ -156322,8 +156423,8 @@ rule VOLEXITY_Apt_Malware_Win_Dustpan_Apihashes : STORMBAMBOO FILE
 		date = "2023-08-17"
 		modified = "2024-08-02"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-08-02 StormBamboo/rules.yar#L171-L205"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-08-02 StormBamboo/rules.yar#L171-L205"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "3edb66ade428c451c18aa152244f869f9f8c10e62ed942bf722b4d1cf1893e93"
 		score = 75
 		quality = 80
@@ -156363,8 +156464,8 @@ rule VOLEXITY_Apt_Malware_Win_Pocostick_Jul23 : STORMBAMBOO FILE MEMORY
 		date = "2023-07-24"
 		modified = "2024-08-02"
 		reference = "TIB-20231221"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-08-02 StormBamboo/rules.yar#L206-L235"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-08-02 StormBamboo/rules.yar#L206-L235"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "19487db733c7f793be2a1287df32a165e46f6af0e940b13b389f4d675b5100c4"
 		score = 75
 		quality = 80
@@ -156400,8 +156501,8 @@ rule VOLEXITY_Apt_Malware_Py_Dustpan_Pyloader : STORMBAMBOO FILE MEMORY
 		date = "2023-07-21"
 		modified = "2024-08-02"
 		reference = "TIB-20231221"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-08-02 StormBamboo/rules.yar#L236-L270"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-08-02 StormBamboo/rules.yar#L236-L270"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "bb3a70dad28181534e27abbbd618165652c137264bfd3726ae4480c642493a3b"
 		score = 75
 		quality = 80
@@ -156435,14 +156536,14 @@ rule VOLEXITY_Apt_Malware_Elf_Catchdns_Aug20_Memory : DRIFTINGBAMBOO FILE MEMORY
 	meta:
 		description = "Looks for strings from CatchDNS component used to intercept and modify DNS responses, and likely also intercept/monitor http. This rule would only match against memory in the example file analyzed by Volexity."
 		author = "threatintel@volexity.com"
-		id = "95306735-cdae-5407-ad49-d465d245378d"
+		id = "933b7585-1b1c-5d25-a599-078a0b0d0077"
 		date = "2020-08-20"
-		modified = "2024-08-02"
+		modified = "2025-06-19"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-08-02 StormBamboo/rules.yar#L309-L383"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-08-02 StormBamboo/rules.yar#L309-L383"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		hash = "4f3d35f4f8b810362cbd4c59bfe5a961e559fe5713c9478294ccb3af2d306515"
-		logic_hash = "a7d677d7eecf388df7e7c2343fd3e46188594473c01075bf8a0b54292a51db94"
+		logic_hash = "241fd5884b27269b9b07b891fb9e226c33c468276df796f91af98a68765a8b0d"
 		score = 75
 		quality = 55
 		tags = "DRIFTINGBAMBOO, FILE, MEMORY"
@@ -156454,7 +156555,7 @@ rule VOLEXITY_Apt_Malware_Elf_Catchdns_Aug20_Memory : DRIFTINGBAMBOO FILE MEMORY
 		severity = "critical"
 		license = "See license at https://github.com/volexity/threat-intel/blob/main/LICENSE.txt"
 		rule_id = 227
-		version = 10
+		version = 11
 
 	strings:
 		$os1 = "current thread policy=%d" ascii wide
@@ -156496,7 +156597,7 @@ rule VOLEXITY_Apt_Malware_Elf_Catchdns_Aug20_Memory : DRIFTINGBAMBOO FILE MEMORY
 		$netw9 = "content-type" ascii wide
 		$netw10 = "otherhead_" ascii wide
 		$netw11 = "configfile" ascii wide
-		$apache = {48 54 54 50 2F 31 2E 31 20 32 30 30 20 4F 4B 0D 0A 53 65 72 76 65 72 3A 20 41 70 61 63 68 65 0D 0A 43 6F 6E 6E 65 63 74 69 6F 6E 3A 20 63 6C 6F 73 65 0D 0A 43 6F 6E 74 65 6E 74 2D 54 79 70 65 3A 20 25 73 0D 0A 43 6F 6E 74 65 6E 74 2D 4C 65 6E 67 74 68 3A 20 25 64 0D 0A}
+		$apache = "HTTP/1.1 200 OK\r\nServer: Apache\r\nConnection: close\r\nContent-Type: %s\r\nContent-Length: %d\r\n"
 		$cpp1 = "src/os.cpp"
 		$cpp2 = "src/test_catch_dns.cpp"
 
@@ -156512,8 +156613,8 @@ rule VOLEXITY_Apt_Malware_Vbs_Basicstar_A : CHARMINGCYPRESS FILE MEMORY
 		date = "2024-01-04"
 		modified = "2025-05-21"
 		reference = "TIB-20240111"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-02-13 CharmingCypress/rules.yar#L68-L98"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-02-13 CharmingCypress/rules.yar#L69-L99"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "977bb42553bb6585c8d0e1e89675644720ca9abf294eccd797e20d4bca516810"
 		score = 75
 		quality = 80
@@ -156548,8 +156649,8 @@ rule VOLEXITY_Apt_Malware_Ps1_Powerless_B : CHARMINGCYPRESS FILE MEMORY
 		date = "2023-10-25"
 		modified = "2024-01-29"
 		reference = "TIB-20231027"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-02-13 CharmingCypress/rules.yar#L99-L156"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-02-13 CharmingCypress/rules.yar#L100-L157"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "eb9d199c1f7c2a42d711c1a44ab13526787169c18a77ce988568525baca043ef"
 		score = 75
 		quality = 78
@@ -156611,8 +156712,8 @@ rule VOLEXITY_Apt_Malware_Macos_Vpnclient_Cc_Oct23 : CHARMINGCYPRESS FILE MEMORY
 		date = "2023-10-17"
 		modified = "2023-10-27"
 		reference = "TIB-20231027"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-02-13 CharmingCypress/rules.yar#L245-L271"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-02-13 CharmingCypress/rules.yar#L246-L272"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "da5e9be752648b072a9aaeed884b8e1729a14841e33ed6633a0aaae1f11bd139"
 		score = 75
 		quality = 80
@@ -156645,8 +156746,8 @@ rule VOLEXITY_Apt_Malware_Charmingcypress_Openvpn_Configuration : CHARMINGCYPRES
 		date = "2023-10-17"
 		modified = "2023-10-27"
 		reference = "TIB-20231027"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-02-13 CharmingCypress/rules.yar#L272-L297"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-02-13 CharmingCypress/rules.yar#L273-L298"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "f4c5f13ac75504b14def9c37d3a41c6eea4c45845d4b54c50030b1f00691e4bf"
 		score = 75
 		quality = 80
@@ -156678,8 +156779,8 @@ rule VOLEXITY_Apt_Delivery_Win_Charming_Openvpn_Client : CHARMINGCYPRESS FILE
 		date = "2023-10-17"
 		modified = "2023-10-27"
 		reference = "TIB-20231027"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-02-13 CharmingCypress/rules.yar#L298-L322"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-02-13 CharmingCypress/rules.yar#L299-L323"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "02596a62cb1ba17ecabef0ae93f434e4774b00422a6da2106a2bc4c59d2f8077"
 		score = 75
 		quality = 80
@@ -156710,8 +156811,8 @@ rule VOLEXITY_Apt_Malware_Ps1_Powerstar_Generic : CHARMINGCYPRESS FILE MEMORY
 		date = "2023-06-02"
 		modified = "2024-01-26"
 		reference = "TIB-20240126"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-02-13 CharmingCypress/rules.yar#L323-L351"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-02-13 CharmingCypress/rules.yar#L324-L352"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "4da02190ffd16304eccbc0d12dfcc5637a6b785af0e3dc3dfcafcfe114597eb2"
 		score = 75
 		quality = 80
@@ -156744,8 +156845,8 @@ rule VOLEXITY_Apt_Malware_Win_Deepdata_Module : BRAZENBAMBOO FILE MEMORY
 		date = "2024-07-30"
 		modified = "2024-11-14"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-11-15 BrazenBamboo/rules.yar#L1-L25"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-11-15 BrazenBamboo/rules.yar#L1-L25"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "d36f34343826daf7f7368118c7127c7181a54c99a01803016c9a6965abb309cb"
 		score = 75
 		quality = 80
@@ -156777,8 +156878,8 @@ rule VOLEXITY_Apt_Malware_Win_Lightspy_Orchestrator_Decoded_Core : BRAZENBAMBOO
 		date = "2024-02-15"
 		modified = "2024-07-03"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-11-15 BrazenBamboo/rules.yar#L244-L287"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-11-15 BrazenBamboo/rules.yar#L244-L287"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "f0189c0a84c53e365130e9683f2f2b2f73c14412d8e4d0251a4780d0e80162d8"
 		score = 75
 		quality = 78
@@ -156827,8 +156928,8 @@ rule VOLEXITY_Apt_Malware_Win_Lightspy_Orchestrator_Decoded_C2_Strings : BRAZENB
 		date = "2024-02-15"
 		modified = "2024-11-14"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2024/2024-11-15 BrazenBamboo/rules.yar#L288-L337"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2024/2024-11-15 BrazenBamboo/rules.yar#L288-L337"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "eeaaf6e16d4854a2279bd62596f75cb8b8ec1b05f3b050f5dac97254704b9005"
 		score = 75
 		quality = 78
@@ -156883,8 +156984,8 @@ rule VOLEXITY_Apt_Malware_Win_Dolphin : INKYPINE FILE MEMORY
 		date = "2021-06-21"
 		modified = "2025-01-27"
 		reference = "https://www.welivesecurity.com/2022/11/30/whos-swimming-south-korean-waters-meet-scarcrufts-dolphin/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-08-17 - InkySquid Part 1/indicators/yara.yar#L1-L77"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-08-17 - InkySquid Part 1/indicators/yara.yar#L1-L77"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "785a92087efc816c88c6eed6363c432d8d45198fbd5cef84c04dabd36b6316a6"
 		score = 75
 		quality = 55
@@ -156958,8 +157059,8 @@ rule VOLEXITY_Apt_Malware_Win_Bluelight : INKYPINE FILE MEMORY
 		date = "2021-04-23"
 		modified = "2025-02-18"
 		reference = "https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-08-17 - InkySquid Part 1/indicators/yara.yar#L78-L120"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-08-17 - InkySquid Part 1/indicators/yara.yar#L78-L120"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "45490dfc793bb95f153c0194989b25e0b2641fa9b9f6763d5733eab6483ffead"
 		score = 75
 		quality = 80
@@ -157005,11 +157106,11 @@ rule VOLEXITY_Apt_Malware_Rb_Rokrat_Loader : INKYPINE FILE MEMORY
 		date = "2021-06-22"
 		modified = "2024-08-22"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L1-L32"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L1-L32"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "30ae14fd55a3ab60e791064f69377f3b9de9b871adfd055f435df657f89f8007"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "INKYPINE, FILE, MEMORY"
 		hash1 = "5bc52f6c1c0d0131cee30b4f192ce738ad70bcb56e84180f464a5125d1a784b2"
 		os = "win"
@@ -157042,8 +157143,8 @@ rule VOLEXITY_Apt_Malware_Py_Bluelight_Ldr : INKYPINE FILE
 		date = "2021-06-22"
 		modified = "2025-02-18"
 		reference = "https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L33-L61"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L33-L61"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "6987f5903561da8d4fa32c8d824593f601a49e13edfa2d617952d57ba3444f76"
 		score = 75
 		quality = 80
@@ -157076,8 +157177,8 @@ rule VOLEXITY_Apt_Malware_Win_Decrok : INKYPINE FILE MEMORY
 		date = "2021-06-23"
 		modified = "2023-09-28"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L62-L90"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L62-L90"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		hash = "6a452d088d60113f623b852f33f8f9acf0d4197af29781f889613fed38f57855"
 		logic_hash = "a551700943d5abc95af00fc4fefd416ace8d59037852c6bc5caf1d6bd09afd63"
 		score = 75
@@ -157110,8 +157211,8 @@ rule VOLEXITY_Apt_Malware_Win_Rokload : INKYPINE FILE
 		date = "2021-06-23"
 		modified = "2025-05-21"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L91-L112"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-08-24 - InkySquid Part 2/indicators/yara.yar#L91-L112"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		hash = "85cd5c3bb028fe6931130ccd5d0b0c535c01ce2bcda660a3b72581a1a5382904"
 		logic_hash = "8d65d32fd5bc055ca0e3831d3db88299e7c99f8547a170d3c53ec2c4001496a3"
 		score = 75
@@ -157140,8 +157241,8 @@ rule VOLEXITY_Malware_Win_Backwash_Cpp : WHEELEDASH FILE MEMORY
 		date = "2021-11-17"
 		modified = "2023-11-13"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-12-06 - XEGroup/indicators/yara.yar#L3-L26"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-12-06 - XEGroup/indicators/yara.yar#L3-L26"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "c8ed2d3103aa85363acd7f5573aeb936a5ab5a3bacbcf1f04e6b298299f24dae"
 		score = 75
 		quality = 80
@@ -157172,8 +157273,8 @@ rule VOLEXITY_Malware_Win_Iis_Shellsave : WHEELEDASH FILE MEMORY
 		date = "2021-11-17"
 		modified = "2023-08-17"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-12-06 - XEGroup/indicators/yara.yar#L27-L49"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-12-06 - XEGroup/indicators/yara.yar#L27-L49"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "f34d6f4ecaa4cde5965f6b0deac55c7133a2be96f5c466f34775be6e7f730493"
 		score = 75
 		quality = 80
@@ -157203,8 +157304,8 @@ rule VOLEXITY_Malware_Win_Backwash_Iis_Scout : WHEELEDASH FILE MEMORY
 		date = "2021-11-17"
 		modified = "2023-08-17"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-12-06 - XEGroup/indicators/yara.yar#L50-L78"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-12-06 - XEGroup/indicators/yara.yar#L50-L78"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "18c4e338905ff299d75534006037e63a8f9b191f062cc97b0592245518015f88"
 		score = 75
 		quality = 80
@@ -157240,8 +157341,8 @@ rule VOLEXITY_Malware_Js_Xeskimmer : WHEELEDASH FILE
 		date = "2021-11-17"
 		modified = "2023-11-14"
 		reference = "https://github.com/MBThreatIntel/skimmers/blob/master/null_gif_skimmer.js"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-12-06 - XEGroup/indicators/yara.yar#L79-L114"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-12-06 - XEGroup/indicators/yara.yar#L79-L114"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "cc46e9fab5f408fde13c3897d378a1a2e4acb448f40ca4935c19024ebdc252d7"
 		score = 75
 		quality = 80
@@ -157276,8 +157377,8 @@ rule VOLEXITY_Malware_Win_Backwash_Iis : WHEELEDASH FILE MEMORY
 		date = "2020-09-04"
 		modified = "2023-08-17"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-12-06 - XEGroup/indicators/yara.yar#L181-L208"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-12-06 - XEGroup/indicators/yara.yar#L181-L208"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		hash = "98e39573a3d355d7fdf3439d9418fdbf4e42c2e03051b5313d5c84f3df485627"
 		logic_hash = "95a7f9e0afb031b49cd0da66b5a887d26ad2e06cce625bc45739b4a80e96ce9c"
 		score = 75
@@ -157310,8 +157411,8 @@ rule VOLEXITY_Webshell_Aspx_Regeorgtunnel : FILE MEMORY
 		date = "2021-03-02"
 		modified = "2024-10-18"
 		reference = "https://github.com/sensepost/reGeorg/blob/master/tunnel.aspx"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-03-02 - Operation Exchange Marauder/indicators/yara.yar#L26-L56"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-03-02 - Operation Exchange Marauder/indicators/yara.yar#L26-L56"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		hash = "406b680edc9a1bb0e2c7c451c56904857848b5f15570401450b73b232ff38928"
 		logic_hash = "ea3d0532cb609682922469e8272dc8061efca3b3ae27df738ef2646e30404c6f"
 		score = 75
@@ -157340,14 +157441,14 @@ rule VOLEXITY_Webshell_Aspx_Regeorgtunnel : FILE MEMORY
 rule VOLEXITY_Apt_Webshell_Aspx_Sportsball : FILE MEMORY
 {
 	meta:
-		description = "The SPORTSBALL webshell, observed in targeted Microsoft Exchange attacks."
+		description = "The SPORTSBALL webshell, observed in targeted Microsoft Exchange attacks in 2021. SPORTSBALL was later discovered to be a variant of HYPERSHELL, a publicly available webshell."
 		author = "threatintel@volexity.com"
 		id = "25b23a4c-8fc7-5d6f-b4b5-46fe2c1546d8"
 		date = "2021-03-01"
-		modified = "2024-07-30"
-		reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-03-02 - Operation Exchange Marauder/indicators/yara.yar#L57-L88"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		modified = "2025-07-24"
+		reference = "https://github.com/misterch0c/APT34/blob/e62f3d14ec78bea5c98d3c895162ca1e47676c18/Webshells_and_Panel/HyperShell/HyperShell/Shell/simple.aspx"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-03-02 - Operation Exchange Marauder/indicators/yara.yar#L57-L89"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		hash = "2fa06333188795110bba14a482020699a96f76fb1ceb80cbfa2df9d3008b5b0a"
 		logic_hash = "5ec5e52922e97a3080d397b69b2f42f09daa995271e218ea085fa2ec4e3abad2"
 		score = 75
@@ -157359,7 +157460,7 @@ rule VOLEXITY_Apt_Webshell_Aspx_Sportsball : FILE MEMORY
 		severity = "critical"
 		license = "See license at https://github.com/volexity/threat-intel/blob/main/LICENSE.txt"
 		rule_id = 4968
-		version = 5
+		version = 6
 
 	strings:
 		$uniq1 = "HttpCookie newcook = new HttpCookie(\"fqrspt\", HttpContext.Current.Request.Form"
@@ -157383,8 +157484,8 @@ rule VOLEXITY_Apt_Malware_Win_Flipflop_Ldr : COZYLARCH FILE MEMORY
 		date = "2021-05-25"
 		modified = "2025-05-21"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-05-27 - Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns/indicators/yara.yar#L3-L26"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-05-27 - Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns/indicators/yara.yar#L3-L26"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		hash = "ee42ddacbd202008bcc1312e548e1d9ac670dd3d86c999606a3a01d464a2a330"
 		logic_hash = "a79d2b0700ae14f7a2af23c8f7df3df3564402b1137478008ccabefea0f543ad"
 		score = 75
@@ -157415,8 +157516,8 @@ rule VOLEXITY_Malware_Win_Cobaltstrike_D : FILE MEMORY
 		date = "2021-05-25"
 		modified = "2024-11-22"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-05-27 - Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns/indicators/yara.yar#L27-L54"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-05-27 - Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns/indicators/yara.yar#L27-L54"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		hash = "b041efb8ba2a88a3d172f480efa098d72eef13e42af6aa5fb838e6ccab500a7c"
 		logic_hash = "751b6832f2952d369cb616b28ac009d7bfcc4d92bf2db36d87d69bc1e9fa6c75"
 		score = 75
@@ -157452,8 +157553,8 @@ rule VOLEXITY_Apt_Malware_Win_Freshfire : COZYLARCH FILE
 		date = "2021-05-27"
 		modified = "2025-05-21"
 		reference = "https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2021/2021-05-27 - Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns/indicators/yara.yar#L55-L87"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2021/2021-05-27 - Suspected APT29 Operation Launches Election Fraud Themed Phishing Campaigns/indicators/yara.yar#L55-L87"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		hash = "ad67aaa50fd60d02f1378b4155f69cffa9591eaeb80523489a2355512cc30e8c"
 		logic_hash = "69cd73f5812ba955c1352fb1552774d5cf49019d6b65a304fd1e33f852e678ba"
 		score = 75
@@ -157486,11 +157587,11 @@ rule VOLEXITY_Webshell_Jsp_Godzilla : FILE MEMORY
 		date = "2021-11-08"
 		modified = "2024-07-30"
 		reference = "https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-08-10 Mass exploitation of (Un)authenticated Zimbra RCE CVE-2022-27925/yara.yar#L1-L34"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-08-10 Mass exploitation of (Un)authenticated Zimbra RCE CVE-2022-27925/yara.yar#L1-L34"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "52cba9545f662da18ca6e07340d7a9be637b89e7ed702dd58cac545c702a00e3"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "FILE, MEMORY"
 		hash1 = "2786d2dc738529a34ecde10ffeda69b7f40762bf13e7771451f13a24ab7fc5fe"
 		os = "win,linux"
@@ -157522,8 +157623,8 @@ rule VOLEXITY_Susp_Jsp_General_Runtime_Exec_Req : FILE MEMORY
 		date = "2022-02-02"
 		modified = "2024-07-30"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-08-10 Mass exploitation of (Un)authenticated Zimbra RCE CVE-2022-27925/yara.yar#L35-L56"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-08-10 Mass exploitation of (Un)authenticated Zimbra RCE CVE-2022-27925/yara.yar#L35-L56"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "d3048aba80c1c39f1673931cd2d7c5ed83045603b0ad204073fd788d0103a6c8"
 		score = 65
 		quality = 80
@@ -157552,8 +157653,8 @@ rule VOLEXITY_Webshell_Jsp_Regeorg : FILE MEMORY
 		date = "2022-03-08"
 		modified = "2024-09-20"
 		reference = "https://github.com/SecWiki/WebShell-2/blob/master/reGeorg-master/tunnel.jsp"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-08-10 Mass exploitation of (Un)authenticated Zimbra RCE CVE-2022-27925/yara.yar#L57-L86"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-08-10 Mass exploitation of (Un)authenticated Zimbra RCE CVE-2022-27925/yara.yar#L57-L86"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "cecb71605d9112d509823c26e40e1cf9cd6db581db448db5c9ffc63a2bfe529e"
 		score = 75
 		quality = 80
@@ -157587,8 +157688,8 @@ rule VOLEXITY_Webshell_Java_Behinder_Shellservice : FILE MEMORY
 		date = "2022-03-18"
 		modified = "2024-07-30"
 		reference = "https://github.com/MountCloud/BehinderClientSource/blob/master/src/main/java/net/rebeyond/behinder/core/ShellService.java"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L1-L29"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L1-L29"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "373a8d4ef81e9bbbf1f24ebf0389e7da4b73f88786cc8e1d286ccc9f4c36debc"
 		score = 75
 		quality = 30
@@ -157623,8 +157724,8 @@ rule VOLEXITY_Malware_Golang_Pantegana : FILE MEMORY
 		date = "2022-03-30"
 		modified = "2025-03-21"
 		reference = "https://github.com/elleven11/pantegana"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L89-L119"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L90-L120"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "791a664a6b4b98051cbfacb451099de085cbab74d73771709377ab68a5a23d2b"
 		score = 75
 		quality = 80
@@ -157659,8 +157760,8 @@ rule VOLEXITY_Malware_Any_Pupyrat_B : FILE MEMORY
 		date = "2022-04-07"
 		modified = "2025-03-21"
 		reference = "https://github.com/n1nj4sec/pupy"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L120-L157"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L121-L158"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "f5b5f35ee783ff1163072591c6d48a85894729156935650a0fd166ae22a2ea00"
 		score = 75
 		quality = 80
@@ -157700,8 +157801,8 @@ rule VOLEXITY_Susp_Php_Fileinput_Eval : FILE
 		date = "2021-06-16"
 		modified = "2024-12-12"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L158-L181"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L159-L182"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "de376bfdfa5b6244c414454cb5d43d29e3dd75e049389f0c430c160f9d198965"
 		score = 65
 		quality = 80
@@ -157732,8 +157833,8 @@ rule VOLEXITY_Susp_Php_Call_User_Func : FILE
 		date = "2021-06-16"
 		modified = "2024-07-30"
 		reference = "https://zhuanlan.zhihu.com/p/354906657"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L182-L204"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-06-15 DriftingCloud - Zero-Day Sophos Firewall Exploitation and an Insidious Breach/indicators/yara.yar#L183-L205"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "46c999da97682023861e58f9cd2c8651480db990a0361c1985c6d5c35b5bf0ea"
 		score = 65
 		quality = 80
@@ -157762,8 +157863,8 @@ rule VOLEXITY_Apt_Malware_Win_Applejeus_Oct22 : LAZYPINE FILE MEMORY
 		date = "2022-11-03"
 		modified = "2025-05-21"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L1-L22"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L1-L22"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "46f3325a7e8e33896862b1971f561f4871670842aecd46bcc7a5a1af869ecdc4"
 		score = 75
 		quality = 80
@@ -157792,8 +157893,8 @@ rule VOLEXITY_Apt_Malware_Win_Applejeus_B_Oct22 : LAZYPINE FILE MEMORY
 		date = "2022-11-03"
 		modified = "2025-05-21"
 		reference = "https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L24-L54"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L24-L54"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "76f3c9692ea96d3cadbbcad03477ab6c53445935352cb215152b9b5483666d43"
 		score = 75
 		quality = 80
@@ -157825,8 +157926,8 @@ rule VOLEXITY_Apt_Malware_Win_Applejeus_C_Oct22 : LAZYPINE MEMORY
 		date = "2022-11-03"
 		modified = "2023-09-28"
 		reference = "https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L57-L84"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L57-L84"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "a9e635d9353c8e5c4992beba79299fb889a7a3d5bc3eaf191f8bb7f51258a6c6"
 		score = 75
 		quality = 80
@@ -157859,8 +157960,8 @@ rule VOLEXITY_Apt_Malware_Win_Applejeus_D_Oct22 : LAZYPINE FILE MEMORY
 		date = "2022-11-10"
 		modified = "2025-05-21"
 		reference = "https://www.volexity.com/blog/2022/12/01/buyer-beware-fake-cryptocurrency-applications-serving-as-front-for-applejeus-malware/"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L87-L112"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L87-L112"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "23c0642e5be15a75a39d089cd52f2f14d633f7af6889140b9ec6e53c5c023974"
 		score = 75
 		quality = 80
@@ -157892,8 +157993,8 @@ rule VOLEXITY_Apt_Delivery_Macro_Lazypine_Jeus_B : LAZYPINE FILE
 		date = "2022-11-03"
 		modified = "2025-05-21"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L114-L139"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L114-L139"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "e55199e6ad26894f98e930cd4716127ee868872d08ada1c44675e4db1ec27894"
 		score = 75
 		quality = 80
@@ -157926,8 +158027,8 @@ rule VOLEXITY_Apt_Delivery_Office_Macro_Lazypine_Jeus : LAZYPINE FILE
 		date = "2022-11-02"
 		modified = "2025-05-21"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L141-L165"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-12-01 Buyer Beware - Fake Cryptocurrency Applications Serving as Front for AppleJeus Malware/yara.yar#L141-L165"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "54d5396b889a45d81122301eadf77f73135937fbe9647ad60491ac7856faf5ad"
 		score = 75
 		quality = 80
@@ -157959,8 +158060,8 @@ rule VOLEXITY_Apt_Malware_Js_Sharpext : SHARPPINE FILE MEMORY
 		date = "2021-09-14"
 		modified = "2025-05-21"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-07-28 SharpTongue SharpTongue Deploys Clever Mail-Stealing Browser Extension SHARPEXT/yara.yar#L1-L52"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-07-28 SharpTongue SharpTongue Deploys Clever Mail-Stealing Browser Extension SHARPEXT/yara.yar#L1-L52"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "0ed58c8646582ee36aeac650fac02d1e4962d45c0f6a24783c021d9267bed192"
 		score = 75
 		quality = 80
@@ -158009,8 +158110,8 @@ rule VOLEXITY_Webshell_Jsp_Converge : FILE MEMORY CVE_2022_26134
 		date = "2022-06-01"
 		modified = "2024-09-20"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-06-02 Active Exploitation Of Confluence 0-day/indicators/yara.yar#L1-L21"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-06-02 Active Exploitation Of Confluence 0-day/indicators/yara.yar#L1-L21"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "bb48516342eddd48c35e6db0eb74f95e116dc723503552b99ba721b5bdb391e5"
 		score = 75
 		quality = 80
@@ -158038,8 +158139,8 @@ rule VOLEXITY_Webshell_Java_Realcmd : FILE MEMORY
 		date = "2022-06-01"
 		modified = "2024-07-30"
 		reference = "https://github.com/Freakboy/Behinder/blob/master/src/main/java/vip/youwe/sheller/payload/java/RealCMD.java"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-06-02 Active Exploitation Of Confluence 0-day/indicators/yara.yar#L61-L84"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-06-02 Active Exploitation Of Confluence 0-day/indicators/yara.yar#L61-L84"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "e09f2a23674fd73296dd4d1fabf1a2c812bfe69ff02abc96a4be35af6a18e512"
 		score = 75
 		quality = 80
@@ -158070,8 +158171,8 @@ rule VOLEXITY_Apt_Malware_Win_Gimmick_Dotnet_Base : STORMBAMBOO FILE MEMORY
 		date = "2020-03-16"
 		modified = "2024-08-19"
 		reference = "https://github.com/volexity/threat-intel"
-		source_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/2022/2022-03-22 GIMMICK/indicators/yara.yar#L60-L86"
-		license_url = "https://github.com/volexity/threat-intel/blob/1ef34c2e4704d1e6e6768c2d6800863bbae05a0d/LICENSE.txt"
+		source_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/2022/2022-03-22 GIMMICK/indicators/yara.yar#L60-L86"
+		license_url = "https://github.com/volexity/threat-intel/blob/809e5e28363540d57393bd4362af89066b1f2fbf/LICENSE.txt"
 		logic_hash = "39a38ea189d5e840f9334cb7ec8f390444139b39c6f426906a8845f9a1ada9f7"
 		score = 75
 		quality = 80
@@ -158100,7 +158201,7 @@ rule VOLEXITY_Apt_Malware_Win_Gimmick_Dotnet_Base : STORMBAMBOO FILE MEMORY
  * YARA Rule Set
  * Repository Name: JPCERTCC
  * Repository: https://github.com/JPCERTCC/MalConfScan/
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 19ec0d145535a6a4cfd37c0960114f455a8c343e
  * Number of Rules: 30
  * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
@@ -158944,7 +159045,7 @@ rule JPCERTCC_Elf_Wellmess : FILE
  * YARA Rule Set
  * Repository Name: SecuInfra
  * Repository: https://github.com/SIFalcon/Detection
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 2d7c66d7d16c7541bf2a9a83a7a6d334364a26fd
  * Number of Rules: 45
  * Skipped: 0 (age), 11 (quality), 0 (score), 0 (importance)
@@ -159606,7 +159707,7 @@ rule SECUINFRA_MALWARE_Emotet_Onenote_Delivery_Wsf_Mar23
 		license_url = "N/A"
 		logic_hash = "ca48f5e694b18e3f0b89b0128817848a7d36f60d8a3ada522739849bf3f7126b"
 		score = 75
-		quality = 45
+		quality = 70
 		tags = ""
 		tlp = "CLEAR"
 		hash0 = "dd9fcdcaf5c26fc27863c86aa65948924f23ab9faa261562cbc9d65ac80d33d4"
@@ -159862,7 +159963,7 @@ rule SECUINFRA_HUNT_RTF_CVE_2023_21716_Mar23 : CVE_2023_21716
 		license_url = "N/A"
 		logic_hash = "456008db725b8348f9f3851bb9aae9990e7613e1b9056846b121605c3e080297"
 		score = 50
-		quality = 45
+		quality = 70
 		tags = "CVE-2023-21716"
 		tlp = "CLEAR"
 
@@ -160237,9 +160338,9 @@ rule SECUINFRA_SUSP_Powershell_Download_Temp_Rundll_1 : POWERSHELL DOWNLOAD
  * YARA Rule Set
  * Repository Name: RussianPanda
  * Repository: https://github.com/RussianPanda95/Yara-Rules
- * Retrieval Date: 2025-09-07
- * Git Commit: 1ce9c0dec191b43d51ceb34234a12e63970b252c
- * Number of Rules: 86
+ * Retrieval Date: 2025-09-21
+ * Git Commit: 51411489a2f384df8a4983387b83c78bcca9afc6
+ * Number of Rules: 87
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
  *
  *
@@ -160256,7 +160357,7 @@ rule RUSSIANPANDA_Mal_Asuka_Stealer : FILE
 		date = "2024-02-02"
 		modified = "2024-03-18"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/AsukaStealer/mal_asuka_stealer.yar#L1-L12"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/AsukaStealer/mal_asuka_stealer.yar#L1-L12"
 		license_url = "N/A"
 		logic_hash = "7974e0de821ddcafd4f00b27d587108f0d80f8a231dd0db4d2be4fa6ab44fef4"
 		score = 75
@@ -160280,7 +160381,7 @@ rule RUSSIANPANDA_PSWSTEALER : FILE
 		date = "2023-04-02"
 		modified = "2023-05-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/PSWSTEALER/pswstealer.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/PSWSTEALER/pswstealer.yar#L1-L14"
 		license_url = "N/A"
 		logic_hash = "7d85b0ccaa07419f22b9f38a4bc66435cd689b21fa7e4584ef8bea485b6bd2c1"
 		score = 75
@@ -160305,7 +160406,7 @@ rule RUSSIANPANDA_Win_Mal_Mpxdropper : FILE
 		date = "2024-03-01"
 		modified = "2024-03-01"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/MpxDropper/mal_win_MpxDropper.yar#L1-L11"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/MpxDropper/mal_win_MpxDropper.yar#L1-L11"
 		license_url = "N/A"
 		hash = "3a44a45afbfe5fc7cdeb3723e05c4e892b079abdb7d1e8d6fc70496ef0a14d5d"
 		logic_hash = "e8d2672553c7f44e1cc177fad6596bd58b5c32a7541f91ce1207e6b21ef6e52d"
@@ -160328,7 +160429,7 @@ rule RUSSIANPANDA_Aurorastealer_March_2023
 		date = "2023-03-23"
 		modified = "2023-05-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/AuroraStealer/Aurora_March_2023.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/AuroraStealer/Aurora_March_2023.yar#L1-L15"
 		license_url = "N/A"
 		logic_hash = "d74d2843a03e826f334ce3c5eb10cc2b43cfd832174769e5d067fb877abe13a0"
 		score = 75
@@ -160351,7 +160452,7 @@ rule RUSSIANPANDA_Aurorastealer_1
 		date = "2023-02-07"
 		modified = "2023-05-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/AuroraStealer/AuroraStealer.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/AuroraStealer/AuroraStealer.yar#L1-L16"
 		license_url = "N/A"
 		logic_hash = "7a9900266a0dfa7bf0ea91a0260a1d30bd7799a491fba87db083f4fea4115f2a"
 		score = 50
@@ -160376,7 +160477,7 @@ rule RUSSIANPANDA_Bandit_Stealer : FILE
 		date = "2023-05-05"
 		modified = "2023-05-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/BanditStealer/bandit_stealer.yar#L3-L21"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/BanditStealer/bandit_stealer.yar#L3-L21"
 		license_url = "N/A"
 		logic_hash = "304bf05a58d5b762ffe078457739188692f4f7109db929418832c4379b21ae72"
 		score = 50
@@ -160399,7 +160500,7 @@ rule RUSSIANPANDA_Gh0Strat : FILE
 		date = "2024-07-09"
 		modified = "2024-07-09"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Gh0stRAT/Gh0stRAT.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Gh0stRAT/Gh0stRAT.yar#L1-L14"
 		license_url = "N/A"
 		hash = "678b06ecdbc9b186788cf960332566f9"
 		logic_hash = "bc4bdad83a0e23273774c3d4812cabe9fa44897c8ff2e308004e03b4f1622cd5"
@@ -160425,7 +160526,7 @@ rule RUSSIANPANDA_Win_Mal_Pregrabber : FILE
 		date = "2025-02-13"
 		modified = "2025-02-14"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/UNC4108/win_mal_PreGrabber.yar#L1-L17"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/UNC4108/win_mal_PreGrabber.yar#L1-L17"
 		license_url = "N/A"
 		hash = "f39319312a567fa771921d11ece66f3ce8996ba45f90d6fc89031b621535eb7e"
 		logic_hash = "4fcf9c71d7e6b8b571f8452a19ccf0be6153def54ce6148915535a54711b0ff0"
@@ -160454,7 +160555,7 @@ rule RUSSIANPANDA_Win_Mal_Formgrabber : FILE
 		date = "2025-02-13"
 		modified = "2025-02-14"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/UNC4108/win_mal_Formgrabber.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/UNC4108/win_mal_Formgrabber.yar#L1-L14"
 		license_url = "N/A"
 		hash = "33ea72b46af7bb2ecc0775f7536d3259f34bd7a13e298cac66649ee694097c2e"
 		logic_hash = "649e2a5b018b79d3d8534baf8432924f7ee197f26aebbfd384dd613c31d1b035"
@@ -160480,7 +160581,7 @@ rule RUSSIANPANDA_Win_Mal_Mmgrabber : FILE
 		date = "2025-02-13"
 		modified = "2025-02-14"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/UNC4108/win_mal_mmgrabber.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/UNC4108/win_mal_mmgrabber.yar#L1-L14"
 		license_url = "N/A"
 		hash = "40ebd719aa66a88e261633887ed4e2c144bd11fbcc6f7793f9b32652cc5bf2d3"
 		logic_hash = "149c81b3c1a33933da0c181b8e8a90f40ba5fd8961d6340470790eb375c9695b"
@@ -160506,7 +160607,7 @@ rule RUSSIANPANDA_Win_Mal_Ghostweaver : FILE
 		date = "2025-02-15"
 		modified = "2025-02-15"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/UNC4108/win_mal_GhostWeaver.yar#L1-L13"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/UNC4108/win_mal_GhostWeaver.yar#L1-L13"
 		license_url = "N/A"
 		hash = "5051f0aa11da67e16797daa51992467ad45c5bf18dcd2e252e8aa63d3fce31bc"
 		logic_hash = "6901fa0e7d5a911a0029536ac38d9a2a248fa72126114b10ea941cc8b4329d12"
@@ -160531,7 +160632,7 @@ rule RUSSIANPANDA_Win_Mal_Juniperstealer : FILE
 		date = "2025-02-13"
 		modified = "2025-02-14"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/UNC4108/win_mal_JuniperStealer.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/UNC4108/win_mal_JuniperStealer.yar#L1-L14"
 		license_url = "N/A"
 		hash = "44dc2777ee8dd6d5cd8ebb10e71caf73b330940131417b5fca2b174a264e19e3"
 		logic_hash = "e3d05058bbb0e8e408f2b6cf24cb2462b6a3f237c3c464b891cda705b4968c02"
@@ -160557,7 +160658,7 @@ rule RUSSIANPANDA_Win_Mal_Chromium_App_Bound_Encryption_Decrypter : FILE
 		date = "2025-02-13"
 		modified = "2025-02-14"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/UNC4108/win_mal_Chromium_app_bound_encryption_Decrypter.yar#L1-L26"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/UNC4108/win_mal_Chromium_app_bound_encryption_Decrypter.yar#L1-L26"
 		license_url = "N/A"
 		hash = "0f4dcfd8c9ada67a9b41033fc715d370399fd74ca94dbb8a1ea45b3785c88d02"
 		logic_hash = "e871c9a6762c38baeed287e9350530c2c3cd02333b1830210ef74c258bd223b9"
@@ -160595,7 +160696,7 @@ rule RUSSIANPANDA_Danabot
 		date = "2023-12-01"
 		modified = "2023-12-01"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/DanaBot/danabot_yara.yar#L1-L17"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/DanaBot/danabot_yara.yar#L1-L17"
 		license_url = "N/A"
 		logic_hash = "4968531f27fa1a8bc3fca536a04b75277adefc42addb9f1999c564510cbcb684"
 		score = 75
@@ -160622,7 +160723,7 @@ rule RUSSIANPANDA_Darkvnc : FILE
 		date = "2024-01-15"
 		modified = "2024-01-15"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/DarkVNC/darkvnc.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/DarkVNC/darkvnc.yar#L1-L15"
 		license_url = "N/A"
 		hash = "3c74dccd06605bcf527ffc27b3122959"
 		logic_hash = "1dd1246e0b22181706433f0cff9b231017e747d8faaa2db4cb9adefeab492ab7"
@@ -160648,7 +160749,7 @@ rule RUSSIANPANDA_Win_Mal_Zloader : FILE
 		date = "2024-03-10"
 		modified = "2024-03-10"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Zloader/win_mal_Zloader.yar#L1-L13"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Zloader/win_mal_Zloader.yar#L1-L13"
 		license_url = "N/A"
 		logic_hash = "9ac9e8ca4a6f84e1bccac2292705ee6ebbc1595eb3f40ed777f7973e9bda7fc1"
 		score = 75
@@ -160673,7 +160774,7 @@ rule RUSSIANPANDA_Ghostgambit : FILE
 		date = "2024-07-09"
 		modified = "2024-07-09"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/GhostGambit/GhostGambit.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/GhostGambit/GhostGambit.yar#L1-L14"
 		license_url = "N/A"
 		hash = "2b16c68d9bafbd2ecf3634d991d7c794"
 		logic_hash = "419efbea3c347d0ec9365c0c21cccb6f229f8c42d22a2bcfdf14854e7f83aea1"
@@ -160699,7 +160800,7 @@ rule RUSSIANPANDA_Legionloader_Dropper : FILE
 		date = "2024-09-23"
 		modified = "2024-09-23"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.satacom"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/LegionLoader/LegionLoader_dropper.yar#L1-L17"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/LegionLoader/LegionLoader_dropper.yar#L1-L17"
 		license_url = "N/A"
 		hash = "ef5b961ebc6167e728f9bf40e726ac71"
 		logic_hash = "0871a6a0ab2c405793e8a49e662ba41acdcc6c8afac315f290de2cc05abd39fa"
@@ -160724,7 +160825,7 @@ rule RUSSIANPANDA_Legionloader : FILE
 		date = "2024-10-05"
 		modified = "2024-12-30"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.satacom"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/LegionLoader/legionloader.yar#L1-L17"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/LegionLoader/legionloader.yar#L1-L17"
 		license_url = "N/A"
 		hash = "3b630367b2942bd765f8a35bca47ea6b"
 		logic_hash = "c833b22a6e87f6289e723a51ac9eb02848a4868c73ca9f568f6450e53c41a657"
@@ -160749,7 +160850,7 @@ rule RUSSIANPANDA_Win_Mal_Gobitloader : FILE
 		date = "2024-03-24"
 		modified = "2024-03-24"
 		reference = "https://www.malwarebytes.com/blog/threat-intelligence/2024/03/new-go-loader-pushes-rhadamanthys"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/GoBitLoader/win_mal_GoBitLoader.yar#L1-L13"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/GoBitLoader/win_mal_GoBitLoader.yar#L1-L13"
 		license_url = "N/A"
 		logic_hash = "66951b290bef6a6c9eef4ea674472465dfe0ec5072dce21f48b58191f7ce90e3"
 		score = 75
@@ -160773,7 +160874,7 @@ rule RUSSIANPANDA_Mal_Nitrogen : FILE
 		date = "2024-02-04"
 		modified = "2024-02-04"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Nitrogen/mal_nitrogen.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Nitrogen/mal_nitrogen.yar#L1-L15"
 		license_url = "N/A"
 		logic_hash = "642d5a16c7fb217a297bba683221de474eb028ac48ec8f52be897eaa056acb9b"
 		score = 75
@@ -160800,7 +160901,7 @@ rule RUSSIANPANDA_Meduzastealer : FILE
 		date = "2024-01-01"
 		modified = "2024-01-01"
 		reference = "https://russianpanda.com/2023/06/28/Meduza-Stealer-or-The-Return-of-The-Infamous-Aurora-Stealer/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/MeduzaStealer/MeduzaStealer_1-1-2024.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/MeduzaStealer/MeduzaStealer_1-1-2024.yar#L1-L16"
 		license_url = "N/A"
 		logic_hash = "0547e51abd04302c45f1319bc21046ade019bc98eb85d9cba67cb2109ff642eb"
 		score = 75
@@ -160825,7 +160926,7 @@ rule RUSSIANPANDA_Mal_Msedge_Dll_Virusloader : FILE
 		date = "2024-01-19"
 		modified = "2024-01-19"
 		reference = "https://blog.phylum.io/npm-package-found-delivering-sophisticated-rat/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/virusloader/mal_msedge_dll_virusloader.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/virusloader/mal_msedge_dll_virusloader.yar#L1-L16"
 		license_url = "N/A"
 		hash = "ab2e3b07170ef1516af3af0d03388868"
 		logic_hash = "659fd5fa3121fec5bf4cceb6f3dea95bf4cbcde7441d6f11c35288d8ad75a803"
@@ -160851,7 +160952,7 @@ rule RUSSIANPANDA_Metastealer
 		date = "2023-11-16"
 		modified = "2023-12-30"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/MetaStealer/metastealer.yar#L2-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/MetaStealer/metastealer.yar#L2-L19"
 		license_url = "N/A"
 		logic_hash = "f78b376713daf82aa2e0cbd6bf45f33d25530449fa05673c8a7c6b4c0dddca79"
 		score = 75
@@ -160877,7 +160978,7 @@ rule RUSSIANPANDA_Metastealer_NET_Reactor_Packer : FILE
 		date = "2023-12-29"
 		modified = "2023-12-30"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/MetaStealer/metastealer_12-2023_packer.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/MetaStealer/metastealer_12-2023_packer.yar#L1-L16"
 		license_url = "N/A"
 		logic_hash = "1951d8b05f11b8a77a5bf792ad2b0ad95b8dede936ab5cd0699383468c3c97a8"
 		score = 75
@@ -160903,7 +161004,7 @@ rule RUSSIANPANDA_Metastealer_Core_Payload
 		date = "2023-12-29"
 		modified = "2023-12-29"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/MetaStealer/metastealer_core_payload_12-2023.yar#L2-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/MetaStealer/metastealer_core_payload_12-2023.yar#L2-L19"
 		license_url = "N/A"
 		logic_hash = "99a319023f2c1b714a70458bd33649d6cc343b500a409af12c2eb1ce38ba4241"
 		score = 75
@@ -160929,7 +161030,7 @@ rule RUSSIANPANDA_Win_Mal_Koi_Loader_Decrypted : FILE
 		date = "2024-04-04"
 		modified = "2024-04-04"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Koi/win_mal_Koi_loader_decrypted.yar#L1-L12"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Koi/win_mal_Koi_loader_decrypted.yar#L1-L12"
 		license_url = "N/A"
 		hash = "1901593e0299930d46b963866f33a93b"
 		logic_hash = "f73ada7185ff109afe1e186a0fb7b4420b3d0e04c93c7c5423243db97eb34e49"
@@ -160953,7 +161054,7 @@ rule RUSSIANPANDA_Win_Mal_Koi_Loader : FILE
 		date = "2024-04-04"
 		modified = "2024-04-04"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Koi/win_mal_Koi_loader.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Koi/win_mal_Koi_loader.yar#L1-L14"
 		license_url = "N/A"
 		hash = "47e208687c2fb40bdbaa17e368aaa1bd"
 		logic_hash = "4f909865c6d274804c3fa7f66822d7bea71bb93e7c6a422ebaf220df056ac095"
@@ -160979,7 +161080,7 @@ rule RUSSIANPANDA_Win_Mal_Koistealer_PS
 		date = "2024-04-04"
 		modified = "2024-04-04"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Koi/win_mal_KoiStealer_PS.yar#L1-L12"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Koi/win_mal_KoiStealer_PS.yar#L1-L12"
 		license_url = "N/A"
 		hash = "4f55be0b55ec67dfda42b88e9c743a2a"
 		logic_hash = "8a60a1d770eb4b5048762ddfd4657fdf7a430b09eb454ae5a5bb3103460907db"
@@ -161004,7 +161105,7 @@ rule RUSSIANPANDA_Purelogs_Stealer_Core : FILE
 		date = "2023-12-26"
 		modified = "2024-01-10"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Pure Logs Stealer/purelogs_stealer_core.yar#L3-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Pure Logs Stealer/purelogs_stealer_core.yar#L3-L18"
 		license_url = "N/A"
 		logic_hash = "7388299ebcc70aeb86c46c29a787f790993a67148d9f3968def1109e45f69452"
 		score = 75
@@ -161028,7 +161129,7 @@ rule RUSSIANPANDA_Purelogs_Stealer_Initial_Dropper : FILE
 		date = "2024-01-10"
 		modified = "2024-01-10"
 		reference = "https://russianpanda.com/2023/12/26/Pure-Logs-Stealer-Malware-Analysis/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Pure Logs Stealer/purelogs_stealer_initial_payload.yar#L1-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Pure Logs Stealer/purelogs_stealer_initial_payload.yar#L1-L19"
 		license_url = "N/A"
 		logic_hash = "0fe94c705b94f82163f952d0a29aac4689947a1d439bdc1847ee510c25cf2e40"
 		score = 75
@@ -161054,7 +161155,7 @@ rule RUSSIANPANDA_Mal_Xred_Backdoor : FILE
 		date = "2024-02-09"
 		modified = "2024-02-09"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/XRed_Backdoor/mal_xred_backdoor.yar#L1-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/XRed_Backdoor/mal_xred_backdoor.yar#L1-L18"
 		license_url = "N/A"
 		hash = "9e1fbae3a659899dde8db18a32daa46a"
 		logic_hash = "36d138a0efade1d5c075662dc528235fe66b49879730db78c4c7290fec7420b5"
@@ -161082,7 +161183,7 @@ rule RUSSIANPANDA_Solardropper
 		date = "2024-01-03"
 		modified = "2024-01-03"
 		reference = "https://www.esentire.com/blog/solarmarker-to-jupyter-and-back"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/SolarMarker/solardropper.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SolarMarker/solardropper.yar#L1-L15"
 		license_url = "N/A"
 		logic_hash = "5dccb7be94e814335c0c867f8b3dd8855043375fe9f1235d5519c690fc7df842"
 		score = 75
@@ -161106,7 +161207,7 @@ rule RUSSIANPANDA_Solarmarker_First_Stage_Payload : FILE
 		date = "2024-01-30"
 		modified = "2024-01-30"
 		reference = "https://x.com/luke92881/status/1751968350689771966?s=20"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/SolarMarker/solarmarker_first_stage_payload.yar#L1-L21"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SolarMarker/solarmarker_first_stage_payload.yar#L1-L21"
 		license_url = "N/A"
 		hash = "f53563541293a826738d3b8f1164ea43"
 		logic_hash = "e704614782b0f3cba60c53413e889113d2d44f37e60801205e5ed5ff921b13ee"
@@ -161136,7 +161237,7 @@ rule RUSSIANPANDA_Solarphantom : FILE
 		date = "2023-12-11"
 		modified = "2023-12-11"
 		reference = "https://www.esentire.com/blog/solarmarker-to-jupyter-and-back"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/SolarMarker/solarphantom.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SolarMarker/solarphantom.yar#L1-L16"
 		license_url = "N/A"
 		logic_hash = "3b49d301e625d5abf1b726481a80d6a97d33acd3301c12964f2f37d37130c1b7"
 		score = 75
@@ -161161,7 +161262,7 @@ rule RUSSIANPANDA_Solarmarker_Loader : FILE
 		date = "2024-01-04"
 		modified = "2024-01-04"
 		reference = "https://www.esentire.com/blog/solarmarker-to-jupyter-and-back"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/SolarMarker/solarmarker_backdoor.yar#L3-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SolarMarker/solarmarker_backdoor.yar#L3-L19"
 		license_url = "N/A"
 		hash = "8eeefe0df0b057fc866b8d35625156de"
 		logic_hash = "035eccb41f2ecdeb196003542c165cedad96e3e8e741511b4beda3dfe1ece74e"
@@ -161184,7 +161285,7 @@ rule RUSSIANPANDA_Solarmarker_Loader_PS2EXE : FILE
 		date = "2024-01-04"
 		modified = "2024-01-04"
 		reference = "https://www.esentire.com/blog/solarmarker-to-jupyter-and-back"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/SolarMarker/solarmarker_loader.yar#L1-L17"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SolarMarker/solarmarker_loader.yar#L1-L17"
 		license_url = "N/A"
 		hash = "b45c31679c2516b38c7ff8c395f1d11d"
 		logic_hash = "4f579f350c3320e7b811cae0efe7302e852f59adc02d805f64ba464f8a995f25"
@@ -161210,7 +161311,7 @@ rule RUSSIANPANDA_Swaetrat
 		date = "2023-11-27"
 		modified = "2023-11-27"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/SwaetRAT/swaetrat.yar#L3-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SwaetRAT/swaetrat.yar#L3-L19"
 		license_url = "N/A"
 		logic_hash = "4dc1107a34d678c3fa0939fab7986fe744ac246400823d08b1ab6db0942821da"
 		score = 75
@@ -161235,7 +161336,7 @@ rule RUSSIANPANDA_Raccoonstealer : FILE
 		date = "2024-01-08"
 		modified = "2024-01-08"
 		reference = "https://www.esentire.com/blog/esentire-threat-intelligence-malware-analysis-raccoon-stealer-v2-0"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/RaccoonStealer_v2/raccoonstealer_v2.3.1.1.yar#L1-L20"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/RaccoonStealer_v2/raccoonstealer_v2.3.1.1.yar#L1-L20"
 		license_url = "N/A"
 		hash = "c6d0d98dd43822fe12a1d785df4e391db3c92846b0473b54762fbb929de6f5cb"
 		logic_hash = "ee2b39c1c2068b97e63a03330a2f9e2f12e53aaf9cfffb274acde2372a11fe45"
@@ -161263,7 +161364,7 @@ rule RUSSIANPANDA_Raccoonstealerv2 : FILE
 		date = "2023-04-17"
 		modified = "2023-05-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/RaccoonStealer_v2/raccoonstealerv2_2.1.0-4_build.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/RaccoonStealer_v2/raccoonstealerv2_2.1.0-4_build.yar#L1-L14"
 		license_url = "N/A"
 		logic_hash = "e2226f08753a3571045953363c04ec52de3c79cd0cd29e7ecb6afaf2ad573e4e"
 		score = 50
@@ -161289,7 +161390,7 @@ rule RUSSIANPANDA_Mal_Botnetfenix_Payload : FILE
 		date = "2024-02-02"
 		modified = "2024-02-04"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/FenixBotnet/mal_BotnetFenix_Payload.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/FenixBotnet/mal_BotnetFenix_Payload.yar#L1-L16"
 		license_url = "N/A"
 		hash = "65a9575c50a96d04a3f649fe0f6b8ccd"
 		logic_hash = "27f423b509ad8de0f8389c7b3e3bfec2eeb10c964aa8c70bad47cc4334df1a5e"
@@ -161317,7 +161418,7 @@ rule RUSSIANPANDA_Mal_Fenixbotnet_Jse
 		date = "2024-01-18"
 		modified = "2024-02-02"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/FenixBotnet/mal_FenixBotnet_jse.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/FenixBotnet/mal_FenixBotnet_jse.yar#L1-L14"
 		license_url = "N/A"
 		hash = "a7fadf0050d4d0b2cefd808e16dfde69"
 		logic_hash = "848c00361fba60e63e8ec4098404e87d4ba2b11d8489ad16d49c20fc653a5e45"
@@ -161343,7 +161444,7 @@ rule RUSSIANPANDA_Sentinel_Stealer
 		date = "2024-01-19"
 		modified = "2024-01-19"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/SentinelStealer/sentinel_stealer.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SentinelStealer/sentinel_stealer.yar#L1-L14"
 		license_url = "N/A"
 		hash = "3a540a8a81c5a5b452f154d7875423a3"
 		logic_hash = "b9d72848842ea4d26544633bb83fccd17239b28493bde3f73341eb2004d8ee0c"
@@ -161368,7 +161469,7 @@ rule RUSSIANPANDA_Win_Mal_Glorysprout_Stealer : FILE
 		date = "2024-03-16"
 		modified = "2024-03-16"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/GlorySprout/win_mal_GlorySprout_Stealer.yar#L1-L13"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/GlorySprout/win_mal_GlorySprout_Stealer.yar#L1-L13"
 		license_url = "N/A"
 		hash = "8996c252fc41b7ec0ec73ce814e84136be6efef898822146c25af2330f4fd04a"
 		logic_hash = "c843f7924e69c1b9fc3676178aa630319fe25605deddcd73c4905c51cc97d7eb"
@@ -161393,7 +161494,7 @@ rule RUSSIANPANDA_Win_Mal_Stealc_V2 : FILE
 		date = "2025-04-10"
 		modified = "2025-04-10"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/StealC/win_mal_StealC_v2.yar#L1-L12"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/StealC/win_mal_StealC_v2.yar#L1-L12"
 		license_url = "N/A"
 		hash = "bc7e489815352f360b6f0c0064e1d305db9150976c4861b19b614be0a5115f97"
 		logic_hash = "1715ef4e1914a50d8f4a0644ddfd7f9bb2b6f0ec0dfc77615dce4dd5fc943166"
@@ -161417,7 +161518,7 @@ rule RUSSIANPANDA_Susp_Obf_Py_Marshal_Module : FILE
 		date = "2024-01-16"
 		modified = "2024-01-16"
 		reference = "https://www.trendmicro.com/fr_fr/research/23/j/infection-techniques-across-supply-chains-and-codebases.html"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Techniques/susp_obf_py_marshal_module.yar#L1-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Techniques/susp_obf_py_marshal_module.yar#L1-L18"
 		license_url = "N/A"
 		hash = "d740129ff6bdb65a324eadf4ac8de3893a54306cf2a11712a305ef6247204092"
 		logic_hash = "f150fae6d7a4642f714f4620dab65f452e5eb9cb57e9cbea46010aac3ecbb3cb"
@@ -161444,7 +161545,7 @@ rule RUSSIANPANDA_Check_Installed_Software : FILE
 		date = "2024-01-14"
 		modified = "2024-01-15"
 		reference = "https://unprotect.it/technique/checking-installed-software/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Techniques/check_installed_software.yar#L1-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Techniques/check_installed_software.yar#L1-L19"
 		license_url = "N/A"
 		hash = "db44d4cd1ea8142790a6b26880b41ee23de5db5c2a63afb9ee54585882f1aa07"
 		logic_hash = "ab079f1edaffca5bce1e872d6e4fc44f7c22b9260feaed7cd38e578646d420ef"
@@ -161470,7 +161571,7 @@ rule RUSSIANPANDA_Golang_Base64_Enc : FILE
 		date = "2024-01-10"
 		modified = "2024-01-14"
 		reference = "https://unprotect.it/technique/base64/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Techniques/golang_base64_enc.yar#L1-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Techniques/golang_base64_enc.yar#L1-L18"
 		license_url = "N/A"
 		hash = "509a359b4d0cd993497671b91255c3775628b078cde31a32158c1bc3b2ce461c"
 		logic_hash = "72cf3ee948df9c4ce593f16a49397e79fdc5ecc3264b3685bbc54f60ed1278bd"
@@ -161496,7 +161597,7 @@ rule RUSSIANPANDA_Win_Sus_Internetshortcutfile
 		date = "2024-02-17"
 		modified = "2024-02-17"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Techniques/win_sus_InternetShortcutFile.yar#L1-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Techniques/win_sus_InternetShortcutFile.yar#L1-L19"
 		license_url = "N/A"
 		logic_hash = "9ec321ba521949fcc1db09b843913424182bfbb14eac61e92b7132d88b275ceb"
 		score = 65
@@ -161526,7 +161627,7 @@ rule RUSSIANPANDA_Easycrypter : FILE
 		date = "2024-01-05"
 		modified = "2024-01-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/EasyCrypter/easycrypter.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/EasyCrypter/easycrypter.yar#L1-L16"
 		license_url = "N/A"
 		hash = "60063c99fda3b6c5c839ec1c310b03e8f9c7c8823f2eb7bf75e22c6d738ffa8f"
 		logic_hash = "761ed4629150453009b76d9c2ad251754009b464550b92dab3395fa30422f6ef"
@@ -161550,7 +161651,7 @@ rule RUSSIANPANDA_Mal_Cleanuploader : FILE
 		date = "2024-02-14"
 		modified = "2024-02-14"
 		reference = "https://x.com/AnFam17/status/1757871703282077857?s=20"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/CleanUpLoader/mal_cleanuploader.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/CleanUpLoader/mal_cleanuploader.yar#L1-L14"
 		license_url = "N/A"
 		hash = "2b62dd154b431d8309002d5b4a35de07"
 		logic_hash = "a9267c568c11420e36f0781469aa7d932c87d52707981912558eb0f4f84f673a"
@@ -161576,7 +161677,7 @@ rule RUSSIANPANDA_Workersdevbackdoor : FILE
 		date = "2023-12-15"
 		modified = "2024-01-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/WorkersDevBackdoor/WorkDevBackdoor.yar#L3-L20"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/WorkersDevBackdoor/WorkDevBackdoor.yar#L3-L20"
 		license_url = "N/A"
 		logic_hash = "f92ad9dc657d87a47e539ea2ee896f9b86bb95e51a890a838c6e6b0efa5deb7d"
 		score = 75
@@ -161601,7 +161702,7 @@ rule RUSSIANPANDA_Workersdevbackdoor_PS : FILE
 		date = "2023-12-15"
 		modified = "2023-12-15"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/WorkersDevBackdoor/WorkersDevBackdoor_PS.yar#L1-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/WorkersDevBackdoor/WorkersDevBackdoor_PS.yar#L1-L18"
 		license_url = "N/A"
 		logic_hash = "c71eed8fd7a44f3018150cc6ef55d10779093ed8e4c77fd9babcf9b1b9fadfda"
 		score = 75
@@ -161628,7 +161729,7 @@ rule RUSSIANPANDA_Johnwalkertexasloader_V2 : FILE
 		date = "2024-10-15"
 		modified = "2024-10-15"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/JWTL/JohnWalkerTexasLoader_v2.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/JWTL/JohnWalkerTexasLoader_v2.yar#L1-L16"
 		license_url = "N/A"
 		hash = "9f6bf0473f5541d84faad4c33a0bc5b1928fceb5938f2d6a7e6e02b7f0980341"
 		logic_hash = "70cbf6cf0602dc8087f4845451d13d0043872733615050161c077e3346387873"
@@ -161653,7 +161754,7 @@ rule RUSSIANPANDA_Johnwalkertexasloader : FILE
 		date = "2024-10-10"
 		modified = "2024-10-10"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/JWTL/JohnWalkerTexasLoader.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/JWTL/JohnWalkerTexasLoader.yar#L1-L16"
 		license_url = "N/A"
 		hash = "3784fc39dc5c0dec08ad0a49bbbb990359e313a9fa87e6842fd67ed7cc1c0baa"
 		logic_hash = "414be3219d12823639d140d132a9bbc2ca7bf8c44d0c560e4a49b76323be3f8a"
@@ -161679,7 +161780,7 @@ rule RUSSIANPANDA_Andeloader
 		date = "2023-12-11"
 		modified = "2023-12-11"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/AndeLoader/ande_loader.yar#L3-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/AndeLoader/ande_loader.yar#L3-L18"
 		license_url = "N/A"
 		logic_hash = "cd55153077e5cfbd84cbe5b062dbd842def245417acfea4ed6c2b1db702dcc81"
 		score = 75
@@ -161703,7 +161804,7 @@ rule RUSSIANPANDA_Jinxloader : FILE
 		date = "2024-01-02"
 		modified = "2024-01-02"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/JinxLoader/JinxLoader-1-2-2024.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/JinxLoader/JinxLoader-1-2-2024.yar#L1-L16"
 		license_url = "N/A"
 		hash = "6bd7ff5d764214f239af2bb58b368308c2d04f1147678c2f638f37a893995f71"
 		logic_hash = "13dee435fb4d40c629c0a30b6f655b87f14b10a6f6acf61d00e6c692c9bb0ff1"
@@ -161729,7 +161830,7 @@ rule RUSSIANPANDA_Win_Mal_Xworm : FILE
 		date = "2024-03-11"
 		modified = "2024-03-11"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/XWorm/win_mal_XWorm.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/XWorm/win_mal_XWorm.yar#L1-L15"
 		license_url = "N/A"
 		hash = "fc422800144383ef6e2e0eee37e7d6ba"
 		logic_hash = "c42544285517dc61628e8df2ee5ab6733924fbb2cc08b9b2df273eec0a401d90"
@@ -161756,7 +161857,7 @@ rule RUSSIANPANDA_Vidar_DLL_Embedded
 		date = "2023-05-02"
 		modified = "2023-05-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/VidarStealer/vidar_ver3.6_3.7_dll_embedded.yar#L1-L21"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/VidarStealer/vidar_ver3.6_3.7_dll_embedded.yar#L1-L21"
 		license_url = "N/A"
 		logic_hash = "98d23523c2ab196f670dc33164954fc69a1c1692fa870a476e25d7dd3cebace2"
 		score = 75
@@ -161785,7 +161886,7 @@ rule RUSSIANPANDA_Neptune_Loader : FILE
 		date = "2024-01-17"
 		modified = "2024-01-21"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/NeptuneLoader/neptune_loader.yar#L1-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/NeptuneLoader/neptune_loader.yar#L1-L18"
 		license_url = "N/A"
 		logic_hash = "ca54b8a624d48aa28bc727420f25e6f0fd67b193ac79443a357d88a9fe7cbdbb"
 		score = 75
@@ -161813,7 +161914,7 @@ rule RUSSIANPANDA_Truecrypt_Crypter : FILE
 		date = "2024-01-06"
 		modified = "2024-01-06"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/TrueCrypt/truecrypt_crypter.yar#L1-L27"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/TrueCrypt/truecrypt_crypter.yar#L1-L27"
 		license_url = "N/A"
 		hash = "167637397fb45ea19bafcf208d8f27dceec82caa7ab19d40ecdb08eb1b7d4f60"
 		logic_hash = "68612c68053e9fb81d9616c04b04ac2e2cb685f3b7ed71f8b31e8f22e3a539e7"
@@ -161844,7 +161945,7 @@ rule RUSSIANPANDA_Lummac2 : FILE
 		date = "2024-09-12"
 		modified = "2024-09-12"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/LummaC2/LummaC2.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/LummaC2/LummaC2.yar#L1-L14"
 		license_url = "N/A"
 		hash = "988f54f9694dd1ae701bacec3b83c752"
 		logic_hash = "875709f48ff93c8e986f3c1d2e32268bf3458d870082072e7727d8ec85b1a021"
@@ -161868,7 +161969,7 @@ rule RUSSIANPANDA_Win_Mal_Planetstealer : FILE
 		date = "2024-03-04"
 		modified = "2024-03-24"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/PlanetStealer/win_mal_PlanetStealer.yar#L1-L14"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/PlanetStealer/win_mal_PlanetStealer.yar#L1-L14"
 		license_url = "N/A"
 		logic_hash = "e1660d6fed4c48b45b40bd51fb52254c5b19ca6f1938b68f2344bde473820b86"
 		score = 75
@@ -161894,7 +161995,7 @@ rule RUSSIANPANDA_Pikabot_1 : FILE
 		date = "2024-01-02"
 		modified = "2024-01-02"
 		reference = "https://research.openanalysis.net/pikabot/debugging/string%20decryption/2023/11/12/new-pikabot.html"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/PikaBot/Pikabot_1-2-2024.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/PikaBot/Pikabot_1-2-2024.yar#L1-L16"
 		license_url = "N/A"
 		logic_hash = "f2dd26c23aba72c2b6b959fb411381b7d3a7466f94bf5259f57e96e44d3ee153"
 		score = 75
@@ -161918,7 +162019,7 @@ rule RUSSIANPANDA_Zharkbot : FILE
 		date = "2024-01-21"
 		modified = "2024-03-12"
 		reference = "https://x.com/ViriBack/status/1749184882822029564?s=20"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/ZharkBot/zharkbot.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/ZharkBot/zharkbot.yar#L1-L15"
 		license_url = "N/A"
 		hash = "d53ce8c0a8a89c2e3eb080849da8b1c47eaac614248fc55d03706dd5b4e10bdd"
 		logic_hash = "ffaec6b19dd4385cd1bc156fdfde39a356367c7fba4135c48a8de62a18a78576"
@@ -161942,7 +162043,7 @@ rule RUSSIANPANDA_Zharkbot_1 : FILE
 		date = "2024-09-02"
 		modified = "2024-09-03"
 		reference = "https://research.openanalysis.net/zharkbot/triage/x64dbg/2024/09/02/zharkbot-config.html"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/ZharkBot/Zharkbot.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/ZharkBot/Zharkbot.yar#L1-L15"
 		license_url = "N/A"
 		hash = "1aa0622a744ec4d28a561bac60ec5e907476587efbadfde546d2b145be4b8109"
 		logic_hash = "fded6a0c7af4fda13619778669ef619f88b43e12f12284a3c551c4fddac01024"
@@ -161957,6 +162058,31 @@ rule RUSSIANPANDA_Zharkbot_1 : FILE
 	condition:
 		uint16( 0 ) == 0x5A4D and all of them and filesize < 500KB
 }
+rule RUSSIANPANDA_Win_Ransom_Lockbit5 : FILE
+{
+	meta:
+		description = "Detects LockBit 5.0"
+		author = "RussianPanda"
+		id = "bfe66503-fdd1-5a9a-9509-5b97efaabd9b"
+		date = "2025-09-15"
+		modified = "2025-09-15"
+		reference = "https://github.com/RussianPanda95/Yara-Rules"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Ransomware/win_ransom_lockbit5.0.yar#L1-L15"
+		license_url = "N/A"
+		hash = "7ea5afbc166c4e23498aa9747be81ceaf8dad90b8daa07a6e4644dc7c2277b82"
+		logic_hash = "579944626f576ce9771b0a7de40a5766221acd5db1ef4257a45314a99714067d"
+		score = 75
+		quality = 85
+		tags = "FILE"
+
+	strings:
+		$s1 = {C6 41 0F 00 0F B6 ?? 33 ?? 89}
+		$s2 = {0F B6 ?? 0F C1 ?? 18 31}
+		$s3 = {83 ?? 02 83 ?? 0F D0 84 ?? ?? 00 00 00}
+
+	condition:
+		all of ( $s* ) and uint16( 0 ) == 0x5A4D and filesize < 1MB
+}
 rule RUSSIANPANDA_Atomic_Stealer : FILE
 {
 	meta:
@@ -161966,7 +162092,7 @@ rule RUSSIANPANDA_Atomic_Stealer : FILE
 		date = "2024-01-13"
 		modified = "2024-01-17"
 		reference = "https://www.bleepingcomputer.com/news/security/macos-info-stealers-quickly-evolve-to-evade-xprotect-detection/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/AtomicStealer/Atomic_Stealer.yar#L1-L27"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/AtomicStealer/Atomic_Stealer.yar#L1-L27"
 		license_url = "N/A"
 		hash = "dd8aa38c7f06cb1c12a4d2c0927b6107"
 		logic_hash = "7601e508aeccba943b54e675212993920c984271f655e68c19efaf6d12cfebd5"
@@ -161995,7 +162121,7 @@ rule RUSSIANPANDA_Smartapesg_JS_Netsupportrat_Stage2 : FILE
 		date = "2024-01-11"
 		modified = "2024-01-12"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/SmartApeSG/SmartApeSG_JS_NetSupportRAT_stage2.yar#L1-L23"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SmartApeSG/SmartApeSG_JS_NetSupportRAT_stage2.yar#L1-L23"
 		license_url = "N/A"
 		hash = "67d8f84b37732cf85e05b327ad6b6a9f"
 		logic_hash = "5a2afaa14d513e0a3c4e52acfb433e53a4541983a05d15318a217c14dc06453c"
@@ -162024,12 +162150,12 @@ rule RUSSIANPANDA_Smartapesg_JS_Dropper_Stage1 : FILE
 		date = "2024-01-11"
 		modified = "2024-01-11"
 		reference = "https://medium.com/walmartglobaltech/smartapesg-4605157a5b80"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/SmartApeSG/SmartApeSG_JS_dropper_stage1.yar#L1-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/SmartApeSG/SmartApeSG_JS_dropper_stage1.yar#L1-L18"
 		license_url = "N/A"
 		hash = "8769d9ebcf14b24a657532cd96f9520f54aa0e799399d840285311dfebe3fb15"
 		logic_hash = "de7e4ec30c780699b46de7baf2a916fdb7331da2ee7c2d637422ea664cd03b82"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -162053,7 +162179,7 @@ rule RUSSIANPANDA_Win_Mal_Rustydropper : FILE
 		date = "2024-03-01"
 		modified = "2024-03-01"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/RustyDropper/win_mal_RustyDropper.yar#L1-L12"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/RustyDropper/win_mal_RustyDropper.yar#L1-L12"
 		license_url = "N/A"
 		hash = "a3a5e7011335a2284e2d4f73fd464ff129f0c9276878a054c1932bc50608584b"
 		logic_hash = "d0c76bcd1af63cc1b1fbabc3fa33e6caafd7d9c7c3780a94a1ed37eadef655d7"
@@ -162078,7 +162204,7 @@ rule RUSSIANPANDA_Ducktail_Myrdpservice_Bot : FILE
 		date = "2023-12-24"
 		modified = "2023-12-26"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Ducktail/ducktail_myrdpservice-12-2023.yar#L3-L17"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Ducktail/ducktail_myrdpservice-12-2023.yar#L3-L17"
 		license_url = "N/A"
 		logic_hash = "a329067fbb2acc34c4970167bbce0706c5a3ec09ee89ce16817c105ae1c17b1b"
 		score = 75
@@ -162102,7 +162228,7 @@ rule RUSSIANPANDA_Ducktail : FILE
 		date = "2023-04-25"
 		modified = "2023-05-05"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Ducktail/ducktail.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Ducktail/ducktail.yar#L1-L16"
 		license_url = "N/A"
 		logic_hash = "cb248870f6945d7a6d60d54944dc726d40ba326448af39b87325ec56445602a5"
 		score = 75
@@ -162130,7 +162256,7 @@ rule RUSSIANPANDA_Ducktail_Mainbot : FILE
 		date = "2023-12-24"
 		modified = "2023-12-26"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Ducktail/ducktail_mainbot-12-2023.yar#L3-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Ducktail/ducktail_mainbot-12-2023.yar#L3-L19"
 		license_url = "N/A"
 		logic_hash = "33b85c6e1e1137aeeb07eba957b73d738a70ddc561b42bd2d39258e90280fca4"
 		score = 75
@@ -162155,7 +162281,7 @@ rule RUSSIANPANDA_Garystealer : FILE
 		date = "2024-01-03"
 		modified = "2024-01-03"
 		reference = "https://cybersecurity.att.com/blogs/labs-research/behind-the-scenes-jaskagos-coordinated-strike-on-macos-and-windows"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/GaryStealer/garystealer-1-3-2024.yar#L1-L20"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/GaryStealer/garystealer-1-3-2024.yar#L1-L20"
 		license_url = "N/A"
 		hash = "6efa29a0f9d112cfbb982f7d9c0ddfe395b0b0edb885c2d5409b33ad60ce1435"
 		logic_hash = "f71655d0cb237c08af9c298ec9eec1ae9bd1efd50e26d61afddf9056b6883a15"
@@ -162181,7 +162307,7 @@ rule RUSSIANPANDA_Obfuscation_Powershell_Special_Chars
 		date = "2024-01-12"
 		modified = "2024-02-02"
 		reference = "https://perl-users.jp/articles/advent-calendar/2010/sym/11"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/PowerShell Obfuscation/obfuscation_powershell_special_chars.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/PowerShell Obfuscation/obfuscation_powershell_special_chars.yar#L1-L15"
 		license_url = "N/A"
 		hash = "d77efad78ef3afc5426432597ba129141952719846bc5ccd058249bb23d8a905"
 		logic_hash = "4cc4ebffe7bf712b412a060536acc51d94381d24b46e5494195ae17482076cd6"
@@ -162207,7 +162333,7 @@ rule RUSSIANPANDA_Mal_Narniarat : FILE
 		date = "2024-02-02"
 		modified = "2024-02-02"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/NarniaRAT/mal_NarniaRAT.yar#L1-L16"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/NarniaRAT/mal_NarniaRAT.yar#L1-L16"
 		license_url = "N/A"
 		hash = "43f6c3f92a025d12de4c4f14afa5d098"
 		logic_hash = "3ee8bf6b3970c6f56ca98c87752050217e350da160a650e1724b19f340bf0230"
@@ -162235,7 +162361,7 @@ rule RUSSIANPANDA_AMOS_Stealer : FILE
 		date = "2025-03-31"
 		modified = "2025-04-11"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/AMOS/amos_stealer.yar#L1-L24"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/AMOS/amos_stealer.yar#L1-L24"
 		license_url = "N/A"
 		hash = "55663778a8c593b77a82ea1be072c73dd6a1d7a9567bbfbfad7d3dec9f672996"
 		logic_hash = "64bf0753e2696633ed255df9350a01cb1e75fd6e6c0d4fe48194927acf7e2363"
@@ -162259,7 +162385,7 @@ rule RUSSIANPANDA_AMOS_Stealer_1 : FILE
 		date = "2025-04-11"
 		modified = "2025-04-11"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/AMOS/amos_stealer_4_25.yar#L1-L24"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/AMOS/amos_stealer_4_25.yar#L1-L24"
 		license_url = "N/A"
 		hash = "55663778a8c593b77a82ea1be072c73dd6a1d7a9567bbfbfad7d3dec9f672996"
 		logic_hash = "dffaf67bdfb8db07f69fb00720a6638e7a89db2acc1d848d635031a0aec5bdd3"
@@ -162284,7 +162410,7 @@ rule RUSSIANPANDA_Purecrypter : FILE
 		date = "2024-01-09"
 		modified = "2024-01-09"
 		reference = "https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/PureCrypter/purecrypter.yar#L3-L22"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/PureCrypter/purecrypter.yar#L3-L22"
 		license_url = "N/A"
 		hash = "566d8749e166436792dfcbb5e5514f18c9afc0e1314833ac2e3d86f37ff2030f"
 		logic_hash = "dd8592fa0b7d240d23235008601500a20e068032f6dcd6e90a38b06ac747b8af"
@@ -162312,7 +162438,7 @@ rule RUSSIANPANDA_Purecrypter_Core : FILE
 		date = "2024-01-09"
 		modified = "2024-01-09"
 		reference = "https://www.zscaler.com/blogs/security-research/technical-analysis-purecrypter"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/PureCrypter/purecrypter_core.yar#L3-L28"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/PureCrypter/purecrypter_core.yar#L3-L28"
 		license_url = "N/A"
 		hash = "e4faa7d7a098414449abffb210fd874798207ee9d27643c8088676ff429b56b7"
 		logic_hash = "8c761a98369436ffbe1379152461753778985a42ae656567018b47c71af7d866"
@@ -162342,7 +162468,7 @@ rule RUSSIANPANDA_Darkgate_Autoit
 		date = "2024-01-26"
 		modified = "2024-01-26"
 		reference = "https://yara.readthedocs.io/en/stable/writingrules.html?highlight=xor"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/DarkGate/darkgate_autoit.yar#L1-L19"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/DarkGate/darkgate_autoit.yar#L1-L19"
 		license_url = "N/A"
 		hash = "e1803b01e3f187355dbeb87a0c91b76c"
 		logic_hash = "dda6726d09035d6f61ca331d18ed37f032c6f6a5ab88e1754a21587f4c79ac87"
@@ -162371,7 +162497,7 @@ rule RUSSIANPANDA_Prysmax_Stealer : FILE
 		date = "2024-01-09"
 		modified = "2024-01-10"
 		reference = "https://www.cyfirma.com/outofband/new-maas-prysmax-launches-fully-undetectable-infostealer/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/Prysmax Stealer/prysmax_stealer.yar#L1-L21"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/Prysmax Stealer/prysmax_stealer.yar#L1-L21"
 		license_url = "N/A"
 		logic_hash = "869eee7dd5209bdea98c248791b9ac911e3daabe6d440aa62aecefa43539a41c"
 		score = 75
@@ -162399,7 +162525,7 @@ rule RUSSIANPANDA_Illyrianstealer : FILE
 		date = "2024-01-08"
 		modified = "2024-01-08"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/IllyrianStealer/illyrian_stealer.yar#L2-L18"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/IllyrianStealer/illyrian_stealer.yar#L2-L18"
 		license_url = "N/A"
 		hash = "fae0aed6173804e8c22027cbb0c121eedd927f16ea7e2b23662dbe6e016980e8"
 		logic_hash = "2012d401d3e7ce2d4d6ea12ed01a30b7d3e18f4ed47dbf70d43bae6c328960ea"
@@ -162425,7 +162551,7 @@ rule RUSSIANPANDA_Fakebat_Powershell
 		date = "2023-12-01"
 		modified = "2023-12-01"
 		reference = "https://github.com/RussianPanda95/Yara-Rules"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/FakeBat/fakebat_powershell.yar#L1-L13"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/FakeBat/fakebat_powershell.yar#L1-L13"
 		license_url = "N/A"
 		logic_hash = "df6b30d97ac6c9b248fed0d901e8a0a6ad1d855483a5006b008b839d9961092a"
 		score = 75
@@ -162448,7 +162574,7 @@ rule RUSSIANPANDA_Whitesnakestealer : FILE
 		date = "2023-07-04"
 		modified = "2023-12-11"
 		reference = "https://russianpanda.com/2023/07/04/WhiteSnake-Stealer-Malware-Analysis/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/WhiteSnake-Stealer/WhiteSnake_rc4.yar#L1-L17"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/WhiteSnake-Stealer/WhiteSnake_rc4.yar#L1-L17"
 		license_url = "N/A"
 		logic_hash = "24985a2c3b0d72858decd17cb2b8e485caa94c01ad72a014edc68ed4facfd71e"
 		score = 75
@@ -162473,7 +162599,7 @@ rule RUSSIANPANDA_Whitesnakestealer_1 : FILE
 		date = "2023-07-04"
 		modified = "2023-12-11"
 		reference = "https://russianpanda.com/2023/07/04/WhiteSnake-Stealer-Malware-Analysis/"
-		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/1ce9c0dec191b43d51ceb34234a12e63970b252c/WhiteSnake-Stealer/WhiteSnake_xor.yar#L1-L15"
+		source_url = "https://github.com/RussianPanda95/Yara-Rules/blob/51411489a2f384df8a4983387b83c78bcca9afc6/WhiteSnake-Stealer/WhiteSnake_xor.yar#L1-L15"
 		license_url = "N/A"
 		logic_hash = "0bd0e250b8598be297296ecf6644d3bf649e3dc4598438325a0913afed04c819"
 		score = 75
@@ -162491,7 +162617,7 @@ rule RUSSIANPANDA_Whitesnakestealer_1 : FILE
  * YARA Rule Set
  * Repository Name: Check Point
  * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
  * Number of Rules: 4
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -162705,7 +162831,7 @@ rule CHECK_POINT_Injector_ZZ_Dotrunpex_Oldnew : FILE
  * YARA Rule Set
  * Repository Name: Dragon Threat Labs
  * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
  * Number of Rules: 7
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -162896,7 +163022,7 @@ rule DRAGON_THREAT_LABS_Apt_C16_Win64_Dropper : DROPPER FILE
  * YARA Rule Set
  * Repository Name: Microsoft
  * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
  * Number of Rules: 21
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -163449,7 +163575,7 @@ rule MICROSOFT_Trojan_Win32_Plakpeer : PLATINUM
 		hash = "2155c20483528377b5e3fde004bb604198463d29"
 		logic_hash = "cc34ce9f12c95133872783090efd5813d3e2f44a1c726d29b2ba834509c9a1d5"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "PLATINUM"
 		unpacked_sample_sha1 = "dc991ef598825daabd9e70bac92c79154363bab2"
 		activity_group = "Platinum"
@@ -163499,7 +163625,7 @@ rule MICROSOFT_Devilstongue_Hijackdll : FILE
  * YARA Rule Set
  * Repository Name: NCSC
  * Repository: https://github.com/mikesxrs/Open-Source-YARA-rules
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: ec0056f767db98bf6d5fd63877ad51fb54d350e9
  * Number of Rules: 17
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -163969,7 +164095,7 @@ rule NCSC_Sparrowdoor_Strings
  * YARA Rule Set
  * Repository Name: Dr4k0nia
  * Repository: https://github.com/dr4k0nia/yara-rules
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 4b10f9b79a4cfb3ec9cb5675f32cc7ee6885fbd8
  * Number of Rules: 5
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -164147,7 +164273,7 @@ rule DR4K0NIA_Msil_Suspicious_Use_Of_Strreverse : FILE
  * YARA Rule Set
  * Repository Name: EmbeeResearch
  * Repository: https://github.com/embee-research/Yara-detection-rules/
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: ac56d6f6fd2a30c8cb6e5c0455d6519210a8b0f4
  * Number of Rules: 39
  * Skipped: 0 (age), 8 (quality), 0 (score), 0 (importance)
@@ -165228,7 +165354,7 @@ rule EMBEERESEARCH_Win_Emotet_String_Patterns_Oct_2022 : FILE
  * YARA Rule Set
  * Repository Name: AvastTI
  * Repository: https://github.com/avast/ioc
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 5659f4f0f4e09970c5de29c536ceb500d5634951
  * Number of Rules: 33
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -166091,7 +166217,7 @@ rule AVASTTI_Cobaltstrike_Beacon_Xored_X64
  * YARA Rule Set
  * Repository Name: SBousseaden
  * Repository: https://github.com/sbousseaden/YaraHunts/
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 71b27a2a7c57c2aa1877a11d8933167794e2b4fb
  * Number of Rules: 37
  * Skipped: 0 (age), 4 (quality), 0 (score), 0 (importance)
@@ -167197,7 +167323,7 @@ rule SBOUSSEADEN_Hunt_Common_Credit_Card_Memscrapper : FILE
  * YARA Rule Set
  * Repository Name: Elceef
  * Repository: https://github.com/elceef/yara-rulz
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 791721372091836f5bf477d7f21114f45a310052
  * Number of Rules: 19
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -167241,7 +167367,7 @@ rule ELCEEF_Obfuscated_IP_Address_In_URL
 		license_url = "https://github.com/elceef/yara-rulz/blob/791721372091836f5bf477d7f21114f45a310052/LICENSE"
 		logic_hash = "ab2a2a3a56e6eed9f4a3a8f994c89a167f00b86ce442820c81d8ee673b0ab85c"
 		score = 75
-		quality = 40
+		quality = 65
 		tags = ""
 
 	strings:
@@ -167396,7 +167522,7 @@ rule ELCEEF_Outlook_CVE_2023_23397_Exploit : FILE
 		license_url = "https://github.com/elceef/yara-rulz/blob/791721372091836f5bf477d7f21114f45a310052/LICENSE"
 		logic_hash = "695721ec276415c6a6a0f4ce6378ff2d11c15d28271f587966bc3d9d8c06f63a"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 		hash1 = "52dbaf64ce1a5cd1db9a9d385f8204e5f665ca53a3d904033bf1a10369490646"
 		hash2 = "582442ee950d546744f2fa078adb005853a453e9c7f48c6c770e6322a888c2cf"
@@ -167562,7 +167688,7 @@ rule ELCEEF_OLE2_Autoopen_Reversed_Payload : FILE
 		license_url = "https://github.com/elceef/yara-rulz/blob/791721372091836f5bf477d7f21114f45a310052/LICENSE"
 		logic_hash = "425750e77d31ddc356f803ee6e2f192f93f64534a9633fef02da5caaa60dbcaf"
 		score = 65
-		quality = 42
+		quality = 67
 		tags = "FILE"
 
 	strings:
@@ -167751,7 +167877,7 @@ rule ELCEEF_Base64_SVG_Javascript
  * YARA Rule Set
  * Repository Name: GodModeRules
  * Repository: https://github.com/Neo23x0/god-mode-rules/
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 436dc682164cf17a123d6b09d1424e7e2acf0c25
  * Number of Rules: 1
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -167975,7 +168101,7 @@ rule GODMODERULES_IDDQD_God_Mode_Rule
 		license_url = "https://github.com/Neo23x0/god-mode-rules//blob/436dc682164cf17a123d6b09d1424e7e2acf0c25/LICENSE"
 		logic_hash = "f2996ad7090a79c470e64c9e0ac43c2ba3fc1bf18e39686ecda9dc5b89744d7e"
 		score = 60
-		quality = 21
+		quality = 46
 		tags = ""
 		importance = 60
 
@@ -168022,7 +168148,7 @@ rule GODMODERULES_IDDQD_God_Mode_Rule
  * YARA Rule Set
  * Repository Name: Cod3nym
  * Repository: https://github.com/cod3nym/detection-rules/
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 5939dadd34ebd3c111f97ba0bc0085b639e142a5
  * Number of Rules: 13
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -168462,7 +168588,7 @@ rule COD3NYM_MAL_NET_Limecrypter_Runpe_Jan24 : FILE
  * YARA Rule Set
  * Repository Name: craiu
  * Repository: https://github.com/craiu/yararules
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 23cf0ca22021fa3684e180a18416b9ae1b695243
  * Number of Rules: 13
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -169627,10 +169753,10 @@ rule CRAIU_Crime_Chaos_Ransomware_Gen : FILE
  * YARA Rule Set
  * Repository Name: DitekSHen
  * Repository: https://github.com/ditekshen/detection
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: e76c93dcdedff04076380ffc60ea54e45b313635
- * Number of Rules: 1436
- * Skipped: 0 (age), 117 (quality), 0 (score), 0 (importance)
+ * Number of Rules: 1442
+ * Skipped: 0 (age), 111 (quality), 0 (score), 0 (importance)
  *
  *
  * LICENSE
@@ -170078,7 +170204,7 @@ rule DITEKSHEN_INDICATOR_TOOL_Avbypass_Aviator : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "1fb497eec2b0cd4051b5ddd53463f1da511c0a7b72d54a0bc68736a99fdc6143"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -170143,7 +170269,7 @@ rule DITEKSHEN_INDICATOR_TOOL_LTM_Sharpexec : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "17ae5c9f0b22e8ecbbbcbe052e466d00cb7b62cff423688b5138209c52f0698d"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -170257,7 +170383,7 @@ rule DITEKSHEN_INDICATOR_TOOL_EXP_Eternalblue : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "63e56637118accb8c32c20e52465c027df2dbf83b3b663d316b453ce879572c8"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -171298,7 +171424,7 @@ rule DITEKSHEN_INDICATOR_TOOL_ANT_Sharpedrchecker : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "77a26ff5298dddebc669d9b6c39905a48a86884cf98adebdf935b94c62d36ddc"
 		score = 75
-		quality = 23
+		quality = 48
 		tags = "FILE"
 
 	strings:
@@ -171343,7 +171469,7 @@ rule DITEKSHEN_INDICATOR_TOOL_ANT_Invizzzible : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "bd84015f9fdc160a6ed9010c5a5905fcf13987b1fdec6fdd9535e315dc3617e8"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -171460,7 +171586,7 @@ rule DITEKSHEN_INDICATOR_TOOL_EXP_Petitpotam01 : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "37a9477b41560904e8874ecaf93eb2667b9450b5d42665677abc1442538f9000"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -171699,7 +171825,7 @@ rule DITEKSHEN_INDICATOR_TOOL_ENUM_Sharpshares : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "8b35d6a692814e1b27ffc1db4ab124bf621c156aaf57f24796c422ec95a85715"
 		score = 75
-		quality = 25
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -171868,7 +171994,7 @@ rule DITEKSHEN_INDICATOR_TOOL_Extpassword : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "525530cb7e9f44be0408fd710306f90056b1b6b9a9e4779d8c1eb1ddef443fb0"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -172530,7 +172656,7 @@ rule DITEKSHEN_INDICATOR_TOOL_Sharpghosttask : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "3de8d9fe7804e208ff556b6bedbd80eebfda1a730626403418a555ad9fbbb820"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -172873,7 +172999,7 @@ rule DITEKSHEN_MALWARE_Win_Obliquerat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "0b8bbf031364b828a972c52e1a8985ff65601ca7413e6e7ae3a5be981f086b9e"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -173121,7 +173247,7 @@ rule DITEKSHEN_MALWARE_Linux_Hiddenwasp : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "a2aad022de41ba2633fc92a7dc5a5fa2efde9da2211cfc01fb2999e33365d6c9"
 		score = 75
-		quality = 46
+		quality = 71
 		tags = "FILE"
 		clamav_sig1 = "MALWARE_Linux.Trojan.HiddenWasp-ELF"
 		clamav_sig2 = "MALWARE_Linux.Trojan.HiddenWasp-Script"
@@ -173521,7 +173647,7 @@ rule DITEKSHEN_MALWARE_Win_Robbinhood : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "f1c4226ed5cb1583418d5ef0efc2c2b5bc3cfe7f148f359c5d432fd660331a46"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav_sig = "MALWARE.Win.Ransomware.Robbinhood"
 
@@ -174099,7 +174225,7 @@ rule DITEKSHEN_MALWARE_DOC_Koadicdoc : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "9f0538e1faee737a08d403a7f321ce45bdc70b390accfe378ba0d26292509fd7"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -174127,7 +174253,7 @@ rule DITEKSHEN_MALWARE_BAT_Koadicbat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "1ee6c0189a5111c61af1dbe571524427bff95a7e3907f97ce51d272a8f701cf5"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -174185,7 +174311,7 @@ rule DITEKSHEN_MALWARE_Win_NETEAGLE : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "148de0ca332d3885d94eae8d15eb4aaa2bc4950c691c0e8817c816b7d4c55510"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -174278,7 +174404,7 @@ rule DITEKSHEN_MALWARE_Win_Pillowmint : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "ed2597fce1c56d2e110790e0eb89834b1bb9f6f52d39105157c9ffe2ede6cc7a"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -174620,7 +174746,7 @@ rule DITEKSHEN_MALWARE_Win_Taurus : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "6039c27e69b47dfcc1327c34306627d2d9bd57f6bd365bb80b47ad21f892ae8a"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -174699,7 +174825,7 @@ rule DITEKSHEN_MALWARE_Win_Slothfulmedia : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "6f742e8d9d555b44daaa09835f599c99e16cd39bb106c8f43fbbca7093de462e"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -174737,7 +174863,7 @@ rule DITEKSHEN_MALWARE_Win_Ircbot : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "1ea640202cfbd0c3425a192c45938f632dc644f41c7974118e7491b026122818"
 		score = 75
-		quality = 42
+		quality = 67
 		tags = "FILE"
 
 	strings:
@@ -174809,7 +174935,7 @@ rule DITEKSHEN_MALWARE_Win_Osno : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "3df59c306017001467a5f237db2ab37d97c34116558e18420a6a1f01f08f520f"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -174980,7 +175106,7 @@ rule DITEKSHEN_MALWARE_Win_Cryptbot : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "6322b8b1ad210fac4475c194e060046538d4174f69a7c0e3618646d262cd33bd"
 		score = 75
-		quality = 44
+		quality = 69
 		tags = "FILE"
 		snort2_sid = "920110"
 		snort3_sid = "920108"
@@ -175150,7 +175276,7 @@ rule DITEKSHEN_MALWARE_Win_Cobaltstrike : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "43513aef0ed715f0c214d7a14e465350f9c1bcadf87535e1c12561e976398bb3"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -175309,7 +175435,7 @@ rule DITEKSHEN_MALWARE_Win_Cratpluginkeylogger : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "58ef1f7466fcc871be2e74aa447c76970fd90c9d9d345a896fb8e6335114d189"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav_sig = "MALWARE.Win.Trojan.CRAT"
 
@@ -175339,7 +175465,7 @@ rule DITEKSHEN_MALWARE_Win_Cratpluginclipboardmonitor : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c3e692a06388e143a8e1053e75a6eb6a82da5bdf26d38e3a0e339bc20d8312a1"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -175368,7 +175494,7 @@ rule DITEKSHEN_MALWARE_Win_Cratpluginscreencapture : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "7b4378ae883d01338fabe2eb50a5509b722c661e63afc287afa07b263a0ebc42"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -175401,7 +175527,7 @@ rule DITEKSHEN_MALWARE_Win_Cratpluginransomhansom : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "b22f6d22630f311241634513eb051df2b36af84a938c1ae1f5284e5a5d7d3077"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -175673,7 +175799,7 @@ rule DITEKSHEN_MALWARE_Win_Snakekeylogger : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "7d787026b290c3c6a43c7de83233f22980733e7401260ff2f763e6f1b534ecba"
 		score = 75
-		quality = 42
+		quality = 67
 		tags = "FILE"
 		clamav_sig = "MALWARE.Win.Trojan.SnakeKeylogger"
 
@@ -176857,7 +176983,7 @@ rule DITEKSHEN_MALWARE_Osx_Genieo : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "951dc8539435a52d9eea00b3fdaf98cf618c03867066819f2f9244165e57c675"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav_sig = "MALWARE.Osx.Trojan.Genieo"
 
@@ -177120,7 +177246,7 @@ rule DITEKSHEN_MALWARE_Win_STOP : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "61f7e7c1139c56088b2f58b78ae132ffcfef0f931c15b67ea775b0d5e51d189d"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 		snort2_sid = "920113"
 		snort3_sid = "920111"
@@ -177403,7 +177529,7 @@ rule DITEKSHEN_MALWARE_Win_Bobik : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "735dcb9e04956863305ca89a43686b8e48e3b20784ae9292cfc40d1c2c09d467"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav_sig = "MALWARE.Win.Trojan.Bobik"
 
@@ -177655,7 +177781,7 @@ rule DITEKSHEN_MALWARE_Win_Babuk : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "5ca5c5106747cf8f4ccd5df4ddbc78321fea3c8f533cb807a704d270eb956007"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -177930,7 +178056,7 @@ rule DITEKSHEN_MALWARE_Win_Trickbotmodule : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "4d06653dad5f8a18598855212548364b3c3d2b68b99784846b494fcb1d1c8df9"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -177975,6 +178101,33 @@ rule DITEKSHEN_MALWARE_Win_Gaudox : FILE
 	condition:
 		uint16( 0 ) == 0x5a4d and all of them
 }
+rule DITEKSHEN_MALWARE_Win_Phobos : FILE
+{
+	meta:
+		description = "Detects Phobos ransomware"
+		author = "ditekshen"
+		id = "7bf659ef-f2a1-5ee2-a334-c233e26a2526"
+		date = "2024-11-01"
+		modified = "2024-11-01"
+		reference = "https://github.com/ditekshen/detection"
+		source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/malware.yar#L3895-L3908"
+		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
+		logic_hash = "bbf8eef0863e9d6423b3b0f938561b2be486b92b4f59b5d0b67f52dba536a582"
+		score = 75
+		quality = 25
+		tags = "FILE"
+
+	strings:
+		$x1 = "\\\\?\\UNC\\\\\\e-" fullword wide
+		$x2 = "\\\\?\\ :" fullword wide
+		$x3 = "POST" fullword wide
+		$s1 = "ELVL" fullword wide
+		$s2 = /SUP\d{3}/ fullword wide
+		$s3 = { 41 31 47 ?? 41 2b }
+
+	condition:
+		uint16( 0 ) == 0x5a4d and all of ( $x* ) and 1 of ( $s* )
+}
 rule DITEKSHEN_MALWARE_Win_Ratty : FILE
 {
 	meta:
@@ -178189,6 +178342,45 @@ rule DITEKSHEN_MALWARE_Win_WSHRATJS : FILE
 	condition:
 		filesize < 400KB and ( $charset_full or ( $charset_begin and $charset_end ) ) and 2 of ( $wsc_object* ) and 3 of ( $s* )
 }
+rule DITEKSHEN_MALWARE_Win_Asyncrat : FILE
+{
+	meta:
+		description = "Detects AsyncRAT"
+		author = "ditekSHen"
+		id = "6465b50d-8f1a-5c09-84fd-cd1e5994e68f"
+		date = "2024-11-01"
+		modified = "2024-11-01"
+		reference = "https://github.com/ditekshen/detection"
+		source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/malware.yar#L4047-L4074"
+		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
+		logic_hash = "073d4a8667fb1a48bf2bd503a551d7f78e38a6066feedc646d92c27fb7201fca"
+		score = 60
+		quality = 35
+		tags = "FILE"
+
+	strings:
+		$x1 = "AsyncRAT" fullword ascii
+		$x2 = "AsyncRAT 0." wide
+		$x3 = /AsyncRAT\s[0-9]\.[0-9]\.[0-9][A-Z]/ fullword wide
+		$s1 = "/create /sc onlogon /rl highest /tn" fullword wide
+		$s2 = "/C choice /C Y /N /D Y /T 1 & Del \"" fullword wide
+		$s3 = "{{ ProcessId = {0}, Name = {1}, ExecutablePath = {2} }}" fullword wide
+		$s4 = "Stub.exe" fullword ascii wide
+		$s5 = "\\nuR\\noisreVtnerruC\\swodniW\\tfosorciM\\erawtfoS\\UCKH" ascii wide
+		$s6 = "VirtualBox" fullword ascii wide
+		$s7 = "/target:winexe /platform:x86 /optimize+" fullword ascii wide
+		$s8 = "Win32_ComputerSystem" ascii wide
+		$s9 = "Win32_Process Where ParentProcessID=" ascii wide
+		$s10 = "etirWgeR.llehShsW" ascii wide
+		$s11 = "usbSpread" fullword ascii wide
+		$cnc1 = "Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0" fullword ascii wide
+		$cnc2 = "Mozilla/5.0 (iPhone; CPU iPhone OS 11_4_1 like Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/11.0 Mobile/15E148 Safari/604.1" fullword ascii wide
+		$cnc3 = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" fullword ascii wide
+		$cnc4 = "POST / HTTP/1.1" fullword ascii wide
+
+	condition:
+		(( uint16( 0 ) == 0x5a4d and filesize < 4000KB ) and ( 1 of ( $x* ) or 6 of ( $s* ) or all of ( $cnc* ) or ( 4 of ( $s* ) and 2 of ( $cnc* ) ) ) ) or ( 1 of ( $x* ) or 6 of ( $s* ) or all of ( $cnc* ) or ( 4 of ( $s* ) and 2 of ( $cnc* ) ) )
+}
 rule DITEKSHEN_MALWARE_Win_Quilclipper
 {
 	meta:
@@ -178337,7 +178529,7 @@ rule DITEKSHEN_MALWARE_Win_Corebot : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "518209458fc8912d47b0b99896178fda823c3174c37f21d5e9331349a69322d7"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 		snort_sid = "920211-920212"
 
@@ -178484,7 +178676,7 @@ rule DITEKSHEN_MALWARE_Win_Arechclient2 : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "0d841f4d4664fb09801c51f7b65e897e4e698753ad67fc20e2b81d98c0b3d07d"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -179091,7 +179283,7 @@ rule DITEKSHEN_MALWARE_Win_EXEPWSH_Dlagent : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "6380359db1ac775cea3ebb93f7cf22a92d2f2e634c6aa724e2814c10d4ed42f5"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -179458,7 +179650,7 @@ rule DITEKSHEN_MALWARE_Win_Maktub : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "5c11d04fc3088eb8a0132b9ed83748ddb7e1bbe9d03b9e884d4003181cbb6d69"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -179592,7 +179784,7 @@ rule DITEKSHEN_MALWARE_Win_Dlagent08 : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "0238c13b00e5778ef216b4e8576c321803da6e269c96c3051b9cc45a3ac6e567"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		snort2_sid = "920122"
 		snort3_sid = "920119"
@@ -179974,7 +180166,7 @@ rule DITEKSHEN_MALWARE_Win_Njrat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "92d535a7c7f361b7a0901d0b99427ebc82a69577bfea73c04a7f9d51d2054b36"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -180129,7 +180321,7 @@ rule DITEKSHEN_MALWARE_Win_Karkoff : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "e9b6ba5be2b3cd0faa898347e57cee5a57b80b19842c3a1ddb42d620307c8b39"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -180312,7 +180504,7 @@ rule DITEKSHEN_MALWARE_Win_Ranumbot : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "a9c32445e62d072e4184d25497696ef6225edb176dc7a9743a54194d4ddb4b0c"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -180921,7 +181113,7 @@ rule DITEKSHEN_MALWARE_Win_Buterat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c3d93e8dc1bde8e77c11586c8d8b67d137ef2c4791e12269f1af310fbe14832b"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -181039,7 +181231,7 @@ rule DITEKSHEN_MALWARE_Win_Browsergrabber : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c96a63566280758d8c32542bfab3c6faa7d21329430345f51ea4c2f0a6809dc2"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -181421,7 +181613,7 @@ rule DITEKSHEN_MALWARE_Win_Wingo : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "423b1631ad625fd46a9d10f0ecdf24931cf62a2c1694da3ebdd38daad0a4f724"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -181535,7 +181727,7 @@ rule DITEKSHEN_MALWARE_Win_Gelsevirine : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "60d41d6d789f1cd2a7040d6535f13c69ea58a489035838f047b886e8f1f37f63"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -181743,7 +181935,7 @@ rule DITEKSHEN_MALWARE_Win_Markirat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "17b8bcfe8d2b4c87ff8e0bddb436e18029a3b28a5ad3994fe9bef359588d9cad"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -181816,7 +182008,7 @@ rule DITEKSHEN_MALWARE_Win_Xfiles : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "0c04a8f019aea36f4bba3ce8289c2d608c69d76bbf321052560b4ca2214be057"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -182028,7 +182220,7 @@ rule DITEKSHEN_MALWARE_Win_Mercurial : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "400f8f717a4e07bf4de508c02bbcd9e82bf21f3df84c989fc622378f33e192f0"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -182213,7 +182405,7 @@ rule DITEKSHEN_MALWARE_Win_RSJON : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "abfea2955bf0d0b0511ea820582cc15fbcfc38dbed71fb2a0050cd98a9311cda"
 		score = 75
-		quality = 23
+		quality = 48
 		tags = "FILE"
 
 	strings:
@@ -182545,7 +182737,7 @@ rule DITEKSHEN_MALWARE_Win_Actionrat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "1552cda3f02c08582e3dd97df98416635a25005081627097df181bfc6aac4665"
 		score = 75
-		quality = 46
+		quality = 71
 		tags = "FILE"
 
 	strings:
@@ -183096,7 +183288,7 @@ rule DITEKSHEN_MALWARE_Win_Bluebot : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "04a19f649eb2fff7a5bc59ccead80cd0a04c4e5418cbc83e850045dba75b03e0"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -183202,7 +183394,7 @@ rule DITEKSHEN_MALWARE_Win_MB150 : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "a07535fc53912ddde6a0bed187c21ecdb2701d317d7de0cbdd2db37071bc9a21"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -183229,6 +183421,49 @@ rule DITEKSHEN_MALWARE_Win_MB150 : FILE
 	condition:
 		uint16( 0 ) == 0x5a4d and ( 4 of ( $x* ) or ( $go and 4 of ( $s* ) ) or ( 1 of ( $mac* ) and ( 2 of ( $x* ) or 3 of ( $s* ) ) ) )
 }
+rule DITEKSHEN_MALWARE_Win_Chaos : FILE
+{
+	meta:
+		description = "Detects Chaos ransomware"
+		author = "ditekSHen"
+		id = "59d43cfb-72d8-5c17-87bf-f1f364d23bed"
+		date = "2024-11-01"
+		modified = "2024-11-01"
+		reference = "https://github.com/ditekshen/detection"
+		source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/malware.yar#L7404-L7433"
+		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
+		logic_hash = "6203ab09745db817b9e909d70cf1d5be9769c414461ee5f7bb344b6959986537"
+		score = 75
+		quality = 44
+		tags = "FILE"
+
+	strings:
+		$s1 = "<EncyptedKey>" fullword wide
+		$s2 = "<EncryptedKey>" fullword wide
+		$s3 = "C:\\Users\\" fullword wide
+		$s4 = "read_it.txt" fullword wide
+		$s5 = "#base64Image" fullword wide
+		$s6 = "(?:[13]{1}[a-km-zA-HJ-NP-Z1-9]{26,33}|bc1[a-z0-9]{39,59})" fullword wide
+		$s7 = /check(Spread|Sleep|AdminPrivilage|deleteShadowCopies|disableRecoveryMode|deleteBackupCatalog)/ fullword ascii nocase
+		$s8 = /(delete|disable)(ShadowCopies|RecoveryMode|BackupCatalog)/ fullword ascii nocase
+		$s9 = "spreadName" fullword ascii
+		$s10 = "processName" fullword ascii
+		$s11 = "sleepOutOfTempFolder" fullword ascii
+		$s12 = "AlreadyRunning" fullword ascii
+		$s13 = "random_bytes" fullword ascii
+		$s14 = "encryptDirectory" fullword ascii nocase
+		$s15 = "EncryptFile" fullword ascii nocase
+		$s16 = "intpreclp" fullword ascii
+		$s17 = "bytesToBeEncrypted" fullword ascii
+		$s18 = "textToEncrypt" fullword ascii
+		$m1 = "Chaos is" wide
+		$m2 = "Payment informationAmount:" wide
+		$m3 = "Coinmama - hxxps://www.coinmama.com Bitpanda - hxxps://www.bitpanda.com" wide
+		$m4 = "where do I get Bitcoin" wide
+
+	condition:
+		uint16( 0 ) == 0x5a4d and 6 of ( $s* ) or all of ( $m* ) or ( 2 of ( $m* ) and 4 of ( $s* ) )
+}
 rule DITEKSHEN_MALWARE_Win_Horuseyesrat : FILE
 {
 	meta:
@@ -183242,7 +183477,7 @@ rule DITEKSHEN_MALWARE_Win_Horuseyesrat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c0f499e3a17923b391ed6b7fa723525a9d4aef0ce04a2c7abec60d5eda15888f"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -183731,7 +183966,7 @@ rule DITEKSHEN_MALWARE_Win_Darkcomet : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "444df3c914c47500018614af10036864b459e7873daf079b684352dbe52f0486"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -184887,7 +185122,7 @@ rule DITEKSHEN_MALWARE_Win_Rapid : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c3f1bffeb402951da8bcccc899b2cdeb3c218b342d8338c750b9ff275537b4b5"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -184954,7 +185189,7 @@ rule DITEKSHEN_MALWARE_Win_Virlock : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "8d516a0d771d7134c0f917f010b3973ed53b4ee7e4a2cf0bb5daecf9867b0081"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -185055,7 +185290,7 @@ rule DITEKSHEN_MALWARE_Win_Kdcsponge : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c891db94df9cde9eaa6096ad68d96c7b85a9c03e255ce43ccb8543a016bd3853"
 		score = 75
-		quality = 40
+		quality = 65
 		tags = "FILE"
 		hash1 = "e391c2d3e8e4860e061f69b894cf2b1ba578a3e91de610410e7e9fa87c07304c"
 
@@ -185154,7 +185389,7 @@ rule DITEKSHEN_MALWARE_Win_Tardigrade : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "2bd4f23f66844a320b6bed6242ba39096f66a08affb84abd78c342d433ed9fe6"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		hash1 = "c0976a1fbc3dd938f1d2996a888d0b3a516b432a2c38d788831553d81e2f5858"
 		hash2 = "966b2c7c72a28310acd58bb23af4d3c893b2afca264b2d9c0ec42db815c77487"
@@ -185300,7 +185535,7 @@ rule DITEKSHEN_MALWARE_Win_Onlylogger : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "1b39a4d2a6d3a2633cfa98adc1dfe99d10d2493fd06c9f875c56ec7689b7a561"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -185529,7 +185764,7 @@ rule DITEKSHEN_MALWARE_Win_Chebka : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "cc8123a5d20fac51d4dfc225e743539456efb4d649060d078c3ed93e7724da01"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -185564,7 +185799,7 @@ rule DITEKSHEN_MALWARE_Win_Flagpro : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c5e5944426b7be690ad62dd0d98a8fc6f8135cab0dbdd8a5aaf1670491eda59d"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -185650,7 +185885,7 @@ rule DITEKSHEN_MALWARE_Win_Garrantdecrypt : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "84b139e51f0ef0389c641d62409d702b0ae7ec6ecd2fa54baf2cf0c0078a8f5a"
 		score = 75
-		quality = 25
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -185678,7 +185913,7 @@ rule DITEKSHEN_MALWARE_Win_Locked : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "b838b996946fb268c66bac68d5e326ff3049340dfb08f2e0a77492df49915d5a"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -185785,7 +186020,7 @@ rule DITEKSHEN_MALWARE_Win_Lokilocker : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "bf78f5e8f40c1a19f6b078a85854e95d5ef1f321393a831edda17b0d65515da7"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -185887,7 +186122,7 @@ rule DITEKSHEN_MALWARE_Win_Lorenz : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "e9fc9d405b955c379ae40b1804d43b19999f6ea264fc645c897080fb020e8ae8"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -185931,7 +186166,7 @@ rule DITEKSHEN_MALWARE_Win_Blackcat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "cd76e5b87f33d91c17fd032417583c3f68d0e310aaf6f08e26ec5d53844ed9d2"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -185952,6 +186187,38 @@ rule DITEKSHEN_MALWARE_Win_Blackcat : FILE
 	condition:
 		( uint16( 0 ) == 0x5a4d or uint16( 0 ) == 0x457f ) and ( all of ( $x* ) or 5 of ( $s* ) or ( 1 of ( $x* ) and 3 of ( $s* ) ) )
 }
+rule DITEKSHEN_MALWARE_Win_Koxic : FILE
+{
+	meta:
+		description = "Detects Koxic ransomware"
+		author = "ditekSHen"
+		id = "6a82bf44-b155-5746-b798-20a13623a14a"
+		date = "2024-11-01"
+		modified = "2024-11-01"
+		reference = "https://github.com/ditekshen/detection"
+		source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/malware.yar#L9291-L9309"
+		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
+		logic_hash = "d874c8ebf330814e52d159cbf71f8bc05ebeb4a9fb93d96c3f861b51e57925a3"
+		score = 75
+		quality = 25
+		tags = "FILE"
+
+	strings:
+		$c1 = " INFO: >> %TEMP%\\" ascii wide
+		$c2 = "cmd /c \"wmic" ascii wide
+		$c3 = "cmd /c \"echo" ascii wide
+		$c4 = "cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del /f /q \"%s\"" fullword wide
+		$c5 = /sc config.{1,30}start=disabled/ fullword ascii wide
+		$s1 = "Container: %s" fullword wide
+		$s2 = "Shotcut dir : %s" fullword wide
+		$s3 = "\\Microsoft\\Windows\\Network Shortcuts\\" fullword wide
+		$s4 = "Thread %d started." fullword ascii
+		$s5 = "ADD our TOXID:" wide
+		$s6 = "[Recommended] Using an email" wide
+
+	condition:
+		uint16( 0 ) == 0x5a4d and ( ( 4 of ( $s* ) and 1 of ( $c* ) ) or ( 2 of ( $s* ) and ( #c1 > 5 or #c2 > 5 or #c3 > 5 or #c5 > 5 ) ) )
+}
 rule DITEKSHEN_MALWARE_Win_Timetime : FILE
 {
 	meta:
@@ -185995,7 +186262,7 @@ rule DITEKSHEN_MALWARE_Win_Strifewater : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "ddb189dfe58af08d2c0682239551a5b9d82db94eedcefc02895316bcbbaca3f2"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -186034,7 +186301,7 @@ rule DITEKSHEN_MALWARE_Win_Surtr : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "a8db5588079d471d8904f0444973973a0c01dbec1ccbe3d43a34d41a0dde495d"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -186095,7 +186362,7 @@ rule DITEKSHEN_MALWARE_Win_Jesterstealer : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c84df5d3ad2bc7a75a11c07995cc034c2a92b2f6f6f6943288add9c44c57bf6d"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -186302,7 +186569,7 @@ rule DITEKSHEN_MALWARE_Win_Bandit : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "e557f5a928b5da90f3ec878d6d8615a2d8b5f33e97954cd3278044f76b543386"
 		score = 75
-		quality = 32
+		quality = 57
 		tags = "FILE"
 
 	strings:
@@ -186352,7 +186619,7 @@ rule DITEKSHEN_MALWARE_Win_Laplas : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "e4a1f39a539782118db9c4ab89d03e359420397ef970165389cc79e7ea0952b3"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 		clamav_sig1 = "MALWARE.Win.LapLas-DotNET"
 		clamav_sig2 = "MALWARE.Win.LapLas-GoLang"
@@ -186507,7 +186774,7 @@ rule DITEKSHEN_MALWARE_Win_Multi_Family_Infostealer : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "0fdd1cdc4f2e5bee6c763e6e6b2e79d85285e44e2b5e3168a56d7d360252ee99"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -186543,7 +186810,7 @@ rule DITEKSHEN_MALWARE_Win_Darkeye : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "5496dcbfe075a4030a446027765186e9dd1931561a29a481139281e1708ce87d"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -186670,7 +186937,7 @@ rule DITEKSHEN_MALWARE_Win_Lummastealer : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "74014c5bcc85977b90faed93b348c34e47ee033b06c2f145348ca9c54c27bda5"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 		clamav1 = "MALWARE.Win.Trojan.LummaStealer"
 
@@ -186802,7 +187069,7 @@ rule DITEKSHEN_MALWARE_Win_Arrowrat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "13e6d4fd274f75c50aa4110276812d02885c03cfc269dde480db66955e5f703a"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -186934,7 +187201,7 @@ rule DITEKSHEN_MALWARE_Win_Stealerium : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "a2834e7fe26ad0197a9e490ab517029ceed2e09506fcc37e6ddf0c1804fa6cb9"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -187029,7 +187296,7 @@ rule DITEKSHEN_MALWARE_Win_Hakunamatata_Builder : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "ac258851de38504cf63ba51fd06f8a9a3dfbe0096d199ba702e9763b5ecc43e4"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -187137,7 +187404,7 @@ rule DITEKSHEN_MALWARE_Win_Akira : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "73dd0a1b21be8ff7362536f6b6255cd19510632782effd67a56d7656bebf04ff"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -187342,7 +187609,7 @@ rule DITEKSHEN_MALWARE_Win_Arcrypt : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "cc9fa68d093fdf9745a06beb28e29108cb2ba846122ce097ad892213b1edba25"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -187382,7 +187649,7 @@ rule DITEKSHEN_MALWARE_Win_Rootteamstealer : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "d1693865253067527d58c980653d550b55d022d5a394b88090a958e5d5818143"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -187412,7 +187679,7 @@ rule DITEKSHEN_MALWARE_Win_Espioloader : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "8ad77a50db48f12e6f6465652b24fc1daa56375bb27e37e0eead1bea55b89e0c"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav_sig = "MALWARE.Win.EspioLoader"
 
@@ -187466,7 +187733,7 @@ rule DITEKSHEN_MALWARE_Win_Blitzgrabber : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "8baceacf3c2af61e00b31e8106820b6f1ce2e7a9d98eaed965e698109ae08314"
 		score = 75
-		quality = 46
+		quality = 71
 		tags = "FILE"
 
 	strings:
@@ -187617,7 +187884,7 @@ rule DITEKSHEN_MALWARE_Win_Phemedronestealer : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "74e150cc971f5648f9e3f6146afba162b1a29cf2744c862b2320db52c2efa930"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -187652,7 +187919,7 @@ rule DITEKSHEN_MALWARE_Win_WSHRAT : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "297bfe65815637a464e2a8fc23570c6e79694ffe0467d5898b7c845f1450de95"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -187684,7 +187951,7 @@ rule DITEKSHEN_MALWARE_Win_Rustystealer : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "e60e66360c8f97a31e75cd90a12519f75f3a672874fc985a8da1d4d02e185b4d"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -187862,7 +188129,7 @@ rule DITEKSHEN_MALWRE_Win_Darkgate : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "805a04bbb3915d539e76927393384a2786c25490e8b9fc151d5b12415247578b"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -188164,7 +188431,7 @@ rule DITEKSHEN_MALWARE_Win_Qwixxrat : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "e6e44697e393da35215f7835f122cb74b05dbeebb558345d5110d6fbc809f4dd"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -188190,7 +188457,7 @@ rule DITEKSHEN_MALWARE_Win_Toxiceye : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "ee01c107dd295b923801c0d1a77b1534d3a5f2abf8d2cfa93c6786a1b0553504"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -188222,7 +188489,7 @@ rule DITEKSHEN_MALWARE_Win_Rdpcredsstealerinjector : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "0dfade8dde987f5134158b7c4abc3eaf8dcece86e1ff2ab1da4466da316939a2"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav1 = "MALWARE.Win.Trojan.RDPCredsStealer-Injector"
 
@@ -188249,7 +188516,7 @@ rule DITEKSHEN_MALWARE_Win_Krakenstealer : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "7f15823db706e6e51d8ea58fb026efb49f42234255d2f448614dc645d12648bb"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 		snort = "923828002"
 
@@ -188376,7 +188643,7 @@ rule DITEKSHEN_MALWARE_Win_Agnianestealer : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "0031fbe6d76868819cbcfc638433d60a50e8f5cfd14ff25af88ed3dffefd7d62"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		snort = "923828001"
 		clamav = "ditekSHen.MALWARE.Win.AgnianeStealer"
@@ -188614,7 +188881,7 @@ rule DITEKSHEN_MALWARE_Win_Risepro : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "f6f1832f316df51ca108a3c75034bd53c3823cd3d9b16da120e12e252dbf90ff"
 		score = 75
-		quality = 46
+		quality = 71
 		tags = "FILE"
 
 	strings:
@@ -188780,7 +189047,7 @@ rule DITEKSHEN_MALWARE_Win_Simda : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "3f06e86033e8f9534f9904a2a63c4717a9532eb235f6f4405ef1db7d9b93f036"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -188836,7 +189103,7 @@ rule DITEKSHEN_MALWARE_Win_Umbralstealer : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "1686e4626e4d6335f028d6cb6471c32dac747a77fc95d97b4c9dfd043ba975e9"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -188937,7 +189204,7 @@ rule DITEKSHEN_MALWARE_Win_Blackhunt : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "62e9bc505eff3e19ff0cdaf180e45e6d7917f0bec7cd9b007bee9fe1d9d09b66"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -188967,7 +189234,7 @@ rule DITEKSHEN_MALWARE_Win_Scoutelite : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "935bd891a9b68cb6ddad86db843de624f3a7ec0824f2b4c6ff0da56422b79668"
 		score = 75
-		quality = 25
+		quality = 50
 		tags = "FILE"
 
 	strings:
@@ -189206,7 +189473,7 @@ rule DITEKSHEN_MALWARE_Win_Lighthand : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "4f06467a522b786045839e6b22b888cecc554b0f63cc20dc43dc0f8ec80f5654"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -189309,7 +189576,7 @@ rule DITEKSHEN_MALWARE_Win_Ktlvdoor : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "3ced9b558c7e17acd015cd2c9dd0c5d024bf9c31c7f2e7c9b7b937124109cf8b"
 		score = 75
-		quality = 48
+		quality = 73
 		tags = "FILE"
 
 	strings:
@@ -189471,7 +189738,7 @@ rule DITEKSHEN_MALWARE_Win_Cicada3301 : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "b8b7596bc8ae01b89742e17bd3dbfcc1e2fad486cc6ea19c8de813fc677509f4"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav1 = "MALWARE.Win.Ransomware.Cicada3301"
 
@@ -189673,7 +189940,7 @@ rule DITEKSHEN_INDICATOR_RMM_Connectwise_Screenconnect : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "43003f97c33c631a2806ce2b82b2367d2452ceb21b0267b5dfe78b350b66924a"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav1 = "INDICATOR.Win.RMM.ConnectWise-ScreenConnect"
 
@@ -190021,7 +190288,7 @@ rule DITEKSHEN_INDICATOR_RMM_Atera : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "dbc37a941b38d36ea9bc31880c3cba6cd2b88b534583e86741f7686fcb410235"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav1 = "INDICATOR.Win.RMM.Atera"
 
@@ -190202,7 +190469,7 @@ rule DITEKSHEN_INDICATOR_RMM_Dwagentsvc : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "590d41d2e433a7a1bb373fbd0b0d47818a9867bee0399101881b05e83b586f6e"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav1 = "INDICATOR.Win.RMM.DWAgent-SVC"
 
@@ -190264,7 +190531,7 @@ rule DITEKSHEN_INDICATOR_RMM_Dwagent_Soundcapture : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "c0efa9f383373dec1c5b9d127c2b4c6f4906718ae8f62eea28d7a369001be5af"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		clamav1 = "INDICATOR.Win.RMM.DWAgent-SoundCapture"
 
@@ -192344,7 +192611,7 @@ rule DITEKSHEN_INDICATOR_RTF_Threadkit_Exploit_Builder_Document : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "f2308ac6ae5345e0c783871dd6b471397ec83ba7194db5cc74c8984d84c2c0c2"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 
 	strings:
@@ -192643,6 +192910,29 @@ rule DITEKSHEN_INDICATOR_XML_Webrelframe_Remotetemplate : FILE
 	condition:
 		uint32( 0 ) == 0x6d783f3c and ( 1 of ( $target* ) and $mode )
 }
+rule DITEKSHEN_INDICATOR_PDF_Ipdropper : FILE
+{
+	meta:
+		description = "Detects PDF documents with Action and URL pointing to direct IP address"
+		author = "ditekSHen"
+		id = "83368671-f1ec-5b09-9d55-6e45e576ebdb"
+		date = "2024-09-06"
+		modified = "2024-09-06"
+		reference = "https://github.com/ditekshen/detection"
+		source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/indicator_office.yar#L754-L763"
+		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
+		logic_hash = "be37ee7ef5d8c980483f31bf5667c2dad4321d662be05c495ec6755362d33fd6"
+		score = 60
+		quality = 35
+		tags = "FILE"
+
+	strings:
+		$s1 = { 54 79 70 65 20 2f 41 63 74 69 6f 6e 0d 0a 2f 53 20 2f 55 52 49 0d 0a }
+		$s2 = /\/URI \(http(s)?:\/\/([0-9]{1,3}\.){3}[0-9]{1,3}\// ascii
+
+	condition:
+		uint32( 0 ) == 0x46445025 and all of them
+}
 rule DITEKSHEN_INDICATOR_OLE_Excel4Macros_DL1 : FILE
 {
 	meta:
@@ -207250,7 +207540,7 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_AHK_Downloader : FILE
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "8806d8c03adb4ea4cd9b806f8f8c21e561b39b5602c70d09ed193e35e1502d35"
 		score = 40
-		quality = 20
+		quality = 45
 		tags = "FILE"
 		importance = 20
 
@@ -207491,6 +207781,35 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_PWSH_Asciiencoding_Pattern : FILE
 	condition:
 		1 of ( $enc* ) and 4 of ( $s* ) and filesize < 2500KB
 }
+rule DITEKSHEN_INDICATOR_SUSPICIOUS_JS_Hex_B64Encoded_EXE : FILE
+{
+	meta:
+		description = "Detects JavaScript files hex and base64 encoded executables"
+		author = "ditekSHen"
+		id = "37516c6b-0a77-5a20-a36f-5f8309b37362"
+		date = "2024-06-08"
+		modified = "2024-06-08"
+		reference = "https://github.com/ditekshen/detection"
+		source_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/yara/indicator_suspicious.yar#L726-L740"
+		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
+		logic_hash = "60185e6ec96875085ffb7a6bf6eb8643368bbce42b89290ab987eb32c1e153bd"
+		score = 40
+		quality = 20
+		tags = "FILE"
+		importance = 20
+
+	strings:
+		$s1 = ".SaveToFile" ascii
+		$s2 = ".Run" ascii
+		$s3 = "ActiveXObject" ascii
+		$s4 = "fromCharCode" ascii
+		$s5 = "\\x66\\x72\\x6F\\x6D\\x43\\x68\\x61\\x72\\x43\\x6F\\x64\\x65" ascii
+		$binary = "\\x54\\x56\\x71\\x51\\x41\\x41" ascii
+		$pattern = /[\s\{\(\[=]_0x[0-9a-z]{3,6}/ ascii
+
+	condition:
+		$binary and $pattern and 2 of ( $s* ) and filesize < 2500KB
+}
 rule DITEKSHEN_INDICATOR_SUSPICIOUS_WMIC_Downloader : FILE
 {
 	meta:
@@ -207789,7 +208108,7 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_Finger_Download_Pattern
 		license_url = "https://github.com/ditekshen/detection/blob/e76c93dcdedff04076380ffc60ea54e45b313635/LICENSE.txt"
 		logic_hash = "04cbb1abc4c3d2990bae798ece052eb8aa1b5104b5712e98aeb80731316b9c57"
 		score = 40
-		quality = 20
+		quality = 45
 		tags = ""
 		importance = 20
 
@@ -209171,7 +209490,7 @@ rule DITEKSHEN_INDICATOR_SUSPICIOUS_EXE_References_Publicserviceinterface : FILE
  * YARA Rule Set
  * Repository Name: WithSecureLabs
  * Repository: https://github.com/WithSecureLabs/iocs
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 8165da82a9514abb69b4e2bb03f3983766a05b4a
  * Number of Rules: 5
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -209276,7 +209595,7 @@ rule WITHSECURELABS_Ducktail_Artifacts : FILE
 		license_url = "https://github.com/WithSecureLabs/iocs/blob/8165da82a9514abb69b4e2bb03f3983766a05b4a/LICENSE"
 		logic_hash = "1daa5e654058c802826b6a306b5bfc9d0c05c4ee54607e94e618a8d409ce74d9"
 		score = 75
-		quality = 50
+		quality = 75
 		tags = "FILE"
 		version = "1.0"
 		hash1 = "3dbd9e1c3d0fd6358d4adcba04fdfc0b6e8acc49"
@@ -209423,7 +209742,7 @@ rule WITHSECURELABS_Ducktail_Nativeaot : FILE
  * YARA Rule Set
  * Repository Name: HarfangLab
  * Repository: https://github.com/HarfangLab/iocs
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 12a73f4fd3ff91266f0c9c7f2ae681ea2e95fce8
  * Number of Rules: 29
  * Skipped: 0 (age), 1 (quality), 0 (score), 0 (importance)
@@ -209876,7 +210195,7 @@ rule HARFANGLAB_Samecoin_Campaign_Tasksspreader : FILE
 		hash = "b447ba4370d9becef9ad084e7cdf8e1395bafde1d15e82e23ca1b9808fef13a7"
 		logic_hash = "61d602c343365608e5bc587ee9c7898e256f2411d78c7fe74c211e68bf4ab707"
 		score = 75
-		quality = 53
+		quality = 78
 		tags = "FILE"
 		context = "file"
 
@@ -210415,7 +210734,7 @@ rule HARFANGLAB_Apt31_Rawdoor_Payload : FILE
 		hash = "fade96ec359474962f2167744ca8c55ab4e6d0700faa142b3d95ec3f4765023b"
 		logic_hash = "51bd04603419d5bc77f12618df986f6b31ea8ddea553c6bc7580698fa236b3ed"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "FILE"
 		context = "file"
 
@@ -210466,9 +210785,9 @@ rule HARFANGLAB_Custom_Ateraagent_Operator : FILE
  * YARA Rule Set
  * Repository Name: LOLDrivers
  * Repository: https://github.com/magicsword-io/LOLDrivers/
- * Retrieval Date: 2025-09-07
- * Git Commit: cad627f8aeb44e27f87c4cdc9033f80fcf73fb33
- * Number of Rules: 565
+ * Retrieval Date: 2025-09-21
+ * Git Commit: cd02284889343e13b85c860dac34c146409219b1
+ * Number of Rules: 569
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
  *
  *
@@ -210683,14 +211002,15 @@ rule LOLDRIVERS_MAL_Driver_Crowdstrikeinc_Csagentsys_Crowdstrikefalconsensor_94B
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - idmtdi.sys"
 		author = "Florian Roth"
 		id = "b3173c53-ef34-5722-8f49-dd596733c7fe"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L2-L24"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L2-L25"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "94b87b1cdaf1d86c2bc4eacef45608d0f16fdd3b981b88cdddc16b6bc64fe25d"
 		hash = "1e42c8cb410a7ed653cfe62bbd8cf191f31a47337fe1ffcc35232d03f2da05ef"
 		hash = "6a2a0f9c56ee9bf7b62e1d4e1929d13046cd78a93d8c607fe4728cc5b1e8d050"
+		hash = "efb642ad3fab4a2e6cb4de829b60e04dd0d9ae7c2b4cf544de28c38f978b4136"
 		hash = "b2ff9ef50ae037bb003d7157ea8da008a48f715a78c644b5f027b070bf5eb049"
 		logic_hash = "9376ab5835e07d117ee3d157713339c0ffeda2479cb8183dc82cfffcbb29971d"
 		score = 70
@@ -210716,11 +211036,11 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Windbgsys_Microsoftwindowsoperat
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - windbg.sys"
 		author = "Florian Roth"
 		id = "05060e37-3c01-5b86-a3ee-6e141399164a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L27-L62"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L28-L63"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6994b32e3f3357f4a1d0abe81e8b62dd54e36b17816f2f1a80018584200a1b77"
 		hash = "5b932eab6c67f62f097a3249477ac46d80ddccdc52654f8674060b4ddf638e5d"
 		hash = "ea50f22daade04d3ca06dedb497b905215cba31aae7b4cab4b533fda0c5be620"
@@ -210762,11 +211082,11 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_AAF0
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - mimidrv.sys"
 		author = "Florian Roth"
 		id = "57e5655e-1313-585f-931c-d892e8952d0e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L65-L123"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L66-L124"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "aaf04d89fd15bc61265e545f8e1da80e20f59f90058ed343c62ee24358e3af9e"
 		hash = "4b97d63ebdeda6941bb8cef5e94741c6cca75237ca830561f2262034805f0919"
 		hash = "c42c1e5c3c04163bf61c3b86b04a5ec7d302af7e254990cef359ac80474299da"
@@ -210831,11 +211151,11 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_DDF4
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - mimidrv.sys"
 		author = "Florian Roth"
 		id = "0b38be06-60df-5b49-a748-eb175e1db33f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L126-L159"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L127-L160"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ddf427ce55b36db522f638ba38e34cd7b96a04cb3c47849b91e7554bfd09a69a"
 		hash = "bcb774b6f6ff504d2db58096601bc5cb419c169bfbeaa3af852417e87d9b2aa0"
 		hash = "af4f42197f5ce2d11993434725c81ecb6f54025110dedf56be8ffc0e775d9895"
@@ -210875,11 +211195,11 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_0F58
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - mimidrv.sys"
 		author = "Florian Roth"
 		id = "0531a88d-cb21-5055-b365-a80b6e99a6e9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L162-L194"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L163-L195"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0f58e09651d48d2b1bcec7b9f7bb85a2d1a7b65f7a51db281fe0c4f058a48597"
 		hash = "087270d57f1626f29ba9c25750ca19838a869b73a1f71af50bdf37d6ff776212"
 		hash = "0d676baac43d9e2d05b577d5e0c516fba250391ab0cb11232a4b17fd97a51e35"
@@ -210918,11 +211238,11 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_7662
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - mimidrv.sys"
 		author = "Florian Roth"
 		id = "2bb58484-03d2-5ccc-b165-cfe405f60f03"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L197-L238"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L198-L239"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7662187c236003308a7951c2f49c0768636c492f8935292d02f69e59b01d236d"
 		hash = "a85d3fd59bb492a290552e5124bfe3f9e26a3086d69d42ccc44737b5a66673ec"
 		hash = "60ee78a2b070c830fabb54c6bde0d095dff8fad7f72aa719758b3c41c72c2aa9"
@@ -210970,11 +211290,11 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_14B8
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - mimidrv.sys"
 		author = "Florian Roth"
 		id = "a9965f8f-4969-52ae-953f-a06d8fabe951"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L241-L290"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L242-L291"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "14b89298134696f2fd1b1df0961d36fa6354721ea92498a349dc421e79447925"
 		hash = "36c65aeb255c06898ffe32e301030e0b74c8bca6fe7be593584b8fdaacd4e475"
 		hash = "673bbc7fa4154f7d99af333014e888599c27ead02710f7bc7199184b30b38653"
@@ -211030,11 +211350,11 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_41AD
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - mimidrv.sys"
 		author = "Florian Roth"
 		id = "8a8887dd-0f3d-5ab4-a945-b47966789b99"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L293-L327"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L294-L328"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "41ad660820c41fc8b1860b13dc1fea8bc8cb2faceb36ed3e29d40d28079d2b1f"
 		hash = "a7a665a695ec3c0f862a0d762ad55aff6ce6014359647e7c7f7e3c4dc3be81b7"
 		hash = "9a42fa1870472c38a56c0a70f62e57a3cdc0f5bc142f3a400d897b85d65800ac"
@@ -211075,11 +211395,11 @@ rule LOLDRIVERS_MAL_Driver_Sensecorp_42B2
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Sense5Ext.sys"
 		author = "Florian Roth"
 		id = "6b64ff77-866b-5d77-b2cf-5e507acc6cb9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L330-L346"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L331-L347"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "42b22faa489b5de936db33f12184f6233198bdf851a18264d31210207827ba25"
 		logic_hash = "72e213913bf4317fa0751775e6a1a82ba2706e79c52fcd3e2c8ca69050e3a9d7"
 		score = 70
@@ -211102,11 +211422,11 @@ rule LOLDRIVERS_MAL_Driver_Legalcorp_Pciexpressvideocapture_FD22
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - PcieCubed.sys"
 		author = "Florian Roth"
 		id = "c9b28922-d4c7-5c09-9df8-b7b8d8ffc2e8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L349-L367"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L350-L368"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "fd223833abffa9cd6cc1848d77599673643585925a7ee51259d67c44d361cce8"
 		logic_hash = "4c47a159595f420c520e6924238bd260f49ccf163208713c72c62638b13756d9"
 		score = 70
@@ -211131,11 +211451,11 @@ rule LOLDRIVERS_MAL_Driver_Windowsrwinddkprovider_Netfiltersys_Windowsrwinddkdri
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - driver_206006a1.sys"
 		author = "Florian Roth"
 		id = "3b3135ae-8e40-5eca-a27e-91c62040b95d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L370-L389"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L371-L390"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "206006a11f233b9ae876952308f6d60d7a75c80b4d530a3e6146a0b4d8cd3e4f"
 		logic_hash = "e08a60ea78951ad56ce06ae3936ac5e1987d066224f79353e812a067265b5a28"
 		score = 70
@@ -211161,11 +211481,11 @@ rule LOLDRIVERS_MAL_Driver_Pinchinstechnologycoltd_Rwtkrlsys_Ransomwareterminato
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - driver_1a74c2bd.sys"
 		author = "Florian Roth"
 		id = "63f1a594-8549-5b93-97d7-883fdca263f1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L392-L411"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L393-L412"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1a74c2bde0c9a76486657ccb9c79ea87c9891a32cdd4aa15c7542f7c9487a539"
 		logic_hash = "b430f08ecf891aa9f6cfb3bc5278413045f6dddfe70f4ad51ab8ccc218a7a379"
 		score = 70
@@ -211191,11 +211511,11 @@ rule LOLDRIVERS_MAL_Driver_Gmer_Gmersys_Gmer_0052
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - gmer64.sys, superman.sys"
 		author = "Florian Roth"
 		id = "a2197304-4455-52bb-ac73-9218b310bb99"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L414-L434"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L415-L435"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0052aa88e42055a2eed5ddd17c3499c692360155e5e031a211edfcef577acce3"
 		hash = "18c909a2b8c5e16821d6ef908f56881aa0ecceeaccb5fa1e54995935fcfd12f7"
 		logic_hash = "1644a972cb9bde33e5e8ec078b0ee67b34b6a298504895f364260b96a453a3ba"
@@ -211222,11 +211542,11 @@ rule LOLDRIVERS_MAL_Driver_Pinchinstechnologycoltd_Rwtkrlsys_Ransomwareterminato
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - driver_930da474.sys"
 		author = "Florian Roth"
 		id = "87bff18c-cbd3-5faa-955f-d215b2f58ea0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L437-L456"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L438-L457"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "930da474a6d1be97b54f2c81e883e14d62897aa58622e5b040e412bd36cee0a7"
 		logic_hash = "b96ea1d9788320b12743f9a50e9afe4fc8accc4e4867e34ec8b7e5134d5842ed"
 		score = 70
@@ -211252,11 +211572,11 @@ rule LOLDRIVERS_MAL_Driver_Mimidrv_Mimidrvmimikatz_2FAF
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - mimidrv.sys"
 		author = "Florian Roth"
 		id = "0160f2aa-f60f-5590-be0a-6751487eab92"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L459-L475"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L460-L476"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2faf95a3405578d0e613c8d88d534aa7233da0a6217ce8475890140ab8fb33c8"
 		logic_hash = "e7b3f0a8f5a91896f7d487a39c622b12fc7488f9f80c80b6b551e7e5f6a67f18"
 		score = 70
@@ -211279,11 +211599,11 @@ rule LOLDRIVERS_MAL_Driver_Pinchinstechnologycoltd_Rwtkrlsys_Ransomwareterminato
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - driver_146b8f4f.sys"
 		author = "Florian Roth"
 		id = "47f0ff39-4726-5c66-90a8-981cbd53d2d1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L478-L497"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L479-L498"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "146b8f4fc91a4915e8f6aa6e0d871f7161a809c46760ef602bab534836142436"
 		logic_hash = "25a4fec1795204ef5e6dec0f1f7f50f21362fc5105489ae387a7358446d4927c"
 		score = 70
@@ -211309,11 +211629,11 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_2FD4
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - mimidrv.sys"
 		author = "Florian Roth"
 		id = "e77f1fc7-4700-5afe-908f-b0d206757365"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L500-L521"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L501-L522"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2fd43a749b5040ebfafd7cdbd088e27ef44341d121f313515ebde460bf3aaa21"
 		hash = "7824931e55249a501074a258b4f65cd66157ee35672ba17d1c0209f5b0384a28"
 		hash = "28f5aa194a384680a08c0467e94a8fc40f8b0f3f2ac5deb42e0f51a80d27b553"
@@ -211341,11 +211661,11 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Ntbiosys_Microsoftrwindowsrntope
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ntbios_2.sys"
 		author = "Florian Roth"
 		id = "f16b4b22-985a-5d39-ae51-709aa9a69d8d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L524-L544"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L525-L545"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c0d88db11d0f529754d290ed5f4c34b4dba8c4f2e5c4148866daabeab0d25f9c"
 		hash = "96bf3ee7c6673b69c6aa173bb44e21fa636b1c2c73f4356a7599c121284a51cc"
 		logic_hash = "74ad0b57644d82a77bc902786250156f5e3700671bdf9765055b5908dc345a67"
@@ -211372,11 +211692,11 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Wintapixsys_Microsoftwindowsoper
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - WinTapix.sys, SRVNET2.SYS"
 		author = "Florian Roth"
 		id = "0bb182e8-e64b-5b01-9ca5-105212ebeb51"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L547-L567"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L548-L568"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "8578bff36e3b02cc71495b647db88c67c3c5ca710b5a2bd539148550595d0330"
 		hash = "1485c0ed3e875cbdfc6786a5bd26d18ea9d31727deb8df290a1c00c780419a4e"
 		logic_hash = "dd85f0dc471425fe692e5a51580a97facdaea45505c48b5e01dd6dbc975f2ffe"
@@ -211403,11 +211723,11 @@ rule LOLDRIVERS_MAL_Driver_Basil_Windivertsys_Windivertdriver_8DA0
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - windivert.sys"
 		author = "Florian Roth"
 		id = "b2c5b02b-7fe2-5dcc-8c96-c67212780220"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L570-L591"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L571-L592"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "8da085332782708d8767bcace5327a6ec7283c17cfb85e40b03cd2323a90ddc2"
 		hash = "2f43f4251be4d72dd56c91bf6cce475d379eb9ba6c4dda2be3022ea633d5e807"
 		hash = "8248306bcc5fae20fd4f3d5c44f962c85cddbe020b34a1799350ce2034154b7d"
@@ -211435,11 +211755,11 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Wantdsys_Microsoftwindowsoperati
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - wantd_6.sys"
 		author = "Florian Roth"
 		id = "5f883209-6887-5cb4-96bb-988898d47c09"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L594-L616"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L595-L617"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e7af7bcb86bd6bab1835f610671c3921441965a839673ac34444cf0ce7b2164e"
 		hash = "b9dad0131c51e2645e761b74a71ebad2bf175645fa9f42a4ab0e6921b83306e3"
 		hash = "8d9a2363b757d3f127b9c6ed8f7b8b018e652369bc070aa3500b3a978feaa6ce"
@@ -211468,11 +211788,11 @@ rule LOLDRIVERS_MAL_Driver_Chingachgukdengerk_Vusbbussys_Virtualusbbusdriver_B4F
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - driver_b4f33ffe.sys"
 		author = "Florian Roth"
 		id = "68298157-58f2-51de-b534-f86bdefe00a6"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L619-L638"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L620-L639"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "b4f33ffef069c18e8a8834eb448dd1f1dbdaae93b140cfff5a1db015eb3ada2f"
 		logic_hash = "00c68cc29903f0a92d8ff711ab539c97033ba03efa5f895005da925db897bdd8"
 		score = 70
@@ -211498,11 +211818,11 @@ rule LOLDRIVERS_MAL_Driver_Gentilkiwibenjamindelpy_Mimidrv_Mimidrvmimikatz_30E0
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - mimidrv.sys"
 		author = "Florian Roth"
 		id = "888de0dc-5643-5e55-8272-9363cc55bfcf"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L641-L661"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L642-L662"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "30e083cd7616b1b969a92fd18cf03097735596cce7fcf3254b2ca344e526acc2"
 		hash = "a906251667a103a484a6888dca3e9c8c81f513b8f037b98dfc11440802b0d640"
 		logic_hash = "e2c964f7e30da210778e8a2e5bb96d53485a0736cf3ff28bccbefacb6b46765a"
@@ -211529,11 +211849,11 @@ rule LOLDRIVERS_MAL_Driver_Pinchinstechnologycoltd_Rwtkrlsys_Ransomwareterminato
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - driver_090d409f.sys"
 		author = "Florian Roth"
 		id = "5c1070f6-a282-5cee-b9bc-ea833b766e1f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L664-L684"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L665-L685"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "090d409f86430e078694e621ad0bd5e458d32aa727f0eb99bda3961577df8d49"
 		hash = "04e1f364c0fcebaa1f0833c0595a976d0625ed3390441b4f2d1aedb314bf2497"
 		logic_hash = "079ccac2c3427b198a0873ee69ab4ce8631a4b35fa3829468883a0acf2852b94"
@@ -211560,11 +211880,11 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Wantdsys_Microsoftwindowsoperati
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - wantd_2.sys"
 		author = "Florian Roth"
 		id = "3bd8b888-8170-5da6-ba1c-f13c1ca27e6f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L687-L706"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L688-L707"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6908ebf52eb19c6719a0b508d1e2128f198d10441551cbfb9f4031d382f5229f"
 		logic_hash = "9cde0a399b852038979993375be2a6d0f9f9f760381e94df0190256e8810949f"
 		score = 70
@@ -211590,11 +211910,11 @@ rule LOLDRIVERS_MAL_Driver_Tonecinc_Idmtdisys_Internetdownloadmanager_2C1B
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - idmtdi.sys"
 		author = "Florian Roth"
 		id = "f09f5edb-c807-599a-8caa-7d892f315462"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L709-L730"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L710-L731"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2c1b65c2988b337182f1ba57b404793454e30a7fd328d34bc2e79857dc437a4a"
 		hash = "44ebb0f534e7cdfec06d5234358d219798a313219b214d72aa23afc5a57d7ea9"
 		hash = "77225a99b2e0e2b4007fb2f5a96d356e13deab45b9ef54c175d5452de8a211a7"
@@ -211622,11 +211942,11 @@ rule LOLDRIVERS_MAL_Driver_Dwadsafeloadsys_E112
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - driver_e1123b59.sys"
 		author = "Florian Roth"
 		id = "ca8a37aa-8bb6-5cf6-ae3a-4747611571a0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L733-L752"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L734-L753"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e1123b59a801e243a64270d0c6ab1277e5e3afba9c19023807409f53c1b0204b"
 		logic_hash = "478f361102f57948fedbc00b49f0874b915b2fc65bb4be900593da8ad4fe24d3"
 		score = 70
@@ -211646,47 +211966,17 @@ rule LOLDRIVERS_MAL_Driver_Dwadsafeloadsys_E112
 	condition:
 		all of them
 }
-rule LOLDRIVERS_MAL_Driver_Paloaltonetworksinc_Cyvrlpcsys_Cortexxdradvancedendpointprotection_2CD7
-{
-	meta:
-		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - idmtdi.sys"
-		author = "Florian Roth"
-		id = "e0bb1b7c-2ce2-5ab8-96fe-0f1d7c26c8b3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
-		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L755-L774"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
-		hash = "2cd7a0c4e8d24404c92e4ed8539b2136028a8ca663f3432e417b00665493e13f"
-		logic_hash = "8f4bf095708c18a441369088b362fb65779c7009bf1c2e8ac2a8e06ef0af44c0"
-		score = 70
-		quality = 80
-		tags = ""
-
-	strings:
-		$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]0043006f007200740065007800200058004400520020004c005000430020004400720069007600650072 }
-		$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]00500061006c006f00200041006c0074006f0020004e006500740077006f0072006b0073002c00200049006e0063002e }
-		$ = { 00460069006c006500560065007200730069006f006e[1-8]0038002e0032002e0032002e00340039003700300038 }
-		$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0038002e0032002e0032002e00340039003700300038 }
-		$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0063007900760072006c00700063002e007300790073 }
-		$ = { 00500072006f0064007500630074004e0061006d0065[1-8]0043006f00720074006500780020005800440052212200200041006400760061006e00630065006400200045006e00640070006f0069006e0074002000500072006f00740065006300740069006f006e }
-		$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0063007900760072006c00700063002e007300790073 }
-		$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]00a9002000500061006c006f00200041006c0074006f0020004e006500740077006f0072006b0073002c00200049006e0063002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064 }
-
-	condition:
-		all of them
-}
 rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Srvnetsys_Microsoftwindowsoperatingsystem_F6C3
 {
 	meta:
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - WinTapix.sys, SRVNET2.SYS"
 		author = "Florian Roth"
 		id = "3559718f-59d7-5bff-860c-6a073f4c05d9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L777-L796"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L756-L775"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f6c316e2385f2694d47e936b0ac4bc9b55e279d530dd5e805f0d963cb47c3c0d"
 		logic_hash = "ab1aea5cec71668c0e35ea149b9e537c8468738c3b3e70382ebedf51bb8729d0"
 		score = 70
@@ -211712,11 +212002,11 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Wantdsys_Microsoftwindowsoperati
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - wantd_3.sys"
 		author = "Florian Roth"
 		id = "43ae822a-c4c4-5525-bfd3-a05d1ec50bd0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L799-L818"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L778-L797"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "81c7bb39100d358f8286da5e9aa838606c98dfcc263e9a82ed91cd438cb130d1"
 		logic_hash = "ec9e321bbc89bffb6243e3edde45e60dc06513e88dfb9a262768ef081db60c5b"
 		score = 70
@@ -211742,11 +212032,11 @@ rule LOLDRIVERS_MAL_Driver_773B
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - mimidrv.sys"
 		author = "Florian Roth"
 		id = "f47ab2f1-86f6-5550-939e-4477ec1c367c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L821-L835"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L800-L814"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "773b4a1efb9932dd5116c93d06681990759343dfe13c0858d09245bc610d5894"
 		logic_hash = "5e01850384ac0dc0e9f33e3e217e0e824cfe3c2bb46feff94dffa070f2f7c9a0"
 		score = 70
@@ -211767,11 +212057,11 @@ rule LOLDRIVERS_MAL_Driver_Sensecorp_7F45
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Sense5Ext.sys"
 		author = "Florian Roth"
 		id = "6c1f5ba4-fd14-5069-9d99-e3072b2dbbc2"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L838-L854"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L817-L833"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7f4555a940ce1156c9bcea9a2a0b801f9a5e44ec9400b61b14a7b1a6404ffdf6"
 		logic_hash = "dbef723d7e44da110675402fc13708c5b077eeb6a66c1772885f5879d795ec4e"
 		score = 70
@@ -211794,11 +212084,11 @@ rule LOLDRIVERS_MAL_Driver_Microsoftcorporation_Ndislansys_Microsoftwindowsopera
 		description = "Detects malicious driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ndislan.sys"
 		author = "Florian Roth"
 		id = "c94adcf3-2ea6-5856-9327-2e5ed1c49b22"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_mal_drivers.yar#L857-L876"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_mal_drivers.yar#L836-L855"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "b0eb4d999e4e0e7c2e33ff081e847c87b49940eb24a9e0794c6aa9516832c427"
 		logic_hash = "4b92b69636dea19a23172def47e9a1bbd4507075ec118b48db30fec377b8fbff"
 		score = 70
@@ -211824,11 +212114,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cpuid_Cpuzsys_Cpuidservice_34BE : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - cpuz.sys"
 		author = "Florian Roth"
 		id = "eacc5085-aa34-5f46-977d-84761649bd6d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2-L29"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2-L29"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "34bee22c18ddbddbe115cf1ab55cabf0e482aba1eb2c343153577fb24b7226d3"
 		hash = "5177a3b7393fb5855b2ec0a45d4c91660b958ee077e76e5a7d0669f2e04bcf02"
 		hash = "368a9c2b6f12adbe2ba65181fb96f8b0d2241e4eae9f3ce3e20e50c3a3cc9aa1"
@@ -211862,11 +212152,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cpuid_Cpuzsys_Cpuidservice_0E85 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - cpuz.sys"
 		author = "Florian Roth"
 		id = "caf170d7-172f-56eb-beae-0c40e7ac78fa"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L32-L60"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L32-L60"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0e8595217f4457757bed0e3cdea25ea70429732b173bba999f02dc85c7e06d02"
 		hash = "73c03b01d5d1eb03ec5cb5a443714b12fa095cc4b09ddc34671a92117ae4bb3a"
 		hash = "b0f6cd34717d0cea5ab394b39a9de3a479ca472a071540a595117219d9a61a44"
@@ -211901,11 +212191,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Wisecleanercom_Wiseunlosys_Wiseunlo_786F : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - WiseUnlo.sys"
 		author = "Florian Roth"
 		id = "78b84e8a-1f92-5954-a1da-19d7208279db"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L63-L86"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L63-L86"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "786f0ba14567a7e19192645ad4e40bee6df259abf2fbdfda35b6a38f8493d6cc"
 		hash = "87aae726bf7104aac8c8f566ea98f2b51a2bfb6097b6fc8aa1f70adeb4681e1b"
 		hash = "daf549a7080d384ba99d1b5bd2383dbb1aa640f7ea3a216df1f08981508155f5"
@@ -211935,11 +212225,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cpuid_Cpuzsys_Cpuidservice_A397 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - cpuz.sys"
 		author = "Florian Roth"
 		id = "957addda-818b-504f-98b4-63fdfed768b4"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L89-L122"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L89-L122"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a3975db1127c331ba541fffff0c607a15c45b47aa078e756b402422ef7e81c2c"
 		hash = "6befa481e8cca8084d9ec3a1925782cd3c28ef7a3e4384e034d48deaabb96b63"
 		hash = "f7e0cca8ad9ea1e34fa1a5e0533a746b2fa0988ba56b01542bc43841e463b686"
@@ -211979,11 +212269,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_D7E0 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - zam64.sys, zamguard32.sys, zamguard64.sys"
 		author = "Florian Roth"
 		id = "62c2caf4-0f8e-5873-bc77-ea5a6b390e29"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L125-L142"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L125-L142"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d7e091e0d478c34232e8479b950c5513077b3a69309885cee4c61063e5f74ac0"
 		logic_hash = "229c98a4e55486cde122edd3a846c6cec6b242ee9e0269bf25e92d1e00e63d67"
 		score = 40
@@ -212007,11 +212297,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cpuid_Cpuzsys_Cpuidservice_2298 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - cpuz.sys"
 		author = "Florian Roth"
 		id = "85b7f3f1-6324-543f-8855-8cb13096b367"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L145-L170"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L145-L170"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2298e838e3c015aedfb83ab18194a2503fe5764a862c294c8b39c550aab2f08e"
 		hash = "2a6db9facf9e13d35c37dd468be04bae5f70c6127a9aee76daebddbdec95d486"
 		hash = "69640e9209f8e2ac25416bd3119b5308894b6ce22b5c80cb5d5f98f2f85d42ce"
@@ -212043,11 +212333,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asrockincorporation_Asrdrvsys_Asrockiodriver_4D0
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AsrDrv.sys"
 		author = "Florian Roth"
 		id = "b35951c3-d0df-5a4d-8c81-333adee6310e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L173-L202"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L173-L202"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4d03a01257e156a3a018230059052791c3cde556e5cec7a4dd2f55f65c06e146"
 		hash = "3943a796cc7c5352aa57ccf544295bfd6fb69aae147bc8235a00202dc6ed6838"
 		hash = "950a4c0c772021cee26011a92194f0e58d61588f77f2873aa0599dff52a160c9"
@@ -212083,11 +212373,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Getactechnologycorporation_Mtcbsvsys_Getacsystem
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - GtcKmdfBs.sys"
 		author = "Florian Roth"
 		id = "c321b01f-a328-5fba-81d9-fa55af63ce5c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L205-L224"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L205-L224"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0abca92512fc98fe6c2e7d0a33935686fc3acbd0a4c68b51f4a70ece828c0664"
 		logic_hash = "5c46f095f8329b4dab225ff3b15eb102ecfa9f25f0f86f1d18ea3a6690e267b8"
 		score = 40
@@ -212113,11 +212403,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Razerinc_Rzpnk_Rzpnk_D7B7 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rzpnk.sys"
 		author = "Florian Roth"
 		id = "d9aab490-9368-54fa-8fc2-711c0446b19c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L227-L249"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L227-L249"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d7b743c3f98662c955c616e0d1bb0800c9602e5b6f2385336a72623037bfd6dd"
 		hash = "567809308cfb72d59b89364a6475f34a912d03889aa50866803ac3d0bf2c3270"
 		hash = "93d873cdf23d5edc622b74f9544cac7fe247d7a68e1e2a7bf2879fad97a3ae63"
@@ -212146,11 +212436,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Netfiltersys_Windowsrwind
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - netfilter2.sys"
 		author = "Florian Roth"
 		id = "8fb3920a-b0bf-57b3-bf15-24f323efde31"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L252-L277"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L252-L277"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9dbc2a37f53507296cc912e7d354dab4e55541ba821561aa84f74d1bd8346be2"
 		hash = "65a3e69854c729659281d2c5f8a4c8274ad3606befdcd9e1b79d3262f260bfa1"
 		hash = "71701c5c569ef67391c995a12b21ca06935b7799ed211d978f7877115c58dce0"
@@ -212182,11 +212472,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Lgdatacatchersys_Gameacc_
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - LgDataCatcher.sys"
 		author = "Florian Roth"
 		id = "4d2f4d82-aa28-5be1-8e0a-9db164a4bb50"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L280-L301"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L280-L301"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "07fb2bb6c852f6a6fe982b2232f047e167be39738bac26806ffe0927ba873756"
 		hash = "516159871730b18c2bddedb1a9da110577112d4835606ee79bb80e7a58784a13"
 		hash = "45b07a2f387e047a6bb0e59b7f22fb56182d57b50e84e386a38c2dbb7e773837"
@@ -212214,11 +212504,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Innotekgmbh_Vboxguest_Virtualboxguestadditions_D
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - vboxguest.sys"
 		author = "Florian Roth"
 		id = "f3412abe-99c6-5ced-823c-1c681f446bab"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L304-L323"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L304-L323"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d53f9111a5e6c94b37e3f39c5860897405cb250dd11aa91c3814a98b1759c055"
 		logic_hash = "06994b6e75aefad03b1346e1bcaf68dca8464526bf182557257c4f5635bb93ce"
 		score = 40
@@ -212244,11 +212534,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Eldoscorporation_Elrawdsksys_Rawdisk_4744 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elrawdsk.sys"
 		author = "Florian Roth"
 		id = "13de286c-92f2-5677-86ee-99c70a338c8e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L326-L346"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L326-L346"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4744df6ac02ff0a3f9ad0bf47b15854bbebb73c936dd02f7c79293a2828406f6"
 		hash = "5a826b4fa10891cf63aae832fc645ce680a483b915c608ca26cedbb173b1b80a"
 		logic_hash = "01faeb5fe7618ce1135a8532c76357cfea1dfb0932e3d7c4cf9ff7d1c8c1d8fb"
@@ -212275,11 +212565,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Gigabytetechnologycoltd_Gdrvsys_Gigabytesoftware
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - gdrv.sys"
 		author = "Florian Roth"
 		id = "03cc80bd-699d-5c23-9acc-a523fa3110f3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L349-L368"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L349-L368"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "81aafae4c4158d0b9a6431aff0410745a0f6a43fb20a9ab316ffeb8c2e2ccac0"
 		logic_hash = "8be18437fb165bab491d1d63b01d744f14df8594288bf0d447b76913de934aa9"
 		score = 40
@@ -212305,11 +212595,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Amdryzenmasterdriversys_Amd
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AMDRyzenMasterDriver.sys"
 		author = "Florian Roth"
 		id = "40d54ac5-209a-5f0e-b799-f492b7fcc973"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L371-L390"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L371-L390"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f6cd7353cb6e86e98d387473ed6340f9b44241867508e209e944f548b9db1d5f"
 		logic_hash = "1f489ec71f92390aeb4137ba72cb88a950ed91f8e67bb82cf176a8c2fb4ef50f"
 		score = 40
@@ -212335,11 +212625,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "3d265316-2b94-581a-b44a-fe015d316eff"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L393-L412"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L393-L412"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2594b3ef3675ca3a7b465b8ed4962e3251364bab13b12af00ebba7fa2211abb2"
 		logic_hash = "ef0e7b48aaee9dc6251120a879a192993d86043dbfd11e2be1f6e675aaa4d2e4"
 		score = 40
@@ -212365,11 +212655,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_8473 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nicm.sys"
 		author = "Florian Roth"
 		id = "730567f0-ae1e-5d8d-a9e6-df176faf4878"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L415-L437"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L415-L437"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "84739539aa6a9c9cb3c48c53f9399742883f17f24e081ebfa7bfaaf59f3ed451"
 		hash = "6c7120e40fc850e4715058b233f5ad4527d1084a909114fd6a36b7b7573c4a44"
 		hash = "e279e425d906ba77784fb5b2738913f5065a567d03abe4fd5571695d418c1c0f"
@@ -212398,11 +212688,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Highresolutionenterpriseswwwhighrezcouk_Inpoutsy
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - inpout32.sys"
 		author = "Florian Roth"
 		id = "0ce7b65a-8472-5964-88cf-879cdd3c15a2"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L440-L463"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L440-L463"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "cfab93885e5129a86d13fd380d010cc8c204429973b776ab1b472d84a767930f"
 		hash = "945ee05244316ff2f877718cf0625d4eb34e6ec472f403f958f2a700f9092507"
 		hash = "7db320e49139f636c8b6d12b6c78b666a62599e9d59587ba87c6b89b0a34b18d"
@@ -212432,11 +212722,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_4CD8 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - libnicm.sys"
 		author = "Florian Roth"
 		id = "62e8e5f9-be64-5989-ace0-71a5910cef95"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L466-L486"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L466-L486"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4cd80f4e33b713570f6a16b9f77679efa45a466737e41db45b41924e7d7caef4"
 		hash = "00c02901472d74e8276743c847b8148be3799b0e3037c1dfdca21fa81ad4b922"
 		hash = "66a20fc2658c70facd420f5437a73fa07a5175998e569255cfb16c2f14c5e796"
@@ -212463,11 +212753,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Innotekgmbh_Vboxguest_Virtualboxguestadditions_9
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - vboxguest.sys"
 		author = "Florian Roth"
 		id = "b569d61f-4b07-50f7-8e3f-a63631a060a0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L489-L508"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L489-L508"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "983310cdce8397c016bfcfcc9c3a8abbb5c928b235bc3c3ae3a3cc10ef24dfbd"
 		logic_hash = "8d2323bd83c70339f41fc8f90c67729f57ee1e54dc4f7d05dfded438c7bc419a"
 		score = 40
@@ -212493,11 +212783,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Rweverything_Rwdrvsys_Rwdrvdriver_45BA : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - RwDrv.sys"
 		author = "Florian Roth"
 		id = "c9279259-59ab-5816-aa59-4d8d53f95793"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L511-L537"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L511-L537"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "45ba688a4bded8a7e78a4f5b0dc21004e951ddceb014bb92f51a3301d2fbc56a"
 		hash = "bdcacb9f373b017d0905845292bca2089feb0900ce80e78df1bcaae8328ce042"
 		hash = "3279593db91bb7ad5b489a01808c645eafafda6cc9c39f50d10ccc30203f2ddf"
@@ -212530,11 +212820,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Vmdrvsys_Windowsrwinddkdr
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - vmdrv.sys"
 		author = "Florian Roth"
 		id = "20989ad0-08b4-5fe0-b4cc-9846bdf4bb89"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L540-L561"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L540-L561"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "5c0b429e5935814457934fa9c10ac7a88e19068fa1bd152879e4e9b89c103921"
 		hash = "32cccc4f249499061c0afa18f534c825d01034a1f6815f5506bf4c4ff55d1351"
 		hash = "d884ca8cc4ef1826ca3ab03eb3c2d8f356ba25f2d20db0a7d9fc251c565be7f3"
@@ -212562,11 +212852,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Amdryzenmasterdriversys_Amd
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AMDRyzenMasterDriver.sys"
 		author = "Florian Roth"
 		id = "c810bb03-5e0d-501a-af32-66a5f73b410e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L564-L584"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L564-L584"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a13054f349b7baa8c8a3fcbd31789807a493cc52224bbff5e412eb2bd52a6433"
 		hash = "7e81beae78e1ddbf6c150e15667e1f18783f9b0ab7fbe52c7ab63e754135948d"
 		logic_hash = "46c2abfe24d092b974e0916f7ccf53b71c12f3d438dff3e0ef9ffd1c253b0144"
@@ -212593,11 +212883,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfoisys_Hwinfoiakerneldriver_33C6 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HWiNFO64I.SYS"
 		author = "Florian Roth"
 		id = "04f7cd8f-1716-5b97-861c-0c8601774332"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L587-L606"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L587-L606"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "33c6c622464f80a8d8017a03ff3aa196840da8bb03bfb5212b51612b5cf953dc"
 		logic_hash = "b9ec2a1a569f6972c9713a8e1512b0de974b4536bc92bd5466ee808d7574fada"
 		score = 40
@@ -212623,11 +212913,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevicesinc_Pdfwkrnlsys_Usbcpowerdel
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - PDFWKRNL.sys"
 		author = "Florian Roth"
 		id = "84e31b9f-a36a-51c8-8f71-59748c8e9765"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L609-L628"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L609-L628"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6945077a6846af3e4e2f6a2f533702f57e993c5b156b6965a552d6a5d63b7402"
 		logic_hash = "06b458c2f8c6eb5dadf2a05c69225fdc4cbd6bd48e4380fa224573139de6a466"
 		score = 40
@@ -212653,11 +212943,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Fintekcorp_Fintekcorpfintekpcieuart_32BD : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - FPCIE2COM.sys"
 		author = "Florian Roth"
 		id = "61ea6f89-2dc0-525c-919a-8b47b85f0240"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L631-L651"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L631-L651"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "32bd0edb9daa60175b1dc054f30e28e8dbfa293a32e6c86bfd06bc046eaa2f9e"
 		hash = "17942865680bd3d6e6633c90cc4bd692ae0951a8589dbe103c1e293b3067344d"
 		hash = "b1920889466cd5054e3ab6433a618e76c6671c3e806af8b3084c77c0e7648cbe"
@@ -212684,11 +212974,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_42B3 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ngiodriver.sys"
 		author = "Florian Roth"
 		id = "613560d6-26ea-5a38-8d88-95988af8371f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L654-L674"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L654-L674"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "42b31b850894bf917372ff50fbe1aff3990331e8bd03840d75e29dcc1026c180"
 		hash = "c0c52425dd90f36d110952c665e5b644bb1092f952942c07bb4da998c9ce6e5b"
 		logic_hash = "d9437369dd7a913176a1351f991216f3190b608f3a3182e891bdb7778835b815"
@@ -212715,11 +213005,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Microsoftcorporation_Afdsys_Microsoftwindowsoper
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Afd.sys"
 		author = "Florian Roth"
 		id = "c0dfa4ea-9c70-5696-9ea3-3ed753e95341"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L677-L696"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L677-L696"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ebf6be42d39fd5d9361afa43479f883ff8eba97d72f313ece289f78cb51c22f2"
 		logic_hash = "b20fcedf6bd67443ceefce372515f4fb260476a9c5e0899fa0321944a4558e3d"
 		score = 40
@@ -212745,11 +213035,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpot_Avginternetsecurit
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "0cf3d047-c497-5957-b0d3-717220393501"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L699-L718"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L699-L718"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "5bd41a29cbba0d24e639f49d1f201b9bd119b11f5e3b8a5fefa3a5c6f1e7692c"
 		logic_hash = "69948e6d3cc375d78ba95a51c7a78e5a3f17e0ca07cf1e3e53d54f350d9ac0a9"
 		score = 40
@@ -212775,11 +213065,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Innotekgmbh_Vboxusbsys_Virtualboxusbdriver_C509
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxUSB.Sys"
 		author = "Florian Roth"
 		id = "85270071-0faf-5672-9c20-1f8244bf18eb"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L721-L740"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L721-L740"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c509935f3812ad9b363754216561e0a529fc2d5b8e86bfa7302b8d149b7d04aa"
 		logic_hash = "5bf3a4f5e3f674c4f32de55abd9d1981ad0b1fd48fb460905d017096b30ae10e"
 		score = 40
@@ -212805,11 +213095,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Netfiltersys_F171 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - netfilter2.sys"
 		author = "Florian Roth"
 		id = "7572033b-bb49-531f-a14a-decf9a50aab3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L743-L762"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L743-L762"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f1718a005232d1261894b798a60c73d971416359b70d0e545d7e7a40ed742b71"
 		logic_hash = "2879360aef7b25e7d5ea9e4cbdce9f60a33ca4181ef35e18117e69832589cc73"
 		score = 40
@@ -212835,11 +213125,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_DD4F : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NICM.sys"
 		author = "Florian Roth"
 		id = "e9506ae9-b5ea-5ed7-a126-1b6070df89d0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L765-L787"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L765-L787"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "dd4fedd5662122cbfe046a12e2137294ef1cb7822238d9e24eacc78f22f8e93d"
 		hash = "904e0f7d485a98e8497d5ec6dd6e6e1cf0b8d8e067fb64a9e09790af3c8c9d5a"
 		hash = "1c2f1e2b0cc4da128feb73a6b9dd040df8495fefe861d69c9f44778c6ddb9b9b"
@@ -212868,11 +213158,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_7627 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nicm.sys"
 		author = "Florian Roth"
 		id = "ccce2f4d-4cdc-5ea5-a8dd-271f7d7b5482"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L790-L809"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L790-L809"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "76276c87617b836dd6f31b73d2bb0e756d4b3d133bddfe169cb4225124ca6bfb"
 		hash = "1e9c236ed39507661ec32731033c4a9b9c97a6221def69200e03685c08e0bfa7"
 		logic_hash = "eba1a04dc1de06122a8bad80399c4233b9c3101f4fcbc805ec7615010da76833"
@@ -212898,11 +213188,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "0c0b8367-fb93-5f0c-8fac-28bd19c20166"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L812-L832"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L812-L832"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "16ae28284c09839900b99c0bdf6ce4ffcd7fe666cfd5cfb0d54a3ad9bea9aa9c"
 		hash = "d54ac69c438ba77cde88c6efd6a423491996d4e8a235666644b1db954eb1da9c"
 		logic_hash = "4c4359af17cfc03947722c644064fa2e2bacc5adcbd66499bfba4aa483ac56f6"
@@ -212929,11 +213219,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Computerz_Computerzsys_Computerzsystemdriver_61F
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "ca51c99d-79fe-57b3-9832-adfb2d1d59d4"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L835-L854"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L835-L854"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "61f3b1c026d203ce94fab514e3d15090222c0eedc2a768cc2d073ec658671874"
 		logic_hash = "73d2e39a2e1d9810f5f0999a8f79a238a36305d36db731a3e84859e6d15bfdd8"
 		score = 40
@@ -212959,11 +213249,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - procexp.Sys"
 		author = "Florian Roth"
 		id = "e6f3c13e-0cec-5430-beeb-fc980dd29887"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L857-L886"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L857-L886"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "88e2e6a705d3fb71b966d9fb46dc5a4b015548daf585fb54dfcd81dc0bd3ebdc"
 		hash = "f29073dc99cb52fa890aae80037b48a172138f112474a1aecddae21179c93478"
 		hash = "89b9823ed974a5b71de8468324d45b7e9d6dc914f93615ba86c6209b25b3cbf7"
@@ -212999,11 +213289,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Cpuzsys_Windowsrwinddkdri
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - cpuz.sys"
 		author = "Florian Roth"
 		id = "145b846a-8721-5a56-aa76-6d7d5dd16562"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L889-L919"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L889-L919"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1f4d4db4abe26e765a33afb2501ac134d14cadeaa74ae8a0fae420e4ecf58e0c"
 		hash = "c3e150eb7e7292f70299d3054ed429156a4c32b1f7466a706a2b99249022979e"
 		hash = "922d23999a59ce0d84b479170fd265650bc7fae9e7d41bf550d8597f472a3832"
@@ -213040,11 +213330,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Mitactechnologycorporation_Vdbsvsys_Mitacsystems
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VdBSv64.sys"
 		author = "Florian Roth"
 		id = "513c1b59-e721-5bbf-979a-31c25c4d566e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L922-L941"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L922-L941"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "91afa3de4b70ee26a4be68587d58b154c7b32b50b504ff0dc0babc4eb56578f4"
 		logic_hash = "e93e2620e452d0d6d834057921ed0de35309098130b47e98da7c1e87b31b86ee"
 		score = 40
@@ -213070,11 +213360,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_00B3 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nicm.sys"
 		author = "Florian Roth"
 		id = "638c6150-1380-57d7-b2a2-acfd4302e2b5"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L944-L966"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L944-L966"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "00b3ff11585c2527b9e1c140fd57cb70b18fd0b775ec87e9646603056622a1fd"
 		hash = "3140005ce5cac03985f71c29732859c88017df9d41c3761aa7c57bbcb7ad2928"
 		hash = "18f306b6edcfacd33b7b244eaecdd0986ef342f0d381158844d1f0ee1ac5c8d7"
@@ -213103,11 +213393,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_B50F : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - libnicm.sys"
 		author = "Florian Roth"
 		id = "fc6032d2-ef08-5fdb-be73-39dd42185b13"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L969-L991"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L969-L991"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "b50ffc60eaa4fb7429fdbb67c0aba0c7085f5129564d0a113fec231c5f8ff62e"
 		hash = "dd2f1f7012fb1f4b2fb49be57af515cb462aa9c438e5756285d914d65da3745b"
 		hash = "b37b3c6877b70289c0f43aeb71349f7344b06063996e6347c3c18d8c5de77f3b"
@@ -213136,11 +213426,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Openlibsysorg_Winringsys_Winring_11BD : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - WinRing0.sys, WinRing0x64"
 		author = "Florian Roth"
 		id = "370f3fc6-6199-5c19-a0b5-8c02fb89f30a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L994-L1014"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L994-L1014"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "11bd2c9f9e2397c9a16e0990e4ed2cf0679498fe0fd418a3dfdac60b5c160ee5"
 		hash = "a7b000abbcc344444a9b00cfade7aa22ab92ce0cadec196c30eb1851ae4fa062"
 		logic_hash = "e5777a3a1e71f287c18434a48c2990abd3e202c919378a9473541abe2b8f0ba5"
@@ -213167,11 +213457,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowswinowsdriverkitsprovider_Hwrwdrvsys_Hardw
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HwRwDrv.sys"
 		author = "Florian Roth"
 		id = "fa8e9fd9-7d07-5e05-a8d0-3769b9dd9157"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1017-L1036"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1017-L1036"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "21ccdd306b5183c00ecfd0475b3152e7d94b921e858e59b68a03e925d1715f21"
 		logic_hash = "da6f9de9c0529ef274b989f63d9d6308ea78a0f7f91d81caaafb5478412c33eb"
 		score = 40
@@ -213197,11 +213487,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpot_Avastantivirus_AD8F : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "25dc4405-52ae-51f9-9afd-49f2a9fcaa08"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1039-L1058"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1039-L1058"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ad8ffccfde782bc287241152cf24245a8bf21c2530d81c57e17631b3c4adb833"
 		logic_hash = "fba0440ab68b148f26224cce5d2b8bdb684a2d185502fb3b920fe12288e6d775"
 		score = 40
@@ -213227,11 +213517,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_3124 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NTIOLib.sys"
 		author = "Florian Roth"
 		id = "25893130-a0b5-5c5c-b7d2-e22bf8eec311"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1061-L1080"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1061-L1080"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3124b0411b8077605db2a9b7909d8240e0d554496600e2706e531c93c931e1b5"
 		logic_hash = "4e22250223e272624f9608e7981ba91c1fb0e00eaf6d8388b81ad91fd8dbcc5c"
 		score = 40
@@ -213257,11 +213547,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - DcProtect.sys"
 		author = "Florian Roth"
 		id = "4b402b27-36ca-5e2c-bb00-64ab93b8720f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1083-L1102"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1083-L1102"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ff55c1f308a5694eb66a3e9ba326266c826c5341c44958831a7a59a23ed5ecc8"
 		logic_hash = "298b509c736082f651b32be6ff3ba8b2044d48e8d1ac5c411449524750794d4f"
 		score = 40
@@ -213287,11 +213577,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_A855 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nscm.sys"
 		author = "Florian Roth"
 		id = "8cc90fa3-6be0-5b67-a555-0c922947fa60"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1105-L1125"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1105-L1125"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a855b6ec385b3369c547a3c54e88a013dd028865aba0f3f08be84cdcbaa9a0f6"
 		hash = "49ef680510e3dac6979a20629d10f06822c78f45b9a62ec209b71827a526be94"
 		hash = "653f6a65e0e608cae217bea2f90f05d8125cf23f83ba01a60de0f5659cfa5d4d"
@@ -213318,11 +213608,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiosys_Realtekiodriver_DB71 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtkio.sys, rtkio64.sys, rtkiow8x64.sys, rtkiow10x64.sys"
 		author = "Florian Roth"
 		id = "85b1e297-b9f8-5147-93e3-a084ec658782"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1128-L1147"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1128-L1147"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "db711ec3f4c96b60e4ed674d60c20ff7212d80e34b7aa171ad626eaa8399e8c7"
 		logic_hash = "c62675b8ae01311a74bd0b0717219dde73badf621f2b6af1d5d6ff12317048f0"
 		score = 40
@@ -213348,11 +213638,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Iobit_Monitorsys_Advancedsystemcare_E4A7 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Monitor_win10_x64.sys"
 		author = "Florian Roth"
 		id = "65b75be5-98a2-56ca-bb4a-cfd0c6871c0e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1150-L1169"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1150-L1169"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e4a7da2cf59a4a21fc42b611df1d59cae75051925a7ddf42bf216cc1a026eadb"
 		logic_hash = "798dad45f7ac1267da440c3ca7aba1da1dbd2bdead9b6979379902e009bbd2a2"
 		score = 40
@@ -213378,11 +213668,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Iobit_Iobitunlockersys_Iobitunlocker_2B33 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iobitunlocker.sys"
 		author = "Florian Roth"
 		id = "ce40dddf-a58e-542b-b2d9-45f55c502d35"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1172-L1203"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1172-L1203"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2b33df9aff7cb99a782b252e8eb65ca49874a112986a1c49cd9971210597a8ae"
 		hash = "faa9aa7118ecf9bb6594281f6b582f1ced0cc62d5db09a2fbf9b7ce70c532285"
 		hash = "507724d96a54f3e45c16a065bf38ae82a9b80d07096a461068a701cae0c1cf29"
@@ -213420,11 +213710,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Phoenixtechnologiesltd_Phlashnt_Winphlash_65DB :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - PhlashNT.sys"
 		author = "Florian Roth"
 		id = "7c0b1c20-b3ef-56e9-b2e2-e2542c7a85e3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1206-L1225"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1206-L1225"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "65db1b259e305a52042e07e111f4fa4af16542c8bacd33655f753ef642228890"
 		logic_hash = "52b33a82d9835242e397f693094494508a9a1e17ab7125ad6818130f4b2dc2de"
 		score = 40
@@ -213450,11 +213740,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Arthurliberman_Alsysiosys_Alsysio_7196 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ALSysIO64.sys"
 		author = "Florian Roth"
 		id = "3b631d10-d727-53f8-8f56-87695e305198"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1228-L1247"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1228-L1247"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7196187fb1ef8d108b380d37b2af8efdeb3ca1f6eefd37b5dc114c609147216d"
 		logic_hash = "c69a031ad9d7eff41358cd2ae9404c25c48ca747ac5fc9b806e48be2fe59aee8"
 		score = 40
@@ -213480,11 +213770,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Aoddriversys_Amdoverdrivese
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AODDriver.sys"
 		author = "Florian Roth"
 		id = "200fe944-ea33-52ad-9729-a42319b169a8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1250-L1270"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1250-L1270"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f4dc11b7922bf2674ca9673638e7fe4e26aceb0ebdc528e6d10c8676e555d7b2"
 		hash = "070ff602cccaaef9e2b094e03983fd7f1bf0c0326612eb76593eabbf1bda9103"
 		logic_hash = "6d49bcb5159d3be15ec42748089baff846ce661446a73d7986deb945e379a45f"
@@ -213511,11 +213801,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrddkprovider_Rtportsys_Windowsrddkprovide
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtport.sys"
 		author = "Florian Roth"
 		id = "85e60907-b5da-5c9a-811e-0ddb0c850087"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1273-L1293"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1273-L1293"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "8fe429c46fedbab8f06e5396056adabbb84a31efef7f9523eb745fc60144db65"
 		hash = "71423a66165782efb4db7be6ce48ddb463d9f65fd0f266d333a6558791d158e5"
 		logic_hash = "c768c1592586c6a053f69d8f64c66ba213dc054113d98f3144610fdb5978a0f1"
@@ -213542,11 +213832,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Anticheatexpertcom_Acebase_Anticheatexpert_7326
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ACE-BASE.sys"
 		author = "Florian Roth"
 		id = "5a93b810-f40c-56eb-a3da-8075fb9b15a9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1296-L1314"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1296-L1314"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7326aefff9ea3a32286b423a62baebe33b73251348666c1ee569afe62dd60e11"
 		logic_hash = "c309c294def3fb6601ab76b4b67bdda0d38db398a8a56b0ced0d4ce8cafc8602"
 		score = 40
@@ -213571,11 +213861,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Gigabytetechnologycoltd_Gdrvsys_Gigabytesoftware
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - gdrv.sys"
 		author = "Florian Roth"
 		id = "f1f06952-1500-57af-8486-eb127a90b110"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1317-L1336"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1317-L1336"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "133e542842656197c5d22429bd56d57aa33c9522897fdf29853a6d321033c743"
 		logic_hash = "8294e9a9d7bf9e4471d494ca78db936c69b2b2ee495207cde79aeabff9910463"
 		score = 40
@@ -213601,11 +213891,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_1072 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ngiodriver.sys"
 		author = "Florian Roth"
 		id = "8604d594-f5ab-5015-907a-4424cd2e62b8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1339-L1359"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1339-L1359"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1072beb3ff6b191b3df1a339e3a8c87a8dc5eae727f2b993ea51b448e837636a"
 		hash = "e8eb1c821dbf56bde05c0c49f6d560021628df89c29192058ce68907e7048994"
 		logic_hash = "99645f9bf3c3ba88788ad609ee067cdda808effac07990db725b9be5fca32658"
@@ -213632,11 +213922,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cpuid_Cpuzsys_Cpuidservice_8A07 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - cpuz.sys"
 		author = "Florian Roth"
 		id = "6820d35b-66a3-512f-a734-0adefbf6a183"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1362-L1391"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1362-L1391"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "8a0702681bc51419fbd336817787a966c7f92cabe09f8e959251069578dfa881"
 		hash = "26e3bfef255efd052a84c3c43994c73222b14c95db9a4b1fc2e98f1a5cb26e43"
 		hash = "65e3548bc09dffd550e79501e3fe0fee268f895908e2bba1aa5620eb9bdac52d"
@@ -213672,11 +213962,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cpuid_Cpuzsys_Cpuidservice_0D37 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - cpuz.sys"
 		author = "Florian Roth"
 		id = "46f31bf7-9e9f-5fe2-95cc-1b0be823c41b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1394-L1431"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1394-L1431"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0d3790af5f8e5c945410929e31d06144a471ac82f828afe89a4758a5bbeb7f9f"
 		hash = "523d1d43e896077f32cd9acaa8e85b513bfb7b013a625e56f0d4e9675d9822ba"
 		hash = "df0dcfb3971829af79629efd036b8e1c6e2127481b3644ccc6e2ddd387489a15"
@@ -213720,11 +214010,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Proxydrvsys_Nn_C0E7 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ProxyDrv.sys"
 		author = "Florian Roth"
 		id = "e50ded09-0134-5c76-85e5-9fed8302e1e8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1434-L1453"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1434-L1453"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c0e74f565237c32989cb81234f4b5ad85f9dd731c112847c0a143d771021cb99"
 		logic_hash = "b4248d60006efcf3f489cfad8a68bbf594bd45f75e8b9c8d7b9f727c6ee05042"
 		score = 40
@@ -213750,11 +214040,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_5381 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nscm.sys"
 		author = "Florian Roth"
 		id = "29276926-535b-55f9-a882-845fc9561513"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1456-L1476"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1456-L1476"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "53810ca98e07a567bb082628d95d796f14c218762cbbaa79704740284dccda4b"
 		hash = "8e88cb80328c3dbaa2752591692e74a2fae7e146d7d8aabc9b9ac9a6fe561e6c"
 		hash = "003e61358878c7e49e18420ee0b4a37b51880be40929a76e529c7b3fb18e81b4"
@@ -213781,11 +214071,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Netfiltersys_26D6 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - netfilter2.sys"
 		author = "Florian Roth"
 		id = "906cd223-3c34-5e3b-8a04-97b87e9e1752"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1479-L1500"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1479-L1500"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "26d67d479dafe6b33c980bd1eed0b6d749f43d05d001c5dcaaf5fcddb9b899fe"
 		hash = "6a234a2b8eb3844f7b5831ee048f88e8a76e9d38e753cc82f61b234c79fe1660"
 		hash = "2fa78c2988f9580b0c18822b117d065fb419f9c476f4cfa43925ba6cd2dffac3"
@@ -213813,11 +214103,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustek_Driversys_Ectool_927C : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - driver7-x86-withoutdbg.sys"
 		author = "Florian Roth"
 		id = "4513216a-2654-5743-8550-01e82743f67a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1503-L1525"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1503-L1525"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "927c2a580d51a598177fa54c65e9d2610f5f212f1b6cb2fbf2740b64368f010a"
 		hash = "42851a01469ba97cdc38939b10cf9ea13237aa1f6c37b1ac84904c5a12a81fa0"
 		hash = "1beb15c90dcf7a5234ed077833a0a3e900969b60be1d04fcebce0a9f8994bdbb"
@@ -213846,11 +214136,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmelsys_Trendmicroearlylaunchantim
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Tmel.sys"
 		author = "Florian Roth"
 		id = "31dc7b9b-b8bd-5af5-be43-ad3bfdc2a5b3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1528-L1547"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1528-L1547"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "dd628061d6e53f3f0b44f409ad914b3494c5d7b5ff6ff0e8fc3161aacec93e96"
 		logic_hash = "f0bf2e418bed091c1d9f1d604f284586f27d2d28b277c29f241aeaee9b9bdccf"
 		score = 40
@@ -213876,11 +214166,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorp_Stdcdrvwssys_Selftestdatacollectordriv
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - stdcdrvws64.sys"
 		author = "Florian Roth"
 		id = "8915229e-1b50-5c66-b20c-7221e3645c17"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1550-L1569"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1550-L1569"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "70afdc0e11db840d5367afe53c35d9642c1cf616c7832ab283781d085988e505"
 		logic_hash = "06aae42f1cfaaa5d797ef384786a8cdb54685465240d324216d8832be82c5db0"
 		score = 40
@@ -213906,11 +214196,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realteksemiconductorcorp_Rtportsys_Realtekportio
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtport.sys"
 		author = "Florian Roth"
 		id = "4f6b5de0-26e8-50f8-b4a1-948b6acebb62"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1572-L1591"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1572-L1591"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ff322cd0cc30976f9dbdb7a3681529aeab0de7b7f5c5763362b02c15da9657a1"
 		logic_hash = "814b2a2bc284623f620341ec841cd080eb04ef9c9f4a11387d0b79c5010e70e8"
 		score = 40
@@ -213936,11 +214226,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiosys_Realtekiodriver_A6F7 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtkio.sys, rtkio64.sys, rtkiow8x64.sys, rtkiow10x64.sys"
 		author = "Florian Roth"
 		id = "f8f7041b-7141-5f0e-9bec-aaf2b54e5c94"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1594-L1613"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1594-L1613"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a6f7897cd08fe9de5e902bb204ff87215584a008f458357d019a50d6139ca4af"
 		logic_hash = "e6b52b789ba1f5bf60722a7b4ec2f94e650b186605ea558780018edaa74090b4"
 		score = 40
@@ -213966,11 +214256,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_834A : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - libnicm.sys"
 		author = "Florian Roth"
 		id = "e37497ee-2ee8-5517-8cbe-8aa218770816"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1616-L1635"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1616-L1635"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "834a3d755b5ae798561f8e5fbb18cf28dfcae7a111dc6a03967888e9d10f6d78"
 		hash = "e89cb7217ec1568b43ad9ca35bf059b17c3e26f093e373ab6ebdeee24272db21"
 		logic_hash = "54a915ecbb2fb9f77603a19628d8130cf9896bc649618e3448442e1408b1f8a4"
@@ -213996,11 +214286,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustekcomputerinc_Eiosys_Asusvgakernelmodedrive
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - EIO.sys"
 		author = "Florian Roth"
 		id = "609554bc-0f2f-5861-ad56-fc7a772459a6"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1638-L1659"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1638-L1659"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f4c7e94a7c2e49b130671b573a9e4ff4527a777978f371c659c3f97c14d126de"
 		hash = "cf69704755ec2643dfd245ae1d4e15d77f306aeb1a576ffa159453de1a7345cb"
 		hash = "1fac3fab8ea2137a7e81a26de121187bf72e7d16ffa3e9aec3886e2376d3c718"
@@ -214028,11 +214318,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_F42E : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "8368db29-0a16-5a24-9053-ec5b079c1afc"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1662-L1681"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1662-L1681"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f42eb29f5b2bcb2a70d796fd71fd1b259d5380b216ee672cf46dcdd4604b87ad"
 		logic_hash = "2bbf7257a20468f12ffa8e8dc70c126a41124043acfcae776cda173ed68788c3"
 		score = 40
@@ -214058,11 +214348,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_CF4B : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NTIOLib.sys"
 		author = "Florian Roth"
 		id = "61555f9e-6caf-5c8c-b4ee-01046e04f744"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1684-L1703"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1684-L1703"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "cf4b5fa853ce809f1924df3a3ae3c4e191878c4ea5248d8785dc7e51807a512b"
 		logic_hash = "50f8cbf8834910e3560b3d092ae897977db2c9cb26107219e1604b2c26bba2ae"
 		score = 40
@@ -214088,11 +214378,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Computerzsys_Ludashisystemdriver_3867 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "759c6fa4-abce-5dfc-924c-9fbe2ab5d6ff"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1706-L1726"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1706-L1726"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "386745d23a841e1c768b5bdf052e0c79bb47245f9713ee64e2a63f330697f0c8"
 		hash = "5aee1bae73d056960b3a2d2e24ea07c44358dc7bc3f8ac58cc015cccc8f8d89c"
 		logic_hash = "f911813c40d65c443b01e00635da122cd1969817c6d3842eca7a5a20ff57513e"
@@ -214119,11 +214409,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_D783 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "12d08eab-49f0-5d40-bd2d-1a4834deaef1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1729-L1748"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1729-L1748"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d783ace822f8fe4e25d5387e5dd249cb72e62f62079023216dc436f1853a150f"
 		logic_hash = "f92c013f7c10a9c63b2f630b198d9ef360e944182b9760e8c268dc7145f82e95"
 		score = 40
@@ -214149,11 +214439,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpot_Avastantivirus_4B52 : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys"
 		author = "Florian Roth"
 		id = "06a605d6-893e-5ee7-a3d7-bfb128363b81"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1751-L1770"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1751-L1770"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4b5229b3250c8c08b98cb710d6c056144271de099a57ae09f5d2097fc41bd4f1"
 		logic_hash = "c1df652b20d7bbea94d71bdef159c26b59180b736859bb4a16d03880a99d2841"
 		score = 40
@@ -214179,11 +214469,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Insydesoftwarecorp_Segwindrvxsys_Segwindowsdrive
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - segwindrvx64.sys"
 		author = "Florian Roth"
 		id = "8ac8f353-494f-5940-a0f2-3f4ee61655e6"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1773-L1792"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1773-L1792"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "38d6d90d543bf6037023c1b1b14212b4fa07731cbbb44bdb17e8faffc12b22e8"
 		logic_hash = "d1cc4c2d1335784f723849ab37131f3b5384628652594fe8e3a1ab4b0729eacd"
 		score = 40
@@ -214209,11 +214499,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Biostargroup_Iodriver_Biostariodriverfle_42E1 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - BS_I2cIo.sys"
 		author = "Florian Roth"
 		id = "eb5f5339-f11a-5502-8feb-4bfbd4698a31"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1795-L1816"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1795-L1816"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "42e170a7ab1d2c160d60abfc906872f9cfd0c2ee169ed76f6acb3f83b3eeefdb"
 		hash = "f929bead59e9424ab90427b379dcdd63fbfe0c4fb5e1792e3a1685541cd5ec65"
 		hash = "55fee54c0d0d873724864dc0b2a10b38b7f40300ee9cae4d9baaf8a202c4049a"
@@ -214241,11 +214531,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytes_Elbycdio_Cdrtools_07AF : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "3e0bd3b4-4a9f-5d06-ae16-f0c3acf8643a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1819-L1838"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1819-L1838"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "07af8c5659ad293214364789df270c0e6d03d90f4f4495da76abc2d534c64d88"
 		logic_hash = "832d90cd437cb6912630943fcae9e103341c0bc6770a4515525cf42f72812faa"
 		score = 40
@@ -214271,11 +214561,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Mitactechnologycorporation_Mtcbsvsys_Mitacsystem
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - mtcBSv64.sys"
 		author = "Florian Roth"
 		id = "36fcbeca-f19e-54b8-9687-121bd9809e9d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1841-L1860"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1841-L1860"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c9cf1d627078f63a36bbde364cd0d5f2be1714124d186c06db5bcdf549a109f8"
 		logic_hash = "402e0a50c61722ffbbf6778df2483750fae17d6a18d8b247d65df8302d725c14"
 		score = 40
@@ -214301,11 +214591,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_7125 : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HWiNFO32.SYS"
 		author = "Florian Roth"
 		id = "0a115fe0-135b-5087-97ef-c5631b50d13f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1863-L1882"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1863-L1882"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7125c9831a52d89d3d59fb28043b67fbe0068d69732da006fabb95550d1fa730"
 		logic_hash = "b91987339120b171bf8059bd06c95b25ec8124a902d53c0d05558e95bdfa588b"
 		score = 40
@@ -214331,11 +214621,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_5F65 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iQVW64.SYS"
 		author = "Florian Roth"
 		id = "7b5d5036-d7ec-5722-a18c-9ccaeea8088e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1885-L1904"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1885-L1904"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "5f6547e9823f94c5b94af1fb69a967c4902f72b6e0c783804835e6ce27f887b0"
 		logic_hash = "66fa3b5461eb9cf7c9f0eba976ac1546338ac11b937cc9753340042a0dc49066"
 		score = 40
@@ -214361,11 +214651,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_58A7 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viraglt64.sys, viragt64.sys"
 		author = "Florian Roth"
 		id = "5ea684cc-982c-5056-9e80-26fe74cb3a64"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1907-L1926"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1907-L1926"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "58a74dceb2022cd8a358b92acd1b48a5e01c524c3b0195d7033e4bd55eff4495"
 		logic_hash = "f1f16f31db7cd1249b3a76eddf0091a1b89d158da5c3beb1e3ed5ec18a3a7d72"
 		score = 40
@@ -214391,11 +214681,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Panyazilimbilisimteknolojileriticltdsti_Panmonfl
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - PanMonFltX64.sys"
 		author = "Florian Roth"
 		id = "bc354ed5-befe-5421-9dbe-a5faef0cfa4a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1929-L1948"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1929-L1948"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "06508aacb4ed0a1398a2b0da5fa2dbf7da435b56da76fd83c759a50a51c75caf"
 		logic_hash = "ad7595823bec8291999096f6249051d51741761c09e5a00ed72b01beeb13389b"
 		score = 40
@@ -214421,11 +214711,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "e99866a4-4787-5813-835f-0c9570f80eda"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1951-L1971"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1951-L1971"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d633055c7eda26dacfc30109eb790625519fc7b0a3a601ceed9e21918aad8a1b"
 		hash = "29f449fca0a41deccef5b0dccd22af18259222f69ed6389beafe8d5168c59e36"
 		logic_hash = "40d935ad81305da16adadabbbb18376bb0af64df5ce164625ec1e223ee01ceba"
@@ -214452,11 +214742,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_0F17 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "a54ff7bf-30a8-5cfc-aaca-a172bee2062b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1974-L1993"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1974-L1993"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0f17e5cfc5bdd74aff91bfb1a836071345ba2b5d1b47b0d5bf8e7e0d4d5e2dbf"
 		logic_hash = "3e9d3d998c97ac3491211c231552ee36be1428ca8ec61e89e9c1c1b7ff4ccf22"
 		score = 40
@@ -214482,11 +214772,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Bsmisys_5962 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - BSMI.sys, BSMIXP64.sys"
 		author = "Florian Roth"
 		id = "86a0715c-4f0b-52ba-b6dc-44bd4499a222"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L1996-L2014"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L1996-L2014"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "59626cac380d8fe0b80a6d4c4406d62ba0683a2f0f68d50ad506ca1b1cf25347"
 		hash = "552f70374715e70c4ade591d65177be2539ec60f751223680dfaccb9e0be0ed9"
 		logic_hash = "2ddfc5fea50425403654a8c60b372e2416cb0e0424ab26a8812e0b1fb35d399d"
@@ -214511,11 +214801,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_C6FE : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nscm.sys"
 		author = "Florian Roth"
 		id = "4472b910-a043-5c2b-ab57-2a5f6d19f5f0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2017-L2038"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2017-L2038"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c6feb3f4932387df7598e29d4f5bdacec0b9ce98db3f51d96fc4ffdcc6eb10e1"
 		hash = "e7b79fe1377b3da749590c080d4d96e59e622b1013b2183b98c81baa8bf2fffe"
 		hash = "f77fe6b1e0e913ac109335a8fa2ac4961d35cbbd50729936059aba8700690a9e"
@@ -214543,11 +214833,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_AF16 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "7863f53e-e2eb-5302-8a28-91966f3d8482"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2041-L2060"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2041-L2060"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "af16c36480d806adca881e4073dcd41acb20c35ed0b1a8f9bd4331de655036e1"
 		logic_hash = "390b48999576261d87a970dee3dd1da4d82f45bdcf4db37be180c464bacfa488"
 		score = 40
@@ -214573,11 +214863,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_99F4 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NTIOLib.sys"
 		author = "Florian Roth"
 		id = "b1168895-eef9-5dfc-9b19-b3e0e302586d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2063-L2112"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2063-L2112"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "99f4994a0e5bd1bf6e3f637d3225c69ff4cd620557e23637533e7f18d7d6cba1"
 		hash = "56a3c9ac137d862a85b4004f043d46542a1b61c6acb438098a9640469e2d80e7"
 		hash = "c2a4ddcc9c3b339d752c48925d62fc4cc5adbf6fae8fedef74cdd47e88da01f8"
@@ -214633,11 +214923,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ncrcorporation_Radhwmgrsys_Ncrcorporationhardwar
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - RadHwMgr.sys"
 		author = "Florian Roth"
 		id = "4d44aa9c-4f6d-5d70-886d-43a602c1d6d0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2115-L2134"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2115-L2134"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7c8ad57b3a224fdc2aac9dd2d7c3624f1fcd3542d4db804de25a90155657e2cc"
 		logic_hash = "cc7c365f36d9c7fc0367b57f9d5b24004c8c4453e0ed227941623c6057fce39a"
 		score = 40
@@ -214663,11 +214953,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avaluetechnologyinc_Avalueio_Avalueio_A5A4 : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - avalueio.sys"
 		author = "Florian Roth"
 		id = "e0e5d6b9-6e7e-5955-b7f0-a4c331fb19fc"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2137-L2157"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2137-L2157"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a5a4a3c3d3d5a79f3ed703fc56d45011c21f9913001fcbcc43a3f7572cff44ec"
 		hash = "defde359045213ae6ae278e2a92c5b4a46a74119902364c7957a38138e9c9bbd"
 		logic_hash = "ec187ba5aadc7b9395008155d4b6331b099b3ae9e3ab738568a9980b3d0ce448"
@@ -214694,11 +214984,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustekcomputerinc_Bsdefsys_Supportsstsfssteeatf
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Bs_Def.sys"
 		author = "Florian Roth"
 		id = "e4e1fc9a-b453-5996-8675-7accb0de023e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2160-L2182"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2160-L2182"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "5f5e5f1c93d961985624768b7c676d488c7c7c1d4c043f6fc1ea1904fefb75be"
 		hash = "3326e2d32bbabd69feb6024809afc56c7e39241ebe70a53728c77e80995422a5"
 		hash = "0040153302b88bee27eb4f1eca6855039e1a057370f5e8c615724fa5215bada3"
@@ -214727,11 +215017,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_F27F : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - libnicm.sys"
 		author = "Florian Roth"
 		id = "73d525b8-d109-5872-8841-b1c5149f732e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2185-L2208"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2185-L2208"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f27febff1be9e89e48a9128e2121c7754d15f8a5b2e88c50102cecee5fe60229"
 		hash = "8138b219a2b1be2b0be61e5338be470c18ad6975f11119aee3a771d4584ed750"
 		hash = "e16dc51c51b2df88c474feb52ce884d152b3511094306a289623de69dedfdf48"
@@ -214761,11 +215051,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Almicosoftware_Sfdrvxsys_Speedfan_X_965D : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - sfdrvx64.sys"
 		author = "Florian Roth"
 		id = "74533a7c-1b5b-5840-843c-455fc73c4e19"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2211-L2230"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2211-L2230"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "965d4f981b54669a96c5ab02d09bf0a9850d13862425b8981f1a9271350f28bb"
 		logic_hash = "e5ba23bf3914d121647d6b7aef5ec81d9d62af56397e152fb39179349f1f6146"
 		score = 40
@@ -214791,11 +215081,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_5A66 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nscm.sys"
 		author = "Florian Roth"
 		id = "ba5a060c-e889-5f23-9938-7fbfceaae7af"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2233-L2256"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2233-L2256"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "5a661e26cfe5d8dedf8c9644129039cfa40aebb448895187b96a8b7441d52aaa"
 		hash = "fb81b5f8bf69637dbdf050181499088a67d24577587bc520de94b5ee8996240f"
 		hash = "202d9703a5b8d06c5f92d2c5218a93431aa55af389007826a9bfaaf900812213"
@@ -214825,11 +215115,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Microsoftcorporation_Cscsys_Microsoftwindowsoper
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - CSC.sys"
 		author = "Florian Roth"
 		id = "fe8cbb46-762f-55f2-ab40-aa3713e584e9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2259-L2278"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2259-L2278"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "828c54cfecb2a08863319544ac716aee3898dfe78a87d7757a0e92f1b1f1daf1"
 		logic_hash = "4a445a267aabc209828669d8772ee38a5d9a9e8e88e389615a39279fea7a413f"
 		score = 40
@@ -214855,11 +215145,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Panyazilimbilisimteknolojileriticltdsti_Panioxsy
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - PanIOx64.sys"
 		author = "Florian Roth"
 		id = "c5eec4c9-0210-5e0e-b819-96a6943f270d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2281-L2300"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2281-L2300"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6b830ea0db6546a044c9900d3f335e7820c2a80e147b0751641899d1a5aa8f74"
 		logic_hash = "d6d95fe0d738012ca0643f478c59accd2d1e47742a502f5fea65040e59e9f42a"
 		score = 40
@@ -214885,11 +215175,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_82FB : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "db7c877e-4b76-5b66-8a4f-a33cb7c76d5a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2303-L2322"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2303-L2322"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "82fbcb371d53b8a76a25fbbafaae31147c0d1f6b9f26b3ea45262c2267386989"
 		logic_hash = "38df982e74818094d0aa508b6b0ad94b885e6554760b4678de833fcc86e8bb13"
 		score = 40
@@ -214915,11 +215205,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Entechtaiwan_Seasys_Softenginex_6CB5 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Se64a.sys"
 		author = "Florian Roth"
 		id = "c6298a6f-761c-5e78-b97c-9713b29b0e00"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2325-L2344"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2325-L2344"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6cb51ae871fbd5d07c5aad6ff8eea43d34063089528603ca9ceb8b4f52f68ddc"
 		logic_hash = "aa425e95a0b920bf68c0221d8fb1cc16f00755b626f496b758cf50d26949c27b"
 		score = 40
@@ -214945,11 +215235,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpot_Avginternetsecurit
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "87caf882-a59a-55ca-89ce-a2c2115a1e50"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2347-L2366"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2347-L2366"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0b542e47248611a1895018ec4f4033ea53464f259c74eb014d018b19ad818917"
 		logic_hash = "264c22a6b54b47962561ea3d8400aab606dd2d28f5d288ba4777ff2ca290c38e"
 		score = 40
@@ -214975,11 +215265,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Razerinc_Rzpnk_Rzpnk_F159 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rzpnk.sys"
 		author = "Florian Roth"
 		id = "8b50ddd6-40b2-5d3e-b9b9-c166e241e611"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2369-L2391"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2369-L2391"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f15962354d37089884abba417f58e9dbd521569b4f69037a24a37cfc2a490672"
 		hash = "9fa120bda98633e30480d8475c9ac6637470c4ca7c63763560bf869138091b01"
 		hash = "0b547368c03e0a584ae3c5e62af3728426c68b316a15f3290316844d193ad182"
@@ -215008,11 +215298,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_1273 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "323e0a63-c74c-5d9c-b3af-c64d2bceb724"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2394-L2413"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2394-L2413"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1273b74c3c1553eaa92e844fbd51f716356cc19cf77c2c780d4899ec7738fbd1"
 		logic_hash = "1bf31b51302ade1b65e6c24a0dfcc6e144a2f0104e687cef4a14e6307c27c9e1"
 		score = 40
@@ -215038,11 +215328,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_3854 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "2c945052-bb7b-52be-9c11-18eedac5a28e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2416-L2436"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2416-L2436"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "385485e643aa611e97ceae6590c6a8c47155886123dbb9de1e704d0d1624d039"
 		hash = "b773511fdb2e370dec042530910a905472fcc2558eb108b246fd3200171b04d3"
 		logic_hash = "0cdfef6284465ea9f5509cb4e0ad6efb531d60150fb355a388f8152b322e3da9"
@@ -215063,17 +215353,47 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_3854 : FI
 	condition:
 		uint16( 0 ) == 0x5a4d and filesize < 500KB and all of them
 }
+rule LOLDRIVERS_PUA_VULN_Driver_Nseccoltd_Nseckrnl_Nsec_206F : FILE
+{
+	meta:
+		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NSecKrnl.sys"
+		author = "Florian Roth"
+		id = "019ff02e-00fc-5d1b-ba49-a4b9a7fc7c01"
+		date = "2025-09-18"
+		modified = "2025-09-18"
+		reference = "https://github.com/magicsword-io/LOLDrivers"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2439-L2458"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
+		hash = "206f27ae820783b7755bca89f83a0fe096dbb510018dd65b63fc80bd20c03261"
+		logic_hash = "76956ec0d433550fa5a988a5adf58cfc0b2e47ca87dc203a1a6c507744f53ee0"
+		score = 40
+		quality = 80
+		tags = "FILE"
+
+	strings:
+		$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]004e005300650063004b0072006e006c }
+		$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]004e00530045004300200043006f002e002c004c00740064 }
+		$ = { 00460069006c006500560065007200730069006f006e[1-8]0033002e0037002e00340030002e0035003300310034 }
+		$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0033002e0037002e00340030002e0035003300310034 }
+		$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]004e005300650063004b0072006e006c }
+		$ = { 00500072006f0064007500630074004e0061006d0065[1-8]004e005300450043 }
+		$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]004e005300650063004b0072006e006c }
+		$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f00700079007200690067006800740020002800430029002000320030003200300020004e005300450043002e00200041006c006c0020005200690067006800740073002000520065007300650072007600650064002e }
+
+	condition:
+		uint16( 0 ) == 0x5a4d and filesize < 100KB and all of them
+}
 rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Aoddriversys_Amdoverdriveservicedriver_3C11 : FILE
 {
 	meta:
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AODDriver.sys"
 		author = "Florian Roth"
 		id = "64eea295-1181-5364-a30a-3ee0e329a04d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2439-L2460"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2461-L2482"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3c11dec1571253594d64619d8efc8c0212897be84a75a8646c578e665f58bf5d"
 		hash = "5a0b10a9e662a0b0eeb951ffd2a82cc71d30939a78daebd26b3f58bb24351ac9"
 		hash = "7a1105548bfc4b0a1b7b891cde0356d39b6633975cbcd0f2e2d8e31b3646d2ca"
@@ -215101,11 +215421,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrcodenamelonghornddkprovider_Cpuzsys_Wind
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - cpuz.sys"
 		author = "Florian Roth"
 		id = "d7e481c0-695e-5536-8b06-b66d0f711f86"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2463-L2482"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2485-L2504"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "eaa5dae373553024d7294105e4e07d996f3a8bd47c770cdf8df79bf57619a8cd"
 		logic_hash = "9149c106ff7ea0326b9e010ef7ae32c25f57c3b9b2e738f4915eda205a512888"
 		score = 40
@@ -215131,11 +215451,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_8FE9 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - zam64.sys, zamguard32.sys, zamguard64.sys"
 		author = "Florian Roth"
 		id = "45ac5fe9-25e2-5ee9-a410-95d19ec75e33"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2485-L2501"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2507-L2523"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "8fe9828bea83adc8b1429394db7a556a17f79846ad0bfb7f242084a5c96edf2a"
 		logic_hash = "f293cb0a8bbc710428a7a4ae582f9d6ed60954afeb84efe8b74da38ff41732c1"
 		score = 40
@@ -215158,11 +215478,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrcodenamelonghornddkprovider_Cpuzsys_Wind
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - cpuz.sys"
 		author = "Florian Roth"
 		id = "6fa00211-cb55-5870-92ec-18a6e2c7eb89"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2504-L2531"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2526-L2553"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "49329fa09f584d1960b09c1b15df18c0bc1c4fdb90bf48b6b5703e872040b668"
 		hash = "84c5f6ddd9c90de873236205b59921caabb57ac6f7a506abbe2ce188833bbe51"
 		hash = "8e92aacd60fca1f09b7257e62caf0692794f5d741c5d1eec89d841e87f2c359c"
@@ -215196,11 +215516,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_3D9E : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NTIOLib.sys"
 		author = "Florian Roth"
 		id = "023a5c66-aae0-5583-95aa-0a62f3f27352"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2534-L2553"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2556-L2575"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3d9e83b189fcf5c3541c62d1f54a0da0a4e5b62c3243d2989afc46644056c8e3"
 		logic_hash = "fdb944988945780b774d73f3d729d2468b0c9006aca100fa8bbf913a9c5402c6"
 		score = 40
@@ -215226,11 +215546,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Logitech_Lgcoretempsys_Lgcoretemp_E0CB : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - LgCoreTemp.sys"
 		author = "Florian Roth"
 		id = "148a795b-926c-50eb-8da4-bbf8d1ceb3bb"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2556-L2575"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2578-L2597"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e0cb07a0624ddfacaa882af49e3783ae02c9fbd0ab232541a05a95b4a8abd8ef"
 		logic_hash = "f3162a80eb6ab357766aaafbf62aec608291873980c81c6d21d835bc349cda76"
 		score = 40
@@ -215256,11 +215576,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Stdcdrvsys_Selftestdatacollecto
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - stdcdrv64.sys"
 		author = "Florian Roth"
 		id = "e9509179-09c1-58e7-a08c-ceffd1c6c05c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2578-L2597"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2600-L2619"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "37022838c4327e2a5805e8479330d8ff6f8cd3495079905e867811906c98ea20"
 		logic_hash = "dfc77d3461c57240baea160b35e9174aa370fc533d08a9331dd8ce53a0048ad4"
 		score = 40
@@ -215286,11 +215606,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_2BBE : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NTIOLib.sys"
 		author = "Florian Roth"
 		id = "fbe65027-5e7a-5944-bd8a-c0673cd165a1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2600-L2620"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2622-L2642"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2bbe65cbec3bb069e92233924f7ee1f95ffa16173fceb932c34f68d862781250"
 		hash = "e68d453d333854787f8470c8baef3e0d082f26df5aa19c0493898bcf3401e39a"
 		logic_hash = "23365c52fd3ce5d9c113c0779072b82325632c75f27cbfde9037b7ffc543a209"
@@ -215317,11 +215637,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Gigabytetechnologycoltd_Gdrvsys_Gigabytesoftware
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - gdrv.sys"
 		author = "Florian Roth"
 		id = "89160c3c-ff81-5425-a205-09be7fd5a412"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2623-L2643"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2645-L2665"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "092d04284fdeb6762e65e6ac5b813920d6c69a5e99d110769c5c1a78e11c5ba0"
 		hash = "0ce40a2cdd3f45c7632b858e8089ddfdd12d9acb286f2015a4b1b0c0346a572c"
 		logic_hash = "771400b6e3f2d216fd38db681bf78fbc4e764a45ff9e11d2e33b62f93ac4a8e2"
@@ -215348,11 +215668,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrddkprovider_Rtportsys_Windowsrddkprovide
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtport.sys"
 		author = "Florian Roth"
 		id = "41080479-633a-5f9b-88c9-fba696c3205a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2646-L2665"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2668-L2687"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3c0a36990f7eef89b2d5f454b6452b6df1304609903f31f475502e4050241dd8"
 		logic_hash = "0460def7e251adf398560c0f05cac2d161951339eb2bcc2b2f4840edbd0d6991"
 		score = 40
@@ -215378,11 +215698,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_5FAE : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ngiodriver.sys"
 		author = "Florian Roth"
 		id = "f80d2c53-58e9-5e76-94fc-9a86ea80cfc9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2668-L2687"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2690-L2709"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "5fae7e491b0d919f0b551e15e0942ac7772f2889722684aea32cff369e975879"
 		logic_hash = "7dfbd2e11b8a37a8b276a2279f19f57064f3d561cf2555680c71679206ec1452"
 		score = 40
@@ -215408,11 +215728,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Innotekgmbh_Vboxusbmonsys_Virtualboxusbmonitordr
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxUSBMon.sys"
 		author = "Florian Roth"
 		id = "b765649a-a926-50cd-9772-86ed7538dd2e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2690-L2709"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2712-L2731"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3d055be2671e136c937f361cef905e295ddb6983526341f1d5f80a16b7655b40"
 		logic_hash = "ca021b6b3c733e75d33996652ca9602541e4c9eb9e74f2a995d1b2c2989ca68b"
 		score = 40
@@ -215438,11 +215758,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_1A45 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ngiodriver.sys"
 		author = "Florian Roth"
 		id = "a9aae6dc-3328-5541-a437-509b5ac81261"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2712-L2731"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2734-L2753"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1a450ae0c9258ab0ae64f126f876b5feed63498db729ec61d06ed280e6c46f67"
 		logic_hash = "51f72d08bd6f0b0e683a9af729e16e08e8d652d9ea5f43872aa402ec3da65cfe"
 		score = 40
@@ -215468,11 +215788,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_62F5 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "e66960f5-d39e-5b0b-b573-77ffeb276925"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2734-L2754"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2756-L2776"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "62f5e13b2edc00128716cb93e6a9eddffea67ce83d2bb426f18f5be08ead89e0"
 		hash = "ee3ff12943ced401e2b6df9e66e8a0be8e449fa9326cab241f471b2d8ffefdd7"
 		logic_hash = "13b9c0f468e8ce5a9ff8938879d6d22a56c0d7e01b3a72969ecff55954a07b89"
@@ -215499,11 +215819,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Yyinc_Dianhu_80CB : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Dh_Kernel_10.sys"
 		author = "Florian Roth"
 		id = "166a402d-9679-54b8-9703-3e3b2b001236"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2757-L2775"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2779-L2797"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "80cbba9f404df3e642f22c476664d63d7c229d45d34f5cd0e19c65eb41becec3"
 		hash = "bb50818a07b0eb1bd317467139b7eb4bad6cd89053fecdabfeae111689825955"
 		logic_hash = "fb1f5f8687f1673585ee2652b9dde20ae925ee33d527d2052707b2370a5df1fc"
@@ -215528,11 +215848,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_8F68 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "6a773b61-ac40-5cdd-ad93-0b16061587f7"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2778-L2800"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2800-L2822"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "8f68ca89910ebe9da3d02ec82d935de1814d79c44f36cd30ea02fa49ae488f00"
 		hash = "7227377a47204f8e2ff167eee54b4b3545c0a19e3727f0ec59974e1a904f4a96"
 		hash = "c8eaa5e6d3230b93c126d2d58e32409e4aeeb23ccf0dd047a17f1ef552f92fe9"
@@ -215561,11 +215881,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_A5A5 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "b68851b2-66b6-5b8a-9aaa-918a34934a92"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2803-L2822"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2825-L2844"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a5a50449e2cc4d0dbc80496f757935ae38bf8a1bebdd6555a3495d8c219df2ad"
 		logic_hash = "38048706f3e5bd4248779dc8890d14a31daafa177c51953c31f2e7a81c6871a0"
 		score = 40
@@ -215591,11 +215911,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Wnbiossys_Windowsrwinddkd
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - wnbios.sys"
 		author = "Florian Roth"
 		id = "98c36c7b-603b-5fe4-8774-7ea9ecf84ef9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2825-L2844"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2847-L2866"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "530d9223ec7e4123532a403abef96dfd1af5291eb49497392ff5d14d18fccfbb"
 		logic_hash = "73e496811ab4097aa8311e510fa913a10691a00e314944d509df05084d373379"
 		score = 40
@@ -215621,11 +215941,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytes_Elbycdio_Cdrtools_98EC : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "67443d8d-b463-51f0-96fa-8ed06833286f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2847-L2866"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2869-L2888"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "98ec7cc994d26699f5d26103a0aeb361128cff3c2c4d624fc99126540e23e97e"
 		logic_hash = "27e4fb74a63ee1fe3b3bcf97e2ed01b02d05339cce2f18c2f010577d80dbb243"
 		score = 40
@@ -215651,11 +215971,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_591B : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NTIOLib.sys"
 		author = "Florian Roth"
 		id = "b4f581f6-66e5-5b85-9b2d-b1532dd2defe"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2869-L2888"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2891-L2910"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "591bd5e92dfa0117b3daa29750e73e2db25baa717c31217539d30ffb1f7f3a52"
 		logic_hash = "471fab20146586dacf37b9bb3f43ee578339c73f204487556987803d12a64f95"
 		score = 40
@@ -215681,11 +216001,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Openlibsysorg_Winringsys_Winring_47EA : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - WinRing0.sys, WinRing0x64"
 		author = "Florian Roth"
 		id = "b14e5697-a0f7-5af0-a0da-0f5ca2d88c1c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2891-L2911"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2913-L2933"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "47eaebc920ccf99e09fc9924feb6b19b8a28589f52783327067c9b09754b5e84"
 		hash = "3ec5ad51e6879464dfbccb9f4ed76c6325056a42548d5994ba869da9c4c039a8"
 		logic_hash = "e6bea09a04b7f043d9a8cef4c8dc3e2f087fdf1a981f6d23dee728ea6d15d792"
@@ -215712,11 +216032,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Insydesoftwarecorp_Segwindrvxsys_Segwindowsdrive
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - segwindrvx64.sys"
 		author = "Florian Roth"
 		id = "b9a6e1e6-1bc5-587f-a31f-8dc55568ad9e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2914-L2933"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2936-L2955"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "65329dad28e92f4bcc64de15c552b6ef424494028b18875b7dba840053bc0cdd"
 		logic_hash = "b4f90f50b2e90fd8dc57778ba8f650ed201fe2f11f145e981d13021f87746d1f"
 		score = 40
@@ -215742,11 +216062,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Amdryzenmasterdriversys_Amd
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AMDRyzenMasterDriver.sys"
 		author = "Florian Roth"
 		id = "8dcbf930-ae97-5389-9b68-793dc82b042b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2936-L2955"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2958-L2977"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "909de5f21837ea2b13fdc4e5763589e6bdedb903f7c04e1d0b08776639774880"
 		logic_hash = "669972137fad6a5cc701ea56cf8ae85e08d2131f026e8cf1bd5c85ca1754d3cb"
 		score = 40
@@ -215772,11 +216092,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Atitechnologiesinc_Atillksys_Atidiagnostics_AD40
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - atillk64.sys"
 		author = "Florian Roth"
 		id = "f5e53c71-1c12-5df8-a2cc-563473190c87"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2958-L2982"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L2980-L3004"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ad40e6d0f77c0e579fb87c5106bf6de3d1a9f30ee2fbf8c9c011f377fa05f173"
 		hash = "6c6c5e35accc37c928d721c800476ccf4c4b5b06a1b0906dc5ff4df71ff50943"
 		hash = "38bb9751a3a1f072d518afe6921a66ee6d5cf6d25bc50af49e1925f20d75d4d7"
@@ -215807,11 +216127,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Computerzsys_Ludashisystemdriver_E502 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "b0f9239b-2acb-5164-8b21-791f69d4e047"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L2985-L3007"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3007-L3029"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e502c2736825ea0380dd42effaa48105a201d4146e79de00713b8d3aaa98cd65"
 		hash = "5c80dc051c4b0c62b9284211f71e5567c0c0187e466591eacb93e7dc10e4b9ab"
 		hash = "d6801e845d380c809d0da8c7a5d3cd2faa382875ae72f5f7af667a34df25fbf7"
@@ -215840,11 +216160,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpot_Avginternetsecurit
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "6ee8fb67-896d-534f-9602-a0f46a43e5cd"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3010-L3029"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3032-L3051"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0cd4ca335155062182608cad9ef5c8351a715bce92049719dd09c76422cd7b0c"
 		logic_hash = "b0ef81e3a05326390a7d2f00499cf3aaf0610b03f3df2313d5a1f2dddff3555f"
 		score = 40
@@ -215870,11 +216190,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroaegis_3FA6 : F
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "25f27f08-3aab-5b8f-bf59-37a40de4fb44"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3032-L3051"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3054-L3073"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3fa6379951f08ed3cb87eeba9cf0c5f5e1d0317dcfcf003b810df9d795eeb73e"
 		logic_hash = "c1d75b4073f212403f3e7b50cd8c1ea2a8a979bca7cf2dd4cd05bfca03d49c48"
 		score = 40
@@ -215900,11 +216220,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_3E1D : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "d8d61d0b-d859-5e7e-9ef6-b232ab499560"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3054-L3073"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3076-L3095"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3e1d47a497babbfd1c83905777b517ec87c65742bee7eb57a2273eca825d2272"
 		logic_hash = "29f4dbbd8dd749a9ccf94cd59010c8c8b63ce1d33c93f05b1f24b1e6a216aff6"
 		score = 40
@@ -215930,11 +216250,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "a9926e8c-f504-5926-8be0-e4e9ccf3b971"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3076-L3095"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3098-L3117"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6fb5bc9c51f6872de116c7db8a2134461743908efc306373f6de59a0646c4f5d"
 		logic_hash = "108670db45ff60bd5d31187755019cd7530f29da12d36c96be06880c23d5e7f9"
 		score = 40
@@ -215960,11 +216280,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_3B71 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - libnicm.sys"
 		author = "Florian Roth"
 		id = "da77918c-29d1-57f2-bf66-63f2759dc350"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3098-L3119"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3120-L3141"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3b7177e9a10c1392633c5f605600bb23c8629379f7f42957972374a05d4dc458"
 		hash = "72b67b6b38f5e5447880447a55fead7f1de51ca37ae4a0c2b2f23a4cb7455f35"
 		hash = "d04c72fd31e7d36b101ad30e119e14f6df9cbc7a761526da9b77f9e0b9888bc4"
@@ -215992,11 +216312,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Almicosoftware_Sfdrvxsys_Speedfan_X_0BD1 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - sfdrvx32.sys"
 		author = "Florian Roth"
 		id = "6710f3a1-8cec-57be-a854-f848e693290a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3122-L3141"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3144-L3163"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0bd1523a68900b80ed1bccb967643525cca55d4ff4622d0128913690e6bb619e"
 		logic_hash = "c5fa94fee1260b2c8f188c996ed4ce2095ad8c72fcf6a03b6985303209f17a3a"
 		score = 40
@@ -216022,11 +216342,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Almicosoftware_Sfdrvxsys_Speedfan_X_1E94 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - sfdrvx32.sys"
 		author = "Florian Roth"
 		id = "a869389f-4b07-5f15-8157-f8880a8c4bbf"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3144-L3163"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3166-L3185"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1e94d4e6d903e98f60c240dc841dcace5f9e8bbb0802e6648a49ab80c23318cb"
 		logic_hash = "86cbd2762bb8bf050343f4e738216a33764997046a9b59bbb6a435afa2859f0e"
 		score = 40
@@ -216052,11 +216372,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Hpdevelopmentcompany_Etdsuppsys_Hpetdidriverdll_
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - etdsupp.sys"
 		author = "Florian Roth"
 		id = "cfc5dca9-7ccc-590e-a79e-07f13cbbb080"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3166-L3185"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3188-L3207"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f744abb99c97d98e4cd08072a897107829d6d8481aee96c22443f626d00f4145"
 		logic_hash = "9fcdfda30bb8fb16c5112c22b34be1c42f9ce1a32d21a7554ba0aff2a7696aa1"
 		score = 40
@@ -216082,11 +216402,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Netfiltersys_Windowsrwind
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - netfilter2.sys"
 		author = "Florian Roth"
 		id = "cca75a99-2482-54a2-8891-2cd23c8836e9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3188-L3214"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3210-L3236"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "db1dbb09d437d3e8bed08c88ca43769b4fe8728f68b78ff6f9c8d2557e28d2b1"
 		hash = "5c54a5cd3386ac14725a07962562e9fdcefbb7be0d19803f9d71de24573de1e3"
 		hash = "6703400b490b35bcde6e41ce1640920251855e6d94171170ae7ea22cdd0938c0"
@@ -216119,11 +216439,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiosys_Realtekiodriver_4ED2 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtkio.sys, rtkio64.sys, rtkiow8x64.sys, rtkiow10x64.sys"
 		author = "Florian Roth"
 		id = "a9729999-5b31-5b09-bdd1-9d47e4227ab5"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3217-L3236"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3239-L3258"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4ed2d2c1b00e87b926fb58b4ea43d2db35e5912975f4400aa7bd9f8c239d08b7"
 		logic_hash = "07981841e989bc762fbce94915e29595b1e6db881ed57064c03b126019538fca"
 		score = 40
@@ -216149,11 +216469,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Netfiltersys_1265 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - netfilter2.sys"
 		author = "Florian Roth"
 		id = "fde7c85f-96f3-536f-b0b5-0d12424c16a3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3239-L3260"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3261-L3282"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "12656fc113b178fa3e6bfffc6473897766c44120082483eb8059ebff29b5d2df"
 		hash = "7ff8fe4c220cf6416984b70a7e272006a018e5662da3cedc2a88efeb6411b4a4"
 		hash = "1cd75de5f54b799b60789696587b56a4a793cf60775b81f236f0e65189d863af"
@@ -216181,11 +216501,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_1F81 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iQVW64.SYS"
 		author = "Florian Roth"
 		id = "9610cbd7-8521-54ea-a4db-c6d26048fb4b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3263-L3282"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3285-L3304"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1f8168036d636aad1680dd0f577ef9532dbb2dad3591d63e752b0ba3ee6fd501"
 		logic_hash = "e5b9e4c1559e91b575933d2dd5574a6c374fe967256f65243122c22efbc666ce"
 		score = 40
@@ -216211,11 +216531,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Iobit_Iobitunlockersys_Iobitunlocker_C79A : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iobitunlocker.sys"
 		author = "Florian Roth"
 		id = "f81ad3f3-755f-546b-8246-2ee9dd885813"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3285-L3304"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3307-L3326"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c79a2bb050af6436b10b58ef04dbc7082df1513cec5934432004eb56fba05e66"
 		logic_hash = "b711978610592c579a05d332b72c294a5b960a18033264d6a75b8b482dbe8903"
 		score = 40
@@ -216241,11 +216561,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_16B5 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "82c31b8b-46ae-5202-9ea5-d243063f8522"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3307-L3326"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3329-L3348"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "16b591cf5dc1e7282fdb25e45497fe3efc8095cbe31c05f6d97c5221a9a547e1"
 		logic_hash = "57f379da59234cd2e83802180faecd15784a28fcd09f2eb0a5944f494972c9fc"
 		score = 40
@@ -216271,11 +216591,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Phoenixtechnologies_Agentsys_Driveragent_4045 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Agent64.sys"
 		author = "Florian Roth"
 		id = "41ccdc0b-ec41-51b3-9039-bf5206f9a79f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3329-L3353"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3351-L3375"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4045ae77859b1dbf13972451972eaaf6f3c97bea423e9e78f1c2f14330cd47ca"
 		hash = "8cb62c5d41148de416014f80bd1fd033fd4d2bd504cb05b90eeb6992a382d58f"
 		hash = "6948480954137987a0be626c24cf594390960242cd75f094cd6aaa5c2e7a54fa"
@@ -216306,11 +216626,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ludashicom_Computerzsys_FA77 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "b092767e-5f04-59f9-b653-c4ab28860de0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3356-L3376"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3378-L3398"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "fa77a472e95c4d0a2271e5d7253a85af25c07719df26941b39082cfc0733071a"
 		hash = "423f052690b6b523502931151dfcc63530e3bd9d79680f9b5ac033b23b5c6f18"
 		logic_hash = "e59a975ce22fb83623ae84000e07bcc0f2060b7e16cfc3e2b538138246ef296a"
@@ -216337,11 +216657,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_D0E2 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt64.sys"
 		author = "Florian Roth"
 		id = "1ee0136e-73bc-5b88-ae0b-74f3f53fe93f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3379-L3398"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3401-L3420"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d0e25b879d830e4f867b09d6540a664b6f88bad353cd14494c33b31a8091f605"
 		logic_hash = "c265c6c89ea9bf09b9dcf47e1ce60f3531d76521a0ef1bbdc07d401a7b4164ed"
 		score = 40
@@ -216367,11 +216687,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Openlibsysorg_Openlibsyssys_Openlibsys_F060 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - OpenLibSys.sys"
 		author = "Florian Roth"
 		id = "b6ebdc92-1ca5-5f13-beef-d6adf037e732"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3401-L3420"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3423-L3442"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f0605dda1def240dc7e14efa73927d6c6d89988c01ea8647b671667b2b167008"
 		logic_hash = "c73f19c87d63e9986e5f44a368f4b8305b7bff17ebdeb85f309751f54f76db48"
 		score = 40
@@ -216397,11 +216717,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_4AC0 : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HWiNFO32.SYS"
 		author = "Florian Roth"
 		id = "8839157b-8e6c-5929-8041-443ecccbb688"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3423-L3442"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3445-L3464"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4ac08a6035cfcafdac712d7c3cf2eef6e10258f14cee6e80e1ef2f71f5045173"
 		logic_hash = "b3a6dc1e2b7e806eb56133af99e995139dccddb2cba897f54144203ea3558f29"
 		score = 40
@@ -216427,11 +216747,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Rweverything_Rwdrvsys_Rweverythingreadwritedrive
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AsrIbDrv.sys"
 		author = "Florian Roth"
 		id = "f98969ca-e570-5f95-93d8-5b73fc3221fd"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3445-L3469"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3467-L3491"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2a652de6b680d5ad92376ad323021850dab2c653abf06edf26120f7714b8e08a"
 		hash = "3384f4a892f7aa72c43280ff682d85c8e3936f37a68d978d307a9461149192de"
 		hash = "2470fd1b733314c9b0afa19fd39c5d19aa1b36db598b5ebbe93445caa545da5f"
@@ -216462,11 +216782,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_5027 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "e46d3ca0-a605-503d-86ac-67ac7ac8c7cc"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3472-L3491"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3494-L3513"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "5027fce41ed60906a0e76b97c95c2a5a83d57a2d1cd42de232a21f26c0d58e48"
 		logic_hash = "f2f0788448e15b372c67c310a411c9533fad7e03b24c24a1a1da7eeb595b6e75"
 		score = 40
@@ -216492,11 +216812,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "1c940da3-7e22-54eb-822b-8dad331e410e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3494-L3513"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3516-L3535"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2203bd4731a8fdc2a1c60e975fd79fd5985369e98a117df7ee43c528d3c85958"
 		logic_hash = "30602a4c8f91277805e82cdcd5ccae77b22e77644baf59d9ab2235e575ed9f25"
 		score = 40
@@ -216522,11 +216842,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiosys_Realtekiodriver_442C : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtkio.sys, rtkio64.sys, rtkiow8x64.sys, rtkiow10x64.sys"
 		author = "Florian Roth"
 		id = "213d1f7e-f283-5551-a942-c7b5b12014e6"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3516-L3536"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3538-L3558"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "442c18aeb09556bb779b21185c4f7e152b892410429c123c86fc209a802bff3c"
 		hash = "3e1f592533625bf794e0184485a4407782018718ae797103f9e968ff6f0973a1"
 		logic_hash = "b44ece633deccb00cea884422a24053616bf92a71a7f0a0264102d548ce02bb7"
@@ -216553,11 +216873,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ludashicom_Computerzsys_468B : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "e13ecd37-8ec8-5cc1-8a3a-c53fb10bf2dc"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3539-L3559"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3561-L3581"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "468b087a0901d7bd971ab564b03ded48c508840b1f9e5d233a7916d1da6d9bd5"
 		hash = "f93e0d776481c4ded177d5e4aebb27f30f0d47dcb4a1448aee8b66099ac686e1"
 		logic_hash = "b286d189f5709b74d0da658841a1a626408db584696c467b07b4c341ec6d6748"
@@ -216584,11 +216904,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpot_Avginternetsecurit
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "9d4595ab-29a2-5b71-b03b-9730db4eadca"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3562-L3581"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3584-L3603"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "19d0fc91b70d7a719f7a28b4ad929f114bf1de94a4c7cba5ad821285a4485da0"
 		logic_hash = "0d4f44ece27db1def197e6353d59677915f7f58eb5ff4661d2b8e024eb07acb7"
 		score = 40
@@ -216614,11 +216934,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Amdryzenmasterdriversys_Amd
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AMDRyzenMasterDriver.sys"
 		author = "Florian Roth"
 		id = "9dd62c3a-8f3c-5df0-a6a2-fcaa72c4ed16"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3584-L3603"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3606-L3625"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9b1ac756e35f795dd91adbc841e78db23cb7165280f8d4a01df663128b66d194"
 		logic_hash = "fcef672d2e2c24f4b1323554ca206f3bd67657af96ad774056e5fd0181cc7ac7"
 		score = 40
@@ -216644,11 +216964,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Compalelectronicinc_011D : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TPwSav.sys"
 		author = "Florian Roth"
 		id = "c2cd7b4b-38cf-58ad-a9d8-b00bffafb7fe"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3606-L3621"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3628-L3643"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "011df46e94218cbb2f0b8da13ab3cec397246fdc63436e58b1bf597550a647f6"
 		logic_hash = "4a35de89629834d30ab500e359299b2edbd7fa99c3bd4f89c452c1f80272e12b"
 		score = 40
@@ -216670,11 +216990,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Panyazilimbilisimteknolojileriticltdsti_Panmonfl
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - PanMonFlt.sys"
 		author = "Florian Roth"
 		id = "1d9363a1-e32e-5989-8777-6e530efa6a55"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3624-L3643"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3646-L3665"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7e0124fcc7c95fdc34408cf154cb41e654dade8b898c71ad587b2090b1da30d7"
 		logic_hash = "6f9a951d64947f6930614206f10eb51a5f43566fdc6425821608e0f847818f75"
 		score = 40
@@ -216700,11 +217020,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "f939adf6-310c-5d8a-bfb5-4ebcbd6bccfe"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3646-L3666"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3668-L3688"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f4e500a9ac5991da5bf114fa80e66456a2cde3458a3d41c14e127ac09240c114"
 		hash = "642857fc8d737e92db8771e46e8638a37d9743928c959ed056c15427c6197a54"
 		logic_hash = "a787fd5e5b62f39a19222a8167382966dd707e2aba99f4c08ad839b221a17e75"
@@ -216731,11 +217051,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Lenovogrouplimitedr_Lenovodiagnosticsdriversys_L
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - LenovoDiagnosticsDriver.sys"
 		author = "Florian Roth"
 		id = "791da32a-272c-5bde-9722-cc4c68321ad7"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3669-L3688"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3691-L3710"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f05b1ee9e2f6ab704b8919d5071becbce6f9d0f9d0ba32a460c41d5272134abe"
 		logic_hash = "22098d721c4814786834b3ea781283f53d195ba35f51fc8fd75b45f7781d39d4"
 		score = 40
@@ -216761,11 +217081,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_3F20 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - pchunter.sys"
 		author = "Florian Roth"
 		id = "ab0247c7-eb20-5481-9fed-f9608dd4cb93"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3691-L3707"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3713-L3729"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3f20ac5dac9171857fc5791865458fdb6eac4fab837d7eabc42cb0a83cb522fc"
 		logic_hash = "6265acf1ebd52e5efe41774f35b3b01ede27f18c04975ac57afbd62b7d6d7600"
 		score = 40
@@ -216788,11 +217108,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Toshibacorporation_Nchgbiosxsys_Toshibabiospacka
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NCHGBIOS2x64.SYS"
 		author = "Florian Roth"
 		id = "f3c02bcb-2c9e-5319-a0ac-3773a81d68f6"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3710-L3729"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3732-L3751"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7d4ca5760b6ad2e4152080e115f040f9d42608d2c7d7f074a579f911d06c8cf8"
 		logic_hash = "a724598247e27cca91bd76f60ebbad471d199ae290c8ec100bcf1efc02b74963"
 		score = 40
@@ -216818,11 +217138,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Dell_Dbutil_71FE : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - DBUtilDrv2.sys"
 		author = "Florian Roth"
 		id = "172e8e13-e1ff-5caf-9759-d607ef072215"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3732-L3748"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3754-L3770"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "71fe5af0f1564dc187eea8d59c0fbc897712afa07d18316d2080330ba17cf009"
 		logic_hash = "dad7c23d78176f31a2a324998e3170a5096a50389ff83af590503fac69791890"
 		score = 40
@@ -216845,11 +217165,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_6D2C : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "3a685339-ca77-557e-ad5d-94943d9b3ee1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3751-L3771"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3773-L3793"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6d2cc7e1d95bb752d79613d0ea287ea48a63fb643dcb88c12b516055da56a11d"
 		hash = "8047859a7a886bcf4e666494bd03a6be9ce18e20dc72df0e5b418d180efef250"
 		logic_hash = "c2c74038259bec413bbacf0957449d1da5291b84c6f6848e5573ca50bbea006f"
@@ -216876,11 +217196,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Atszio_Atsziodriver_673B : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ATSZIO.sys"
 		author = "Florian Roth"
 		id = "bcd5bc05-5e71-5491-be7d-94cdbebddd9f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3774-L3793"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3796-L3815"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "673bcec3d53fab5efd6e3bac25ac9d6cc51f6bbdf8336e38aade2713dc1ae11b"
 		hash = "31d8fc6f5fb837d5eb29db828d13ba8ee11867d86a90b2c2483a578e1d0ec43a"
 		logic_hash = "d3f753b1bd9dc99cece28a3da9a87e9d211207204f05f573f01391f2c1a08f07"
@@ -216906,11 +217226,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asus_Asmmapsys_Atkgenericfunctionservice_025E :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - asmmap64.sys"
 		author = "Florian Roth"
 		id = "68572e19-5b92-57fb-b301-0224e00139cd"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3796-L3815"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3818-L3837"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "025e7be9fcefd6a83f4471bba0c11f1c11bd5047047d26626da24ee9a419cdc4"
 		logic_hash = "81100a6b0917bd9d6641c1f3db32353d1fe02b34feb5136c3f316f5deaa32f7d"
 		score = 40
@@ -216936,11 +217256,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Razerinc_Rzpnk_Rzpnk_9724 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rzpnk.sys"
 		author = "Florian Roth"
 		id = "a0be3cf9-193d-5bee-ac83-a5701ad9e4e9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3818-L3840"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3840-L3862"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9724488ca2ba4c787640c49131f4d1daae5bd47d6b2e7e5f9e8918b1d6f655be"
 		hash = "a66d2fb7ef7350ea74d4290c57fb62bc59c6ea93f759d4ca93c3febca7aeb512"
 		hash = "e77786b21dbe73e9619ac9aac5e7e92989333d559aa22b4b65c97f0a42ff2e21"
@@ -216969,11 +217289,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiosys_Realtekiodriver_7133 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtkio.sys, rtkio64.sys, rtkiow8x64.sys, rtkiow10x64.sys"
 		author = "Florian Roth"
 		id = "1d9df905-34d9-5503-b08d-ea4ff2cd826a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3843-L3862"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3865-L3884"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7133a461aeb03b4d69d43f3d26cd1a9e3ee01694e97a0645a3d8aa1a44c39129"
 		logic_hash = "7abc5f0325fa8552b38499b061dd10f6a4cdb56ba1071446ce6ca91e42b8c9f7"
 		score = 40
@@ -216999,11 +217319,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Lgelectronicsinc_Lhasys_Microsoftwindowsoperatin
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - LHA.sys"
 		author = "Florian Roth"
 		id = "8af33121-526d-5f4c-8cde-6e427f36ad97"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3865-L3885"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3887-L3907"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "23ba19352b1e71a965260bf4d5120f0200709ee8657ed381043bec9a938a1ade"
 		hash = "e75714f8e0ff45605f6fc7689a1a89c7dcd34aab66c6131c63fefaca584539cf"
 		logic_hash = "fcc57907a8653acc1175b486f719f029ba3c982dbc73ab0cd878f08b2fcb0aad"
@@ -217030,11 +217350,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elitegroupcomputersystems_Ecsiodriversys_Ecsiodr
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ecsiodriverx64.sys"
 		author = "Florian Roth"
 		id = "08f5ad86-8243-5591-9cc4-88bc0a0160fa"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3888-L3907"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3910-L3929"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "270547552060c6f4f5b2ebd57a636d5e71d5f8a9d4305c2b0fe5db0aa2f389cc"
 		logic_hash = "899c58fe4793270c3e314e2c3f04c1341b6fefedba37d53200e5477f1108a5cf"
 		score = 40
@@ -217060,11 +217380,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_8D33 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "f7b27f03-ea78-5f2c-8b48-ea62c495cb89"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3910-L3930"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3932-L3952"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "8d3347c93dff62eecdde22ccc6ba3ce8c0446874738488527ea76d0645341409"
 		hash = "31ffc8218a52c3276bece1e5bac7fcb638dca0bc95c2d385511958abdbe4e4a5"
 		logic_hash = "9868c2b401562623484d7bc00700332a754380b25b05cb95f38a8b242e7f59fa"
@@ -217091,11 +217411,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Computerzsys_Ludashisystemdriver_C586 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "a407037f-0b6e-56a9-9562-592a2e0954c7"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3933-L3953"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3955-L3975"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c586befc3fd561fcbf1cf706214ae2adaa43ce9ba760efd548d581f60deafc65"
 		hash = "dda2a604bb94a274e23f0005f0aa330d45ca1ea25111746fb46fa5ef6d155b1d"
 		logic_hash = "761661cb4ab100aad58ca83f20dd3eb25173bb6c987a7643ca93b91e90f25409"
@@ -217122,11 +217442,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Logmeininc_Lmiinfosys_Logmein_453B : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - LMIinfo.sys"
 		author = "Florian Roth"
 		id = "50e671ec-752c-5494-97bc-bd29cd7452f1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3956-L3975"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L3978-L3997"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "453be8f63cc6b116e2049659e081d896491cf1a426e3d5f029f98146a3f44233"
 		logic_hash = "1940aec392f250b22b8480d7b75f0c1a21c7bad13c0e83a4eb6065b3d045e4cd"
 		score = 40
@@ -217152,11 +217472,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_76AF : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HWiNFO32.SYS"
 		author = "Florian Roth"
 		id = "f89b7e66-c5d6-576b-8487-1530a3e37121"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L3978-L3997"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4000-L4019"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "76af3f9fa111d694e37058606f2636430bdd378c85b94f426fbfcd6666ebe6cc"
 		logic_hash = "d4031de065552af6807677430ee6aa17fb754052f6fdeb147db0105bd235acd8"
 		score = 40
@@ -217176,17 +217496,48 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_76AF : FIL
 	condition:
 		uint16( 0 ) == 0x5a4d and filesize < 100KB and all of them
 }
+rule LOLDRIVERS_PUA_VULN_Driver_Watchdogdevelopmentcomllc_Wamsdksys_Wamsdk_0BE8 : FILE
+{
+	meta:
+		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - wamsdk.sys"
+		author = "Florian Roth"
+		id = "ccaaecbb-8357-5419-994f-f87090c84fa5"
+		date = "2025-09-18"
+		modified = "2025-09-18"
+		reference = "https://github.com/magicsword-io/LOLDrivers"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4022-L4042"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
+		hash = "0be8483c2ea42f1ce4c90e84ac474a4e7017bc6d682e06f96dc1e31922a07b10"
+		hash = "5af1dae21425dda8311a2044209c308525135e1733eeff5dd20649946c6e054c"
+		logic_hash = "6a8fa2947c478ef290eabd8a19aabb9c74823ebdc4a314e9629edad20c56984f"
+		score = 40
+		quality = 80
+		tags = "FILE"
+
+	strings:
+		$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005700610074006300680044006f006700200041006e00740069006d0061006c00770061007200650020004400720069007600650072 }
+		$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005700610074006300680044006f00670044006500760065006c006f0070006d0065006e0074002e0063006f006d002c0020004c004c0043002e }
+		$ = { 00460069006c006500560065007200730069006f006e[1-8]0031002e0031002e003100300030 }
+		$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0031002e0031002e003100300030 }
+		$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]00770061006d00730064006b002e007300790073 }
+		$ = { 00500072006f0064007500630074004e0061006d0065[1-8]00770061006d00730064006b }
+		$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]00770061006d00730064006b002e007300790073 }
+		$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200032003000320035 }
+
+	condition:
+		uint16( 0 ) == 0x5a4d and filesize < 200KB and all of them
+}
 rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_1284 : FILE
 {
 	meta:
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - sandra.sys"
 		author = "Florian Roth"
 		id = "673660ad-6d19-5b50-b467-ea6a5a00fa76"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4000-L4019"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4045-L4064"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1284a1462a5270833ec7719f768cdb381e7d0a9c475041f9f3c74fa8eea83590"
 		logic_hash = "2453f457e43fd2dade465a33189f8ae41ca5ebd16d9a9c42d8edaf22ca990916"
 		score = 40
@@ -217212,11 +217563,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Rweverything_Asrsetupdrvsys_Asrsetupdrvdriver_9D
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AsrSetupDrv103.sys"
 		author = "Florian Roth"
 		id = "cfb5259e-deef-57db-ab34-fa909845043c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4022-L4042"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4067-L4087"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9d9346e6f46f831e263385a9bd32428e01919cca26a035bbb8e9cb00bf410bc3"
 		hash = "a0728184caead84f2e88777d833765f2d8af6a20aad77b426e07e76ef91f5c3f"
 		logic_hash = "875be865b5c6a924c48aada4c97ae39552a9944d9efb4e419dd754ce3f7ec217"
@@ -217243,11 +217594,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Insydesoftwarecorp_Segwindrvxsys_Segwindowsdrive
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - segwindrvx64.sys"
 		author = "Florian Roth"
 		id = "35330a4b-841a-5e61-b8c1-5e02f61ec021"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4045-L4066"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4090-L4111"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c628cda1ef43defc00af45b79949675a8422490d32b080b3a8bb9434242bdbf2"
 		hash = "7164aaff86b3b7c588fc7ae7839cc09c5c8c6ae29d1aff5325adaf5bedd7c9f5"
 		hash = "0d30c6c4fa0216d0637b4049142bc275814fd674859373bd4af520ce173a1c75"
@@ -217275,11 +217626,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmelsys_Trendmicroearlylaunchantim
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Tmel.sys"
 		author = "Florian Roth"
 		id = "f5251fdb-8e6e-5ea7-abdd-3a85dfbda449"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4069-L4088"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4114-L4133"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d0eb3ba0aff471d19260192784bf9f056d669b779b6eaff84e732b7124ce1d11"
 		logic_hash = "434964576b56367bc1ef4a198b6d6315c00c3fea0af9f1e0f08da6b7bd2cd0d1"
 		score = 40
@@ -217305,11 +217656,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Getactechnologycorporation_Mtcbsvsys_Getacsystem
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - GtcKmdfBs.sys"
 		author = "Florian Roth"
 		id = "242dd7a2-f959-5394-aa81-9984a80fe634"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4091-L4111"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4136-L4156"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "edbb23e74562e98b849e5d0eefde3af056ec6e272802a04b61bebd12395754e5"
 		hash = "4b465faf013929edf2f605c8cd1ac7a278ddc9a536c4c34096965e6852cbfb51"
 		logic_hash = "0a729463c077e67113c7aeb1347b6ff2374fa8e4e5524b05c0a5ed2194b605b6"
@@ -217336,11 +217687,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_2FBB : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "a688139a-c44f-5a93-933d-73369facec6c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4114-L4133"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4159-L4178"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2fbbc276737047cb9b3ba5396756d28c1737342d89dce1b64c23a9c4513ae445"
 		logic_hash = "b25969777810ff75d8cc35ae042a58e35f268c09aaa6f7fd6e10b1a1741898b4"
 		score = 40
@@ -217366,11 +217717,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - procexp.Sys"
 		author = "Florian Roth"
 		id = "25dd8cda-6aa3-595c-8502-cc83e04b8235"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4136-L4155"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4181-L4200"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "bced04bdefad6a08c763265d6993f07aa2feb57d33ed057f162a947cf0e6668f"
 		logic_hash = "21a234179b5f2ae97262100f990587238339777bf919f8a9f04e84e64c77fb1d"
 		score = 40
@@ -217396,11 +217747,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiowxsys_Realtekiodriver_082C : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtkio.sys, rtkio64.sys, rtkiow8x64.sys, rtkiow10x64.sys"
 		author = "Florian Roth"
 		id = "48446c71-f353-5f4f-a158-20bc7dec694f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4158-L4177"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4203-L4222"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "082c39fe2e3217004206535e271ebd45c11eb072efde4cc9885b25ba5c39f91d"
 		logic_hash = "805a4da51dd1a85c46b830b747ed15f5cfb7539b42fd598987d3cd879d93cc97"
 		score = 40
@@ -217426,11 +217777,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_1493 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nscm.sys"
 		author = "Florian Roth"
 		id = "f1b0bccc-950b-5039-b181-fe4cee4e84b1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4180-L4203"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4225-L4248"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "14938f68957ede6e2b742a550042119a8fbc9f14427fb89fa53fff12d243561c"
 		hash = "28999af32b55ddb7dcfc26376a244aa2fe297233ce7abe4919a1aef2f7e2cee7"
 		hash = "41eeeb0472c7e9c3a7146a2133341cd74dd3f8b5064c9dee2c70e5daa060954f"
@@ -217460,11 +217811,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Powertool_Kevpsys_Powertool_7C0F : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - kEvP64.sys"
 		author = "Florian Roth"
 		id = "b4eb0239-e787-50d8-bac9-78178e245bb8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4206-L4233"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4251-L4278"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7c0f77d103015fc29379ba75d133dc3450d557b0ba1f7495c6b43447abdae230"
 		hash = "d9500af86bf129d06b47bcfbc4b23fcc724cfbd2af58b03cdb13b26f8f50d65e"
 		hash = "2a4f4400402cdc475d39389645ca825bb0e775c3ecb7c527e30c5be44e24af7d"
@@ -217498,11 +217849,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_D1F4 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iQVW64.SYS"
 		author = "Florian Roth"
 		id = "c1e8abd1-14c1-5ddd-87cb-647dfcc652fd"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4236-L4255"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4281-L4300"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d1f4949f76d8ac9f2fa844d16b1b45fb1375d149d46e414e4a4c9424dc66c91f"
 		logic_hash = "8152947116f7cb31e716db449c855255c30f5034d065e8287cf480157274ba9b"
 		score = 40
@@ -217528,11 +217879,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_BC45 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "1abef091-37a1-53ee-9de8-c59a79b3775f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4258-L4278"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4303-L4323"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "bc453d428fc224960fa8cbbaf90c86ce9b4c8c30916ad56e525ab19b6516424e"
 		hash = "182bbdb9ecd3932e0f0c986b779c2b2b3997a7ca9375caa2ec59b4b08f4e9714"
 		logic_hash = "283d6d71ba7ace25c248949d232d2ce0c86fa87115304b8d6c07e7564e6757a3"
@@ -217559,11 +217910,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_7CB4 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iQVW64.SYS"
 		author = "Florian Roth"
 		id = "b578c798-3923-51b7-80c7-b4e123dc8747"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4281-L4300"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4326-L4345"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7cb497abc44aad09a38160d6a071db499e05ff5871802ccc45d565d242026ee7"
 		logic_hash = "bec5e91150c9c0760c91f8a2b4b83867af030ede236c8596c3558e0f8fca1004"
 		score = 40
@@ -217589,11 +217940,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Safenetinc_Hostnt_Hostnt_07B6 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HOSTNT.sys"
 		author = "Florian Roth"
 		id = "a1210220-529b-5103-888f-aaa707040eee"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4303-L4322"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4348-L4367"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "07b6d69bafcfd767f1b63a490a8843c3bb1f8e1bbea56176109b5743c8f7d357"
 		logic_hash = "b07f335b6941ef2095903cb8841358bff6b09518a96512d69fdf90bf328888e7"
 		score = 40
@@ -217619,11 +217970,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Psmounterexsys_Psmountere
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - psmounterex.sys"
 		author = "Florian Roth"
 		id = "7e8edeab-8c3f-5a8f-a586-0423505402a8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4325-L4344"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4370-L4389"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4e99d454a56845bb0e622cfd68b895b7868ef7e8a43424e5b7b803f5a2d25eca"
 		logic_hash = "0855dedb2b2ed9e33c64d73a44578696279e83b975ea287f4e9c6e8cd690ca1c"
 		score = 40
@@ -217649,11 +218000,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Rivetnetworksllc_Kfecodrvsys_Killertrafficcontro
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - KfeCo11X64.sys"
 		author = "Florian Roth"
 		id = "a8c05c92-a133-5f8f-bc4e-ff7e21f262e0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4347-L4366"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4392-L4411"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9a91d6e83b8fdec536580f6617f10dfc64eedf14ead29a6a644eb154426622ba"
 		logic_hash = "29ba3734f177a3ca166a3c02d066da4b9e4cbd146724f037ac82e3ced1d7951e"
 		score = 40
@@ -217679,11 +218030,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "efe27764-9166-5ed5-8d08-1944e9fead43"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4369-L4388"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4414-L4433"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "848b150ffcf1301b26634a41f28deacb5ccdd3117d79b590d515ed49849b8891"
 		logic_hash = "e56d5221962e4fe353c0e37cc3bbebf68d785d86f49269d7e6d935ef6cff6f38"
 		score = 40
@@ -217709,11 +218060,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_7CB5 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - zam64.sys, zamguard32.sys, zamguard64.sys"
 		author = "Florian Roth"
 		id = "4af76d57-3f28-5d80-b72a-796f65942488"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4391-L4408"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4436-L4453"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7cb594af6a3655daebc9fad9c8abf2417b00ba31dcd118707824e5316fc0cc21"
 		logic_hash = "df3e79bf8db29cb712ac4fe3670954a0793d7d839f3368ad52e5f826afd18b7f"
 		score = 40
@@ -217737,11 +218088,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asrockincorporation_Asrautochkupddrvsys_Asrautoc
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AsrAutoChkUpdDrv.sys"
 		author = "Florian Roth"
 		id = "78768248-afa1-5e3c-a9cd-c9ab73ea4f74"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4411-L4430"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4456-L4475"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2aa1b08f47fbb1e2bd2e4a492f5d616968e703e1359a921f62b38b8e4662f0c4"
 		logic_hash = "87c0e6a3d0ff8f88e8f190c6b643adde45dc7d4c2aa73b79ba0f38a13bd86f1c"
 		score = 40
@@ -217767,11 +218118,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_97B3 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "ef15eec0-caf8-58e9-9c63-cfee3275253d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4433-L4453"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4478-L4498"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "97b32ddf83f75637e3ba934df117081dd6a1c57d47a4c9700d35e736da11d5bd"
 		hash = "89108a15f009b285db4ef94250b889d5b11b96b4aa7b190784a6d1396e893e10"
 		logic_hash = "800b43309abd2921378c28cace1ccfb2f7d3420c0f7059c9cbd7422095cbba43"
@@ -217798,11 +218149,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_0EAB : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - sandra.sys"
 		author = "Florian Roth"
 		id = "ca020c04-c1b4-5496-bbac-beb1ea4537aa"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4456-L4475"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4501-L4520"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0eab16c7f54b61620277977f8c332737081a46bc6bbde50742b6904bdd54f502"
 		logic_hash = "a4b1e73c5706e29fc31722f82bdf03c705a03821feb22da48c8c5d0d0f7f2dbb"
 		score = 40
@@ -217828,11 +218179,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiosys_Realtekiodriver_8EF5 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtkio.sys, rtkio64.sys, rtkiow8x64.sys, rtkiow10x64.sys"
 		author = "Florian Roth"
 		id = "ccd6832d-72d2-599d-9eba-7616e59120e2"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4478-L4497"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4523-L4542"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "8ef59605ebb2cb259f19aba1a8c122629c224c58e603f270eaa72f516277620c"
 		logic_hash = "d0b94553fb03576dea69fd13042db119825009c0a90ba111560102fed8bb3154"
 		score = 40
@@ -217858,11 +218209,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_1F15 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "f24de207-322f-596a-94c0-ec3ef3f2b907"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4500-L4519"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4545-L4564"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1f15fd9b81092a98fabcc4ac95e45cec2d9ff3874d2e3faac482f3e86edad441"
 		logic_hash = "5eebc2d90e6d17134c100e4f04271f4e1f6546a6c74ef4737e60ec76d4fa8227"
 		score = 40
@@ -217888,11 +218239,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Insydesoftwarecorp_Segwindrvxsys_Segwindowsdrive
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - segwindrvx64.sys"
 		author = "Florian Roth"
 		id = "2cd9eb8f-25c1-5bd2-a5be-ae295ee7179f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4522-L4541"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4567-L4586"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0452a6e8f00bae0b79335c1799a26b2b77d603451f2e6cc3b137ad91996d4dec"
 		logic_hash = "3e5eddf984eb85a304bd19a444238850dc2d153f8e59bb215a08f781efc270c6"
 		score = 40
@@ -217918,11 +218269,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_818E : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "534b26bd-7298-5e16-ba49-f48b1bc405d7"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4544-L4563"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4589-L4608"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "818e396595d08d724666803cd29dac566dc7db23bf50e9919d04b33afa988c01"
 		logic_hash = "de48cb605c339f13f94451361531ea2661d79311aacbb87878b24866766b6e3f"
 		score = 40
@@ -217948,11 +218299,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_6FFD : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "b0799b63-2938-586a-8a10-c3d9916b3d01"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4566-L4585"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4611-L4630"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6ffdde6bc6784c13c601442e47157062941c47015891e7139c2aaba676ab59cc"
 		logic_hash = "f8d629b1c9b785204c61c95ac83dc7516db14aa8abd68dc8cb5250d53408f20d"
 		score = 40
@@ -217978,11 +218329,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cpuid_Cpuzsys_Cpuidservice_7710 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - cpuz.sys"
 		author = "Florian Roth"
 		id = "9b4f6fc7-e597-5efd-9a85-6fd63fa9844b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4588-L4612"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4633-L4657"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "771015b2620942919bb2e0683476635b7a09db55216d6fbf03534cb18513b20c"
 		hash = "8d57e416ea4bb855b78a2ff3c80de1dfbb5dc5ee9bfbdddb23e46bd8619287e2"
 		hash = "6c5c6c350c8dd4ca90a8cca0ed1eeca185ebc67b1100935c8f03eb3032aca388"
@@ -218013,11 +218364,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Razerinc_Rzpnk_Rzpnk_AD8F : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rzpnk.sys"
 		author = "Florian Roth"
 		id = "f811136f-64db-5a3e-b4f3-e4c92c43b888"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4615-L4635"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4660-L4680"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ad8fd8300ed375e22463cea8767f68857d9a3b0ff8585fbeb60acef89bf4a7d7"
 		hash = "0507d893e3fd2917c81c1dc13ccb22ae5402ab6ca9fb8d89485010838050d08d"
 		logic_hash = "2cbeb5784c1f074b8d76d8f884e7529b8c137ff6b9df0320db677927766fcc70"
@@ -218044,11 +218395,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ludashicom_Computerzsys_71C0 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "f25a60ba-cfb0-5287-97b7-3a17b0aceca9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4638-L4662"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4683-L4707"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "71c0ce3d33352ba6a0fb26e274d0fa87dc756d2473e104e0f5a7d57fab8a5713"
 		hash = "13ae3081393f8100cc491ebb88ba58f0491b3550787cf3fd25a73aa7ca0290d9"
 		hash = "8781589c77df2330a0085866a455d3ef64e4771eb574a211849784fdfa765040"
@@ -218079,11 +218430,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrserverddkprovider_Speedfansys_Windowsrse
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - speedfan.sys"
 		author = "Florian Roth"
 		id = "c683be43-e577-5248-8a28-b13dbefd7f91"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4665-L4684"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4710-L4729"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "22be050955347661685a4343c51f11c7811674e030386d2264cd12ecbf544b7c"
 		logic_hash = "ce5fb5f559f97130403f8f4c22a2f223892ba46b1df9fd6a99624e879a3fcea3"
 		score = 40
@@ -218109,11 +218460,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Openlibsysorg_Openlibsyssys_Openlibsys_9131 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - OpenLibSys.sys"
 		author = "Florian Roth"
 		id = "94026bd4-e66c-551c-b054-b3b5191a5bb2"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4687-L4706"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4732-L4751"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "91314768da140999e682d2a290d48b78bb25a35525ea12c1b1f9634d14602b2c"
 		logic_hash = "e61f4452ecae438072b37ae00ca67401541db0e8f6d5b0f1d697190fdff16d23"
 		score = 40
@@ -218139,11 +218490,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Isinc_Avenger_Stopzilla_6BC0 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - szkg64.sys"
 		author = "Florian Roth"
 		id = "466f2957-242d-564c-b968-f3af0397cb73"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4709-L4728"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4754-L4773"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6bc0e1c104fac4a8caa4237c7ae181ca11a043a3ee26426aeb7a90dc40281fad"
 		logic_hash = "4ef7e829d988191c01804a089f93a0954f7d91813c3bd02b885e93408e268d06"
 		score = 40
@@ -218169,11 +218520,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_E4EC : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt64.sys"
 		author = "Florian Roth"
 		id = "888a2b05-46c1-54b2-a996-14fb9fae5779"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4731-L4750"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4776-L4795"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e4eca7db365929ff7c5c785e2eab04ef8ec67ea9edcf7392f2b74eccd9449148"
 		logic_hash = "08fa3c764599e1f0cb4e76b38b9d577a2fd70fb3f6f3e8e70eea65f0cf16d93a"
 		score = 40
@@ -218199,11 +218550,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustekcomputerinc_Atsziosys_Atsziodriver_FB6B :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ATSZIO.sys"
 		author = "Florian Roth"
 		id = "106afe18-1312-559d-87f5-319d67d36435"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4753-L4772"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4798-L4817"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "fb6b0d304433bf88cc7d57728683dbb4b9833459dc33528918ead09b3907ff22"
 		logic_hash = "f62cc8ddd443bf196d36d5a3a2724aff4858fcc78abcdbb3cf7362228fde7a7b"
 		score = 40
@@ -218229,11 +218580,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - procexp.Sys"
 		author = "Florian Roth"
 		id = "e58174ba-c931-549b-bf5d-bdc9aeb362cc"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4775-L4795"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4820-L4840"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "075de997497262a9d105afeadaaefc6348b25ce0e0126505c24aa9396c251e85"
 		hash = "cdfbe62ef515546f1728189260d0bdf77167063b6dbb77f1db6ed8b61145a2bc"
 		logic_hash = "467c47d2a64332dc3b94a3b55655f0e0c4f10b19e8724718b8f2ccf97ffe6446"
@@ -218260,11 +218611,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Micsystechnologycoltd_Msiosys_Msiodriverversion_
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - MsIo64.sys"
 		author = "Florian Roth"
 		id = "65c75c41-8edb-526b-b0e8-73eea5cb7502"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4798-L4819"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4843-L4864"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ae42afa9be9aa6f6a5ae09fa9c05cd2dfb7861dc72d4fd8e0130e5843756c471"
 		hash = "d636c011b8b2896572f5de260eb997182cc6955449b044a739bd19cbe6fdabd2"
 		hash = "0f035948848432bc243704041739e49b528f35c82a5be922d9e3b8a4c44398ff"
@@ -218292,11 +218643,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Vektortsecurityservice_Vboxdrv_Antidetectpublic_
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxDrv.sys"
 		author = "Florian Roth"
 		id = "1305b627-146c-5ec6-9e27-abac84f5a2f4"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4822-L4841"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4867-L4886"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3724b39e97936bb20ada51c6119aded04530ed86f6b8d6b45fbfb2f3b9a4114b"
 		logic_hash = "6c2a12c5866686cde0e621bd35b73079d7d37d5b5d4b42bb962435a73682c32b"
 		score = 40
@@ -218322,11 +218673,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_2380 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "24415567-6904-52b1-964d-1a0a4aefe08e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4844-L4863"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4889-L4908"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "238046cfe126a1f8ab96d8b62f6aa5ec97bab830e2bae5b1b6ab2d31894c79e4"
 		logic_hash = "7ac9c6ae541d6689a986d884e96f2f024a18736a59b02a1103e44538d725bb52"
 		score = 40
@@ -218352,11 +218703,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "6ffeb0f5-e438-5187-8cbb-53f3fec6ab06"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4866-L4886"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4911-L4931"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d7c90cf3fdbbd2f40fe6a39ad0bb2a9a97a0416354ea84db3aeff6d925d14df8"
 		hash = "64a8e00570c68574b091ebdd5734b87f544fa59b75a4377966c661d0475d69a5"
 		logic_hash = "1e5669c7c79c027bdef5dbd135b35ea4e9af8c164b6b8f027490e2fa49ebf904"
@@ -218383,11 +218734,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_A97B : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "2644da4b-8a15-5b41-b92c-6e4cd2e2d696"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4889-L4909"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4934-L4954"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a97b404aae301048e0600693457c3320d33f395e9312938831bc5a0e808f2e67"
 		hash = "47c490cc83a17ff36a1a92e08d63e76edffba49c9577865315a6c9be6ba80a7d"
 		logic_hash = "1b7961c9c0e0812fa68f330f45ba1834a246f3571e9086280b03c155865746e9"
@@ -218414,11 +218765,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibxsys_Ntiolibx_1E8B : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NTIOLib.sys"
 		author = "Florian Roth"
 		id = "208dd67e-2d2d-5104-a497-1311cea9e223"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4912-L4932"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4957-L4977"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1e8b0c1966e566a523d652e00f7727d8b0663f1dfdce3b9a09b9adfaef48d8ee"
 		hash = "5d530e111400785d183057113d70623e17af32931668ab7c7fc826f0fd4f91a3"
 		logic_hash = "673d993f0ad7800551cfc11d73a38aa37b306902f2d28db4d5ec5f33bc51f21f"
@@ -218445,11 +218796,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Featureintegrationtechnologyinc_Fintekpciecom_81
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - FPCIE2COM.sys"
 		author = "Florian Roth"
 		id = "d741c03b-0ad5-5cf7-8fcd-3267c3f40d64"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4935-L4954"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L4980-L4999"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "81fbc9d02ef9e05602ea9c0804d423043d0ea5a06393c7ece3be03459f76a41d"
 		hash = "ebf0e56a1941e3a6583aab4a735f1b04d4750228c18666925945ed9d7c9007e1"
 		logic_hash = "24ae9365e55b29c55f83f944154f8fd4643c733f33cfb6542e9159b52acdb9c3"
@@ -218475,11 +218826,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - procexp.Sys"
 		author = "Florian Roth"
 		id = "c5104fcb-7d6a-54dc-a79e-366f16ecd8a0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4957-L4978"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5002-L5023"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6bfc0f425de9f4e7480aa2d1f2e08892d0553ed0df1c31e9bf3d8d702f38fa2e"
 		hash = "3c7e5b25a33a7805c999d318a9523fcae46695a89f55bbdb8bb9087360323dfc"
 		hash = "46621554728bc55438c7c241137af401250f062edef6e7efecf1a6f0f6d0c1f7"
@@ -218507,11 +218858,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - procexp.Sys"
 		author = "Florian Roth"
 		id = "7c796850-8413-53b0-bbbd-4991c1af6626"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L4981-L5000"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5026-L5045"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7a48f92a9c2d95a72e18055cac28c1e7e6cad5f47aa735cbea5c3b82813ccfaf"
 		logic_hash = "3827cad3f54342cba5e6cfc98b2e30522feb79ea8917d882b95dcc66863e389d"
 		score = 40
@@ -218537,11 +218888,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_45F4 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - zam64.sys, zamguard32.sys, zamguard64.sys"
 		author = "Florian Roth"
 		id = "56dc2fa5-c19c-5a77-9590-e7a957ccb27f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5003-L5019"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5048-L5064"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "45f42c5d874369d6be270ea27a5511efcca512aeac7977f83a51b7c4dee6b5ef"
 		logic_hash = "539d1795ae819c2705e77cb41ec4248c7239ffa8cd805addbb9e5da5e98a83e2"
 		score = 40
@@ -218564,11 +218915,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_4D05 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iQVW64.SYS"
 		author = "Florian Roth"
 		id = "e52c22aa-347f-5618-93b8-b4dab3f04b35"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5022-L5048"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5067-L5093"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4d0580c20c1ba74cf90d44c82d040f0039542eea96e4bbff3996e6760f457cee"
 		hash = "77c5e95b872b1d815d6d3ed28b399ca39f3427eeb0143f49982120ff732285a9"
 		hash = "cff9aa9046bdfd781d34f607d901a431a51bb7e5f48f4f681cc743b2cdedc98c"
@@ -218601,11 +218952,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_86A1 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "57b41ebc-6c75-5ba3-b2fc-0bb50e92207b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5051-L5070"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5096-L5115"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "86a1b1bacc0c51332c9979e6aad84b5fba335df6b9a096ccb7681ab0779a8882"
 		logic_hash = "ed28688de49b089def60861ffe53f4e3a7f714b255035fdb19122375c83ebac2"
 		score = 40
@@ -218631,11 +218982,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_61BE : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "8242879f-ce39-5f05-b43e-ec2c6b185e82"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5073-L5092"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5118-L5137"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "61befeef14783eb0fed679fca179d2f5c33eb2dcbd40980669ca2ebeb3bf11cf"
 		logic_hash = "70969db52d4e88e1662902634e0cb21c44ab694928e15e4bdaa9a1b2604146dd"
 		score = 40
@@ -218661,11 +219012,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrserverddkprovider_Gdrvsys_Windowsrserver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - gdrv.sys"
 		author = "Florian Roth"
 		id = "e7728971-efb9-5c8b-8600-8f2b393d966e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5095-L5117"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5140-L5162"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "88992ddcb9aaedb8bfcc9b4354138d1f7b0d7dddb9e7fcc28590f27824bee5c3"
 		hash = "31f4cfb4c71da44120752721103a16512444c13c2ac2d857a7e6f13cb679b427"
 		hash = "6f1fc8287dd8d724972d7a165683f2b2ad6837e16f09fe292714e8e38ecd1e38"
@@ -218694,11 +219045,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Filseclabcorporation_Fildds_Filseclabdynamicdefe
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - fildds.sys"
 		author = "Florian Roth"
 		id = "6a9cf1b0-8d2c-522b-8fca-7f81f2aead8d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5120-L5139"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5165-L5184"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f8c07b6e2066a5a22a92d9f521ecdeb8c68698c400e4b83e0501b9f340957c22"
 		logic_hash = "5eb7f097384c0e4b418611a37d6a03dc7a6ff21814716489bf35e0bd43f390cf"
 		score = 40
@@ -218724,11 +219075,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_BE8D :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "e655289a-61d1-5908-b495-ce2c00caae3c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5142-L5161"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5187-L5206"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "be8dd2d39a527649e34dc77ef8bc07193a4234b38597b8f51e519dadc5479ec2"
 		logic_hash = "98be6af9aa551ba153413f75d4038b2840181418e0b8eba2cfcac2aa29a4460e"
 		score = 40
@@ -218754,11 +219105,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_3E85 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "fde3f78e-f20e-5172-bede-b089c0851680"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5164-L5183"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5209-L5228"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3e85cf32562a47d51827b21ab1e7f8c26c0dbd1cd86272f3cc64caae61a7e5fb"
 		logic_hash = "23d11200a9d5ad71d8578e3ec3ac40ad6f7d9971177aa59a1ea6bac3de4f0b04"
 		score = 40
@@ -218784,11 +219135,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_3070 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NTIOLib.sys"
 		author = "Florian Roth"
 		id = "38ae805f-4be8-526f-b3b3-d644b05c2b25"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5186-L5205"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5231-L5250"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "30706f110725199e338e9cc1c940d9a644d19a14f0eb8847712cba4cacda67ab"
 		logic_hash = "05e9f35f83489d262ffece0c406eebf1b81514ea60278415fbc53adc0bc365fb"
 		score = 40
@@ -218814,11 +219165,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_CC58 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NTIOLib.sys"
 		author = "Florian Roth"
 		id = "cfb96174-106f-5ad0-875b-1be75f70ce51"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5208-L5227"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5253-L5272"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "cc586254e9e89e88334adee44e332166119307e79c2f18f6c2ab90ce8ba7fc9b"
 		logic_hash = "8eb46633cce7959cfefbc65ede889c748a077cddc59fb79d87b54ddcd42ca524"
 		score = 40
@@ -218844,11 +219195,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrcodenamelonghornddkprovider_Rtkiosys_Win
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtkio.sys, rtkio64.sys, rtkiow8x64.sys, rtkiow10x64.sys"
 		author = "Florian Roth"
 		id = "346488b2-5390-528e-8d54-5ed3dbc6e322"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5230-L5251"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5275-L5296"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "916c535957a3b8cbf3336b63b2260ea4055163a9e6b214f2a7005d6d36a4a677"
 		hash = "caa85c44eb511377ea7426ff10df00a701c07ffb384eef8287636a4bca0b53ab"
 		hash = "478917514be37b32d5ccf76e4009f6f952f39f5553953544f1b0688befd95e82"
@@ -218876,11 +219227,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Pctools_Tfsysmon_Threatfire_1C1A : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TfSysMon.sys"
 		author = "Florian Roth"
 		id = "332a79ef-bc05-55ee-b8e8-7131bd902aa3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5254-L5273"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5299-L5318"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1c1a4ca2cbac9fe5954763a20aeb82da9b10d028824f42fff071503dcbe15856"
 		logic_hash = "0ae5e3ee2abf46ed4ebc5603e0a036fcaf50b7ebae68b8e0ee7d9894596f580a"
 		score = 40
@@ -218900,17 +219251,47 @@ rule LOLDRIVERS_PUA_VULN_Driver_Pctools_Tfsysmon_Threatfire_1C1A : FILE
 	condition:
 		uint16( 0 ) == 0x5a4d and filesize < 100KB and all of them
 }
+rule LOLDRIVERS_PUA_VULN_Driver_Watchdogdevelopmentcomllc_Amsdksys_Amsdk_12B3 : FILE
+{
+	meta:
+		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - amsdk.sys"
+		author = "Florian Roth"
+		id = "53f0beac-c024-55d0-991f-34076f1072bb"
+		date = "2025-09-18"
+		modified = "2025-09-18"
+		reference = "https://github.com/magicsword-io/LOLDrivers"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5321-L5340"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
+		hash = "12b3d8bc5cc1ea6e2acd741d8a80f56cf2a0a7ebfa0998e3f0743fcf83fabb9e"
+		logic_hash = "ddcafc0b3df42b2ed678b967acb874bd2b5bc87778fa0da11eff1bc9c7bc55ad"
+		score = 40
+		quality = 80
+		tags = "FILE"
+
+	strings:
+		$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]005700610074006300680044006f006700200041006e00740069006d0061006c00770061007200650020004400720069007600650072 }
+		$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]005700610074006300680044006f00670044006500760065006c006f0070006d0065006e0074002e0063006f006d002c0020004c004c0043002e }
+		$ = { 00460069006c006500560065007200730069006f006e[1-8]0031002e0030002e003600300030 }
+		$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0031002e0030002e003600300030 }
+		$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0061006d00730064006b002e007300790073 }
+		$ = { 00500072006f0064007500630074004e0061006d0065[1-8]0061006d00730064006b }
+		$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0061006d00730064006b002e007300790073 }
+		$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f0070007900720069006700680074002000280043002900200032003000320033 }
+
+	condition:
+		uint16( 0 ) == 0x5a4d and filesize < 200KB and all of them
+}
 rule LOLDRIVERS_PUA_VULN_Driver_Nmscommunications_Cgkwinksys_Ctaccess_223F : FILE
 {
 	meta:
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - cg6kwin2k.sys"
 		author = "Florian Roth"
 		id = "0de735b8-bbaf-551c-91f0-245740c1c78b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5276-L5295"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5343-L5362"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "223f61c3f443c5047d1aeb905b0551005a426f084b7a50384905e7e4ecb761a1"
 		logic_hash = "2ec82ad1a839ff65d3e8288ed161650bd678f8a201bb513bd869d1e9bcfb2a65"
 		score = 40
@@ -218936,11 +219317,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_E4D9 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "b0ef62c7-b223-5d70-883d-1a6a3d28dc0d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5298-L5317"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5365-L5384"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e4d9f037411284e996a002b15b49bc227d085ee869ae1cd91ba54ff7c244f036"
 		logic_hash = "e17c01d291e60fff225ee60e296450ab2d4a293084dc4c07de7347f55566d7ee"
 		score = 40
@@ -218966,11 +219347,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Insydesoftwarecorp_Segwindrvxsys_Segwindowsdrive
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - segwindrvx64.sys"
 		author = "Florian Roth"
 		id = "33a0b3ee-4ea1-54ba-95ef-cebfcaa7945d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5320-L5339"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5387-L5406"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "b9ae1d53a464bc9bb86782ab6c55e2da8804c80a361139a82a6c8eef30fddd7c"
 		logic_hash = "dac574b12f72b99fe66500edb6447802f95ad8d6c787ddbea69b36a1c0dfdab7"
 		score = 40
@@ -218996,11 +219377,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Cupfixerxsys_Windowsrwind
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - CupFixerx64.sys"
 		author = "Florian Roth"
 		id = "32559d4c-eef4-5b67-a74c-f89589bc446b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5342-L5361"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5409-L5428"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "8c748ae5dcc10614cc134064c99367d28f3131d1f1dda0c9c29e99279dc1bdd9"
 		logic_hash = "d0eb0738da64ce1a94278a422e829f01d1514ac4536fc2187aa5f4112b70f6e0"
 		score = 40
@@ -219026,11 +219407,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevicesinc_Pdfwkrnlsys_Usbcpowerdel
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - PDFWKRNL.sys"
 		author = "Florian Roth"
 		id = "2eb54e4c-3e7b-5b75-895e-5985c8536282"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5364-L5384"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5431-L5451"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0cf84400c09582ee2911a5b1582332c992d1cd29fcf811cb1dc00fcd61757db0"
 		hash = "f190919f1668652249fa23d8c0455acbde9d344089fde96566239b1a18b91da2"
 		logic_hash = "6497a69a7fd7502a78ec6d373a2b0bdc1da73bca4590a256f7094463e0f0b363"
@@ -219057,11 +219438,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustekcomputerinc_Eiosys_Asusvgakernelmodedrive
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - EIO.sys"
 		author = "Florian Roth"
 		id = "1c0669aa-b156-580f-9bb0-d69502af6a7f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5387-L5406"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5454-L5473"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "b17507a3246020fa0052a172485d7b3567e0161747927f2edf27c40e310852e0"
 		logic_hash = "bfcaa037bc06303a0de6a0372cd9dd49bd9801610989df46ca19fd844b22560e"
 		score = 40
@@ -219087,11 +219468,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "5edd8373-0756-59cf-8079-8cfd5b1fd454"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5409-L5428"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5476-L5495"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4d777a9e2c61e8b55b3c34c5265b301454bb080abe7ffb373e7800bd6a498f8d"
 		logic_hash = "bed34d3bcb856628a688bb189f5bc1a0adf2384698ac28196fc5313e57387a1e"
 		score = 40
@@ -219117,11 +219498,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_2AFD : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "4dc89f62-c0e0-5abf-9774-3ca21f8a1d8e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5431-L5450"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5498-L5517"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2afdb3278a7b57466a103024aef9ff7f41c73a19bab843a8ebf3d3c4d4e82b30"
 		logic_hash = "a687639311529ca919f90d478ddbb39e441ce24a58be056af7a7108db3f11f25"
 		score = 40
@@ -219147,11 +219528,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_00D9 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "608b2435-4923-5979-9fbd-1a4cff95a450"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5453-L5472"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5520-L5539"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "00d9781d0823ab49505ef9c877aa6fa674e19ecc8b02c39ee2728f298bc92b03"
 		logic_hash = "dd1b181f975ada1e7d1def32be88e41df2f994c698e794dc0fade119b0eabf2d"
 		score = 40
@@ -219177,11 +219558,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - DcProtect.sys"
 		author = "Florian Roth"
 		id = "52742e0b-0e2f-5a83-9993-b3cde1a5cb5e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5475-L5494"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5542-L5561"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c35cab244bd88bf0b1e7fc89c587d82763f66cf1108084713f867f72cc6f3633"
 		logic_hash = "f9010e0f70eb1c94a1e41e5999623f5eeb6aff155c36cb7b17c196eb363a62c4"
 		score = 40
@@ -219207,11 +219588,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustekcomputerinc_Iomapsys_Asuskernelmodedriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - IOMap64.sys"
 		author = "Florian Roth"
 		id = "8b2fbab4-4b54-57dc-9591-1d993e844dc0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5497-L5516"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5564-L5583"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ea85bbe63d6f66f7efee7007e770af820d57f914c7f179c5fee3ef2845f19c41"
 		logic_hash = "f9ffedd3761c0cf68d5f862ceb8e22a61a5da73e757cf92317085b714656e139"
 		score = 40
@@ -219237,11 +219618,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_E05E : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt.sys"
 		author = "Florian Roth"
 		id = "71c7a688-d20a-57c3-b4c5-b8344e936900"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5519-L5538"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5586-L5605"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e05eeb2b8c18ad2cb2d1038c043d770a0d51b96b748bc34be3e7fc6f3790ce53"
 		logic_hash = "94ee30a5cbd1ff47cddf35ec2205d9008857e87c457dce025501132231a146e4"
 		score = 40
@@ -219267,11 +219648,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "15332784-229c-5b5e-b06c-2ea6cff64113"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5541-L5560"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5608-L5627"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e4522e2cfa0b1f5d258a3cf85b87681d6969e0572f668024c465d635c236b5d9"
 		logic_hash = "0a35b3e88bb078e61c2769267fdba624d171492b0e4d1c57ecf7ea770fa2f44d"
 		score = 40
@@ -219297,11 +219678,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Marvintestsolutionsinc_Hwsys_Hw_5596 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - hw.sys"
 		author = "Florian Roth"
 		id = "2a470258-2ec1-5d80-8ce8-d8f83a27c365"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5563-L5583"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5630-L5650"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "55963284bbd5a3297f39f12f0d8a01ed99fe59d008561e3537bcd4db4b4268fa"
 		hash = "4880f40f2e557cff38100620b9aa1a3a753cb693af16cd3d95841583edcb57a8"
 		logic_hash = "fcfc255a20b512b38057022c05a694e757b08950d6d35b3c361b0559da51a689"
@@ -219328,11 +219709,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Getactechnologycorporation_Mtcbsvsys_Getacsystem
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - GtcKmdfBs.sys"
 		author = "Florian Roth"
 		id = "b8357662-5966-55fc-801f-a82f137edcd4"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5586-L5605"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5653-L5672"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e6023b8fd2ce4ad2f3005a53aa160772e43fe58da8e467bd05ab71f3335fb822"
 		logic_hash = "6e220e39e765c6af5d2e80cce4a4a07b587ccd559e0cb455d56046cf4c2ff447"
 		score = 40
@@ -219358,11 +219739,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Genitlkiwibenjaminxxxxx_Titidrv_Titidrvtiticatz_
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - titidrv.sys"
 		author = "Florian Roth"
 		id = "06cdecba-e002-5354-ac4a-09bd8178ae37"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5608-L5627"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5675-L5694"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "208ea38734979aa2c86332eba1ea5269999227077ff110ac0a0d411073165f85"
 		logic_hash = "c1a57d6f66fd8818dd72813a3bac78eab44b2b546f65a78864739cb55a258d39"
 		score = 40
@@ -219388,11 +219769,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevicesinc_Pdfwkrnlsys_Usbcpowerdel
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - PDFWKRNL.sys"
 		author = "Florian Roth"
 		id = "c43c80e9-64c4-553a-8c2e-1b32cee12673"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5630-L5649"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5697-L5716"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "5df689a62003d26df4aefbaed41ec1205abbf3a2e18e1f1d51b97711e8fcdf00"
 		logic_hash = "b560682fe9ed95a19df7dcc6ea823545d2303a51aaa06dc14e48c73f2e6fe8b7"
 		score = 40
@@ -219418,11 +219799,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_B9AD : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "b5b42779-0d81-5133-864f-f36337593c81"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5652-L5671"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5719-L5738"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "b9ad7199c00d477ebbc15f2dcf78a6ba60c2670dad0ef0994cebccb19111f890"
 		logic_hash = "c8efd23f9fb60831cede71737c5d1e62d94f3b44a2b3da7f29db06ca4599821d"
 		score = 40
@@ -219448,11 +219829,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_348D : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "4856e997-d5de-5bae-a35b-88ab55b77ae7"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5674-L5694"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5741-L5761"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "348dc502ac57d7362c7f222e656c52e630c90bef92217a3bd20e49193b5a69f1"
 		hash = "c186967cc4f2a0cb853c9796d3ea416d233e48e735f02b1bb013967964e89778"
 		logic_hash = "435219f0b49a009eb42ffa096c4acefc48f85d03a8656d5142df20deee19cf08"
@@ -219479,11 +219860,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Mydriverscom_Hwm_Drivergenius_08EB : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - mydrivers.sys"
 		author = "Florian Roth"
 		id = "a944a7a1-f938-548e-8788-a4733d777850"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5697-L5716"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5764-L5783"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "08eb2d2aa25c5f0af4e72a7e0126735536f6c2c05e9c7437282171afe5e322c6"
 		logic_hash = "2371de5547217734226420bbbee12dee897206bd2419387d2c2fc2ae07df7fec"
 		score = 40
@@ -219509,11 +219890,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_3E27 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - SANDRA.sys"
 		author = "Florian Roth"
 		id = "5e116c70-6da1-5397-9b73-32955086c886"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5719-L5738"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5786-L5805"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3e274df646f191d2705c0beaa35eeea84808593c3b333809f13632782e27ad75"
 		logic_hash = "18affdea7f982e47ca4852d9a4a28797a1ca3175c404c8e5c316ee3a610cf858"
 		score = 40
@@ -219539,11 +219920,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Evgatechnologyinc_Windowsvistasmartiodevice_Wind
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - SMARTEIO64.SYS"
 		author = "Florian Roth"
 		id = "a5b9f906-4250-52f7-84ba-ad8f6a5ebabc"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5741-L5760"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5808-L5827"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3c95ebf3f1a87f67d2861dbd1c85dc26c118610af0c9fbf4180428e653ac3e50"
 		logic_hash = "e0bf6bd64e91baa27e1181223cba6f4975b5b5a9fd9918d4c65180ed584b319b"
 		score = 40
@@ -219569,11 +219950,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_033C : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "13af3aa3-b338-57ac-b803-f811b695717e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5763-L5782"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5830-L5849"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "033c4634ab1a43bc3247384864f3380401d3b4006a383312193799dded0de4c7"
 		logic_hash = "fea547a999db61dd4c87d648d8e0e1a50f9c677439d514cfdd0a75a5a6da4c8f"
 		score = 40
@@ -219599,11 +219980,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sunmicrosystemsinc_Vboxusbsys_Virtualboxusbdrive
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxUSB.Sys"
 		author = "Florian Roth"
 		id = "66da7fa1-1387-5a73-858f-05a877f810a9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5785-L5804"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5852-L5871"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "5b26c4678ecd37d1829513f41ff9e9df9ef1d1d6fea9e3d477353c90cc915291"
 		logic_hash = "49554df6ecdbfafbb3cf8f78cdece896830dd842cf1cae1129f11eb69a3588c4"
 		score = 40
@@ -219629,11 +220010,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpot_Avastantivirus_3B6E : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "d2e411b6-da38-5ff0-a24a-78064a5fafcf"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5807-L5826"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5874-L5893"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3b6e85c8fed9e39b21b2eab0b69bc464272b2c92961510c36e2e2df7aa39861b"
 		logic_hash = "f3736282399849376632ee9392bf679779cecbb76fa7bd8ccaff0b787a3370f5"
 		score = 40
@@ -219659,11 +220040,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_7C73 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "ab7574a5-acba-5e3d-9259-e5833d43d195"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5829-L5849"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5896-L5916"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7c731c0ea7f28671ab7787800db69739ea5cd6be16ea21045b4580cf95cbf73b"
 		hash = "fca10cde7d331b7f614118682d834d46125a65888e97bd9fda2df3f15797166c"
 		logic_hash = "9e024ac35be2fe02ecaae96f3cfbbae60b4032986f22710809699049456e979c"
@@ -219690,11 +220071,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Wistroncorporation_Wirwadrvsys_Wistronrwadriver_
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - WiRwaDrv.sys"
 		author = "Florian Roth"
 		id = "67b74d38-f26d-56b9-8a92-c923ad1f797e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5852-L5871"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5919-L5938"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d8fc8e3a1348393c5d7c3a84bcbae383d85a4721a751ad7afac5428e5e579b4e"
 		logic_hash = "e991957205079fb282f9fb248637d4723c940a7e9ab708e68082e99adbed647c"
 		score = 40
@@ -219720,11 +220101,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_1A42 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "d776ad80-318f-5e3c-b006-daa70a14aff4"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5874-L5893"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5941-L5960"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1a42ebde59e8f63804eaa404f79ee93a16bb33d27fb158c6bfbe6143226899a0"
 		logic_hash = "bfd4ff6c58d83e8d09d43d75e655993319283d0a41407d20417011d663791fd3"
 		score = 40
@@ -219750,11 +220131,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ludashicom_Computerzsys_F14D : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "ffc28a07-9de8-5b22-88eb-1fd7e71db360"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5896-L5916"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5963-L5983"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f14da8aa5c8eea8df63cf935481d673fdf3847f5701c310abf4023f9d80ad57d"
 		hash = "c6a5663f20e5cee2c92dee43a0f2868fb0af299f842410f4473dcde7abcb6413"
 		logic_hash = "6d1a98e8b5ab416446cf15cf15a2bad93dfbe9b984b40f5fae523e17e6eb5caa"
@@ -219781,11 +220162,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Toolhouseentwicklungskg_Tsdrvxsys_Toolstardriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TSDRVX64.sys"
 		author = "Florian Roth"
 		id = "5543cfe0-d1dd-531c-be82-6fec90fae8ed"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5919-L5938"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L5986-L6005"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9bf84b41789b3d5d5622732b5c4f5630da189ede2098b0ce166fcae331178377"
 		logic_hash = "4a829ea9d546ee63539f84629527368b2adce9e637530e8b1c699115b5bc099b"
 		score = 40
@@ -219811,11 +220192,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_EC5F : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "1d73baba-017c-527d-9eb8-0eb9865656b6"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5941-L5960"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6008-L6027"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ec5fac0b6bb267a2bd10fc80c8cca6718439d56e82e053d3ff799ce5f3475db5"
 		logic_hash = "74fad50be13de00367a5cecb25f7e3feb53f5e8553fac8cd32edc500a91aad88"
 		score = 40
@@ -219841,11 +220222,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpot_Avginternetsecurit
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "11164331-fdba-5e7d-a2ea-4621b438060a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5963-L5982"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6030-L6049"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "34e0364a4952d914f23f271d36e11161fb6bb7b64aea22ff965a967825a4a4bf"
 		logic_hash = "a2f304406595b6cad63dbc83f32f1a35477d022fe5cad1c11ac9746d3775199d"
 		score = 40
@@ -219871,11 +220252,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_D0BD : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NTIOLib.sys"
 		author = "Florian Roth"
 		id = "81712338-7518-565a-8004-4708808d93ee"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L5985-L6004"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6052-L6071"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d0bd1ae72aeb5f3eabf1531a635f990e5eaae7fdd560342f915f723766c80889"
 		logic_hash = "c285e87a94025916ed6d3fac65761d1ca4bef13102a0a37b256525bf651bd16c"
 		score = 40
@@ -219901,11 +220282,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Atlaccesssys_Windowsrwind
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - atlAccess.sys"
 		author = "Florian Roth"
 		id = "1c6be4ef-90f7-5b77-8490-0362233c02d9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6007-L6026"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6074-L6093"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0b57569aaa0f4789d9642dd2189b0a82466b80ad32ff35f88127210ed105fe57"
 		logic_hash = "93d5121da2037ffcc961550b6859bff4257f56b783d7c49e442dc97a3f9257ae"
 		score = 40
@@ -219931,11 +220312,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "f6ca1049-6a11-5bdb-a9b7-79200c57e339"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6029-L6048"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6096-L6115"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "909f6c4b8f779df01ef91e549679aa4600223ac75bc7f3a3a79a37cee2326e77"
 		logic_hash = "4e4a093fcdd97298aa6ead7c4412263837a7403f87b4d8f72e6ea27bc6f4d15f"
 		score = 40
@@ -219961,11 +220342,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_3C18 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - zam64.sys, zamguard32.sys, zamguard64.sys"
 		author = "Florian Roth"
 		id = "94b7a58c-0092-5d81-985f-330599efe25a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6051-L6067"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6118-L6134"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3c18ae965fba56d09a65770b4d8da54ccd7801f979d3ebd283397bc99646004b"
 		logic_hash = "4f958ccb21b5cbd28c25a9c2e1a08fcf00e24bfa9e7814b9e68b87814dd04f4c"
 		score = 40
@@ -219988,11 +220369,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_2B4C : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt64.sys"
 		author = "Florian Roth"
 		id = "a337e8f1-1473-51a4-9098-69719f0c48e4"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6070-L6089"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6137-L6156"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2b4c7d3820fe08400a7791e2556132b902a9bbadc1942de57077ecb9d21bf47a"
 		logic_hash = "3db68ef927d373e7774d52bbf1dccfa2960b4bb1b42a32a181ad9e1f00458f23"
 		score = 40
@@ -220018,11 +220399,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Innotekgmbh_Iprt_Virtualboxguestadditions_BBF5 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxMouseNT.sys"
 		author = "Florian Roth"
 		id = "a1a4e7d1-5a54-5265-8911-117e50071c7e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6092-L6111"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6159-L6178"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "bbf564a02784d53b8006333406807c3539ee4a594585b1f3713325904cb730ec"
 		logic_hash = "7f5480d84195854bdc5c7554495e0ecd9b69b9c527152def1e85fd61084fd22d"
 		score = 40
@@ -220048,11 +220429,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cpuid_Cpuzsys_Cpuidservice_58CB : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - cpuz.sys"
 		author = "Florian Roth"
 		id = "651653cc-e1c8-56c6-9061-cbf23ba451a3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6114-L6133"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6181-L6200"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "58cb5439e34be4ede6d93c463cb0433c99a100a1c06fca777eda751fd72c07bf"
 		logic_hash = "191018274ed1abec748b71c2258ad70fc48d175f07a5ae897ee7c069632d1ebf"
 		score = 40
@@ -220078,11 +220459,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tenasyscorporation_Rtifsys_Intime_9399 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtif.sys"
 		author = "Florian Roth"
 		id = "30c2cc30-6613-5158-8cd1-b80eac8d6fbc"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6136-L6156"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6203-L6223"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9399f35b90f09b41f9eeda55c8e37f6d1cb22de6e224e54567d1f0865a718727"
 		hash = "a66b4420fa1df81a517e2bbea1a414b57721c67a4aa1df1967894f77e81d036e"
 		logic_hash = "92139b7123c13dc80c1671b92ad6d1c6d6f4d02e1a3bc07e95cac27c7d43df66"
@@ -220109,11 +220490,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Dtresearchinc_Iomemsys_Iomemsys_3D23 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iomem64.sys"
 		author = "Florian Roth"
 		id = "b29e4411-a408-5bd5-a763-73c18b85e2b2"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6159-L6178"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6226-L6245"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3d23bdbaf9905259d858df5bf991eb23d2dc9f4ecda7f9f77839691acef1b8c4"
 		logic_hash = "4f494f3f2367bbc5751a09b79775ea61f62986b82375c8c98bf6a77203174be1"
 		score = 40
@@ -220139,11 +220520,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_496F : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - SANDRA.sys"
 		author = "Florian Roth"
 		id = "7754e086-1936-5e47-9576-ee940453c5e7"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6181-L6200"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6248-L6267"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "496f4a4021226fb0f1b5f71a7634c84114c29faa308746a12c2414adb6b2a40b"
 		logic_hash = "405e7a16f8290d1d5462227ccf7d42e137bc98f084c9d5763b000d101e615c6a"
 		score = 40
@@ -220169,11 +220550,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - procexp.Sys"
 		author = "Florian Roth"
 		id = "d29981ff-6c7b-55fb-a77e-c16755e988ab"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6203-L6223"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6270-L6290"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1b00d6e5d40b1b84ca63da0e99246574cdd2a533122bc83746f06c0d66e63a6e"
 		hash = "51e91dd108d974ae809e5fc23f6fbd16e13f672f86aa594dae4a5c4bc629b0b5"
 		logic_hash = "191ef735b2fa7cf3c1e0ae1a28e7996580ed2094d214f2ce7b42d856b119eb5e"
@@ -220200,11 +220581,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Multitheftauto_Mtasanandreas_9F4C : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - FairplayKD.sys"
 		author = "Florian Roth"
 		id = "a7059f0e-ae46-506f-a3c0-8ecb6911cd1d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6226-L6243"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6293-L6310"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9f4ce6ab5e8d44f355426d9a6ab79833709f39b300733b5b251a0766e895e0e5"
 		logic_hash = "b8c423a00732d4e0fb4c45c64a6794a466e604feb9d455bc110cf5169f95ab55"
 		score = 40
@@ -220228,11 +220609,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_2732 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "ec2c7c9f-d4cd-5497-9de5-4948767ba125"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6246-L6265"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6313-L6332"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2732050a7d836ae0bdc5c0aea4cdf8ce205618c3e7f613b8139c176e86476d0c"
 		logic_hash = "17723afb429fe90b2e49d61676c6564ce94547b55be45ea6a66cf8d2edcdc49b"
 		score = 40
@@ -220258,11 +220639,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_A153 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nicm.sys"
 		author = "Florian Roth"
 		id = "fde5a9a5-38d3-5ce4-b18d-11fd6a48687d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6268-L6288"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6335-L6355"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a15325e9e6b8e4192291deb56c20c558dde3f96eb682c6e90952844edb984a00"
 		hash = "e728b259113d772b4e96466ab8fe18980f37c36f187b286361c852bd88101717"
 		hash = "4c859b3d11d2ff0049b644a19f3a316a8ca1a4995aa9c39991a7bde8d4f426a4"
@@ -220289,11 +220670,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ludashicom_Computerzsys_3F36 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "9b7d79c3-549b-549f-ab67-b091798154f5"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6291-L6311"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6358-L6378"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3f3684a37b2645fa6827943d9812ffc2d83e89e962935b29874bec7c3714a06f"
 		hash = "37d999df20c1a0b8ffaef9484c213a97b9987ed308b4ba07316a6013fbd31c60"
 		logic_hash = "c82730df0e7b53c67478f3fa01728841eb3794354c3233b87fe342e652fadb2e"
@@ -220320,11 +220701,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_7702 : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HWiNFO32.SYS"
 		author = "Florian Roth"
 		id = "2388fb25-1e77-5225-864e-ef38c9b52007"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6314-L6333"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6381-L6400"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7702f240800528d8186e3e6a26e2680486fed65a6fb5a2a000ad12c1fb61a398"
 		logic_hash = "c2f1170c6fc0353b99f0c0487937d05cba9a79c3b70eafa1895999074c6c4972"
 		score = 40
@@ -220350,11 +220731,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_EF6D : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt64.sys"
 		author = "Florian Roth"
 		id = "28e934c7-1705-5dd7-967f-ac259af3809e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6336-L6355"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6403-L6422"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ef6d3c00f9d0aa31a218094480299ef73fc85146adf62fd0c2f4f88972c5c850"
 		logic_hash = "aff0eae9976189fe89534f7c3f1a35f093627f71d2c65aa446da85185f972bea"
 		score = 40
@@ -220380,11 +220761,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Microfocus_Microfocusxtier_95D5 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - libnicm.sys"
 		author = "Florian Roth"
 		id = "394be6fa-5c49-5af2-ac20-d0da0ffe7624"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6358-L6376"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6425-L6443"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "95d50c69cdbf10c9c9d61e64fe864ac91e6f6caa637d128eb20e1d3510e776d3"
 		logic_hash = "070ce1aff2ca552a049602c694e77bd89caa4f6712d86671e21745d9d88f3bc3"
 		score = 40
@@ -220409,11 +220790,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Z_Computerzsys_Zwuqisystemdriver_61E7 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "c691fecf-9556-5b70-9a84-b645b053cfc0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6379-L6398"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6446-L6465"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "61e7f9a91ef25529d85b22c39e830078b96f40b94d00756595dded9d1a8f6629"
 		logic_hash = "891a11f7f82c6aaa05801bdf0fd82d9786ec1e35c6d699119a801d5cc8e1fe24"
 		score = 40
@@ -220439,11 +220820,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_8DCE : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HWiNFO32.SYS"
 		author = "Florian Roth"
 		id = "176b70cc-3b8c-57f2-82be-42d9a9b9069f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6401-L6420"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6468-L6487"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "8dcec67a1f4903981c3e0ab938784c2f241e041e26748e1c22059e0e507cfb37"
 		logic_hash = "4900c684a248338e686b0da0288fe2937cf5d0f5e453419b6f8091c2fc7fc061"
 		score = 40
@@ -220469,11 +220850,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_E3EF : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "3778fe25-a5d5-5cb0-8f03-9ceed5d71aa9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6423-L6442"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6490-L6509"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e3eff841ea0f2786e5e0fed2744c0829719ad711fc9258eeaf81ed65a52a8918"
 		logic_hash = "50c225f42f3b7ac785d01cc9ad5542ac2e12d26e707d0ed5b8c5415d981479bc"
 		score = 40
@@ -220499,11 +220880,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Arthurliberman_Alsysiosys_Alsysio_7F37 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ALSysIO64.sys"
 		author = "Florian Roth"
 		id = "f523949b-aff9-532a-9f13-983f4a47635d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6445-L6464"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6512-L6531"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7f375639a0df7fe51e5518cf87c3f513c55bc117db47d28da8c615642eb18bfa"
 		logic_hash = "5e796e1ebc587faf2f8255e6229fe4f97f781fd66100398561703320d34728c1"
 		score = 40
@@ -220529,11 +220910,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Panyazilimbilisimteknolojileriticltdsti_Paniosys
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - PanIO.sys"
 		author = "Florian Roth"
 		id = "098abff0-1471-5793-8366-89df85dc216c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6467-L6486"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6534-L6553"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f596e64f4c5d7c37a00493728d8756b243cfdc11e3372d6d6dfeffc13c9ab960"
 		logic_hash = "5694c7f1a74ffd5cdaa143bc563939589305450c3ee24c758fb7379b79f73764"
 		score = 40
@@ -220559,11 +220940,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_6C5A : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nicm.sys"
 		author = "Florian Roth"
 		id = "eb1ea3d1-6435-5ca6-b16a-111befaf2000"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6489-L6508"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6556-L6575"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6c5aef14613b8471f5f4fdeb9f25b5907c2335a4bc18b3c2266fb1ffd8f1741d"
 		hash = "ec1307356828426d60eab78ffb5fc48a06a389dea6e7cc13621f1fa82858a613"
 		logic_hash = "02155af4ab432fbbec1bf582fa8161eb2e39c258bb0f67fcc7054d2f3c8a46be"
@@ -220589,11 +220970,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpot_Avastantivirus_1768 : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "4d79b72a-0848-5fe4-89fe-b16ab03d18d3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6511-L6530"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6578-L6597"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "17687cba00ec2c9036dd3cb5430aa1f4851e64990dafb4c8f06d88de5283d6ca"
 		logic_hash = "5fb10d691fda963001b9a3c07b22db5e63beef984f26bc7d31ad98a1524ce5ff"
 		score = 40
@@ -220619,11 +221000,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_3913 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "26b781e0-c148-5506-b135-9b0b8fbf7cf3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6533-L6554"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6600-L6621"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "39134750f909987f6ebb46cf37519bb80707be0ca2017f3735018bac795a3f8d"
 		hash = "a34e45e5bbec861e937aefb3cbb7c8818f72df2082029e43264c2b361424cbb1"
 		hash = "3e758221506628b116e88c14e71be99940894663013df3cf1a9e0b6fb18852b9"
@@ -220651,11 +221032,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_767E : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "b4b9dbcc-b5bd-5a9b-b190-10e20afc5220"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6557-L6577"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6624-L6644"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "767ef5c831f92d92f2bfc3e6ea7fd76d11999eeea24cb464fd62e73132ed564b"
 		hash = "d9a73df5ac5c68ef5b37a67e5e649332da0f649c3bb6828f70b65c0a2e7d3a23"
 		logic_hash = "624a88bcb301508151c2afdd1d5f076d04e2941dc2178b931f9dcfe3d63ab47d"
@@ -220682,11 +221063,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "17496639-ec11-519b-8143-2d43568e09cd"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6580-L6599"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6647-L6666"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9a54ef5cfbe6db599322967ee2c84db7daabcb468be10a3ccfcaa0f64d9173c7"
 		logic_hash = "a520f2236b800f2dd2b8ac9963b8e9ba3ce782cca2c1b2835540899da65168b5"
 		score = 40
@@ -220712,11 +221093,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Oti_Otipcibussys_Kernelmodedrivertoaccessphysica
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - otipcibus.sys"
 		author = "Florian Roth"
 		id = "71052609-e8a3-5611-ad92-8cf43a0fddf0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6602-L6620"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6669-L6687"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4e3eb5b9bce2fd9f6878ae36288211f0997f6149aa8c290ed91228ba4cdfae80"
 		logic_hash = "ef5cb96dc4f6eaaf24fe9d0a65ccb5efe54cb672a9328b9dc2bbc36af82d96e2"
 		score = 40
@@ -220741,11 +221122,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_DCB8 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "72ff75ea-c085-51bc-806e-1a43127d1c64"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6623-L6642"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6690-L6709"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "dcb815eb8e9016608d0d917101b6af8c84b96fb709dc0344bceed02cbc4ed258"
 		logic_hash = "80b8d0833d2e3675c5a1105725ef61e6914774019d4499c752a25b628a985274"
 		score = 40
@@ -220771,11 +221152,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Micsystechnologycoltd_Msiosys_Msiodriverversion_
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - MsIo64.sys"
 		author = "Florian Roth"
 		id = "a4c49dca-e35c-5326-9b30-729ecf65653c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6645-L6664"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6712-L6731"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "cfcf32f5662791f1f22a77acb6dddfbc970fe6e99506969b3ea67c03f67687ab"
 		logic_hash = "2dd35edfdf8b82b650278186df087c5ae103f3b807faf30c72278521ff56224b"
 		score = 40
@@ -220801,11 +221182,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - DcProtect.sys"
 		author = "Florian Roth"
 		id = "2de9949d-830d-5540-8b4f-1d1262b8b76c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6667-L6686"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6734-L6753"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f8d45fa03f56e2ea14920b902856666b8d44f1f1b16644baf8c1ae9a61851fb6"
 		logic_hash = "522145d0081891d18a0c1e657ca6228962e97325697b556d97a4fe311efa3aee"
 		score = 40
@@ -220831,11 +221212,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Topazofd_Wsddprmsys_Wsddprm_FF5D : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - wsftprm.sys"
 		author = "Florian Roth"
 		id = "1508089d-643b-5227-a7f8-65ea76ab8322"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6689-L6708"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6756-L6775"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ff5dbdcf6d7ae5d97b6f3ef412df0b977ba4a844c45b30ca78c0eeb2653d69a8"
 		logic_hash = "c25dd8bbf80a39f0e1bb064afccba84a4b648887609c87bc370e26f3801efaeb"
 		score = 40
@@ -220861,11 +221242,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_D0E4 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ngiodriver.sys"
 		author = "Florian Roth"
 		id = "a85c77e3-b898-568a-afae-39452ba4b84a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6711-L6731"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6778-L6798"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d0e4d3e1f5d5942aaf2c72631e9490eecc4d295ee78c323d8fe05092e5b788eb"
 		hash = "2ad8c38f6e0ca6c93abe3228c8a5d4299430ce0a2eeb80c914326c75ba8a33f9"
 		logic_hash = "6a29c44686032d2367b1b4b9ef342239b9490e48ba1cc5f862b66f3de6a3f4b2"
@@ -220892,11 +221273,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "5a49351a-0d32-55e6-acb8-f55a861a7da2"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6734-L6754"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6801-L6821"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "77da3e8c5d70978b287d433ae1e1236c895b530a8e1475a9a190cdcc06711d2f"
 		hash = "837d3b67d3e66ef1674c9f1a47046e1617ed13f73ee08441d95a6de3d73ee9f2"
 		logic_hash = "a2918e4ffce0affe25aa7b8793c19dfa61da8321b35cb91600d0a5552e14fef6"
@@ -220923,11 +221304,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ludashicom_Computerzsys_0368 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "eda7e3e6-6fbe-59cd-af4d-159113c685b1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6757-L6777"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6824-L6844"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "03680068ec41bbe725e1ed2042b63b82391f792e8e21e45dc114618641611d5d"
 		hash = "66f851b309bada6d3e4b211baa23b534165b29ba16b5cbf5e8f44eaeb3ca86ea"
 		logic_hash = "67626089334102cf852d0863b58a29562dda673b6601a90b13d97a2380a4295c"
@@ -220954,11 +221335,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvaudio.sys"
 		author = "Florian Roth"
 		id = "225ebe9f-c453-5d4b-89af-d6fcffa254cc"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6780-L6799"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6847-L6866"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "b0dcdbdc62949c981c4fc04ccea64be008676d23506fc05637d9686151a4b77f"
 		logic_hash = "13f4cfb57115eab4850771248b479f523f3c6d9a25a21b16ce224ab783dd4abc"
 		score = 40
@@ -220978,17 +221359,44 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 	condition:
 		uint16( 0 ) == 0x5a4d and filesize < 100KB and all of them
 }
+rule LOLDRIVERS_PUA_VULN_Driver_Lowleveldriver_16F8 : FILE
+{
+	meta:
+		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - throttlestop.sys"
+		author = "Florian Roth"
+		id = "c6401fbf-6b08-5b54-9160-794544adbfdb"
+		date = "2025-09-18"
+		modified = "2025-09-18"
+		reference = "https://github.com/magicsword-io/LOLDrivers"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6869-L6885"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
+		hash = "16f83f056177c4ec24c7e99d01ca9d9d6713bd0497eeedb777a3ffefa99c97f0"
+		logic_hash = "0f6958f2cddcf884415224a7d944fdd75b544b623f9722f2e17f8339e0e2b78d"
+		score = 40
+		quality = 80
+		tags = "FILE"
+
+	strings:
+		$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]004c006f0077002d004c006500760065006c0020004400720069007600650072 }
+		$ = { 00460069006c006500560065007200730069006f006e[1-8]0033002e0030002e0030002e0030 }
+		$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0033002e0030002e0030002e0030 }
+		$ = { 00500072006f0064007500630074004e0061006d0065[1-8]004c006f0077002d004c006500760065006c0020004400720069007600650072 }
+		$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]0043006f007000790072006900670068007400200032003000300034002d00320030003200300020002800630029002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064002e }
+
+	condition:
+		uint16( 0 ) == 0x5a4d and filesize < 100KB and all of them
+}
 rule LOLDRIVERS_PUA_VULN_Driver_Radiantsystemsinc_Radhwmgrsys_Radiantsystemsinchardwaremanagerdriver_7C79 : FILE
 {
 	meta:
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - RadHwMgr.sys"
 		author = "Florian Roth"
 		id = "6d37a9e4-e1b3-5e4a-bc33-1621c32b82dc"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6802-L6821"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6888-L6907"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7c79e5196c2f51d2ab16e40b9d5725a8bf6ae0aaa70b02377aedc0f4e93ca37f"
 		logic_hash = "1e60cfe82a13e311e8dc98cb4da82f0f1aecc606aaa5c57cda445228e78acd6b"
 		score = 40
@@ -221014,11 +221422,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Dtresearchinc_Iomemsys_Iomemsys_DD4A : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iomem64.sys"
 		author = "Florian Roth"
 		id = "65abda74-40d3-57c2-ade1-463b3e1ad1ef"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6824-L6843"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6910-L6929"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "dd4a1253d47de14ef83f1bc8b40816a86ccf90d1e624c5adf9203ae9d51d4097"
 		logic_hash = "f04d75e5ff735d30d5bb3959722a5162b1ab7ce4db8d05a2007f98fc901b2179"
 		score = 40
@@ -221044,11 +221452,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Pchuntersys_Pchunter_1B7F : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - PCHunter.sys"
 		author = "Florian Roth"
 		id = "229e07ae-2358-5b7e-843d-a0038c57dcd0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6846-L6865"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6932-L6951"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1b7fb154a7b7903a3c81f12f4b094f24a3c60a6a8cffca894c67c264ab7545fa"
 		logic_hash = "54232c91f0f6d119ece865269eec9d5ea885c8dd0119a0eecd889a405af828a0"
 		score = 40
@@ -221074,11 +221482,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_6500 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "87ed66d7-4903-5334-9bdb-90ba882c3e98"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6868-L6887"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6954-L6973"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "65008817eb97635826a8708a6411d7b50f762bab81304e457119d669382944c3"
 		logic_hash = "a3a2b21c9a58fee77857f3074fe6b69506eecb2627d93f1ea3a51c4cccdd2bab"
 		score = 40
@@ -221104,11 +221512,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_0FC3 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "df483112-63ae-51a2-9ebe-795c8ede056f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6890-L6910"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6976-L6996"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0fc3bc6e81b04dcaa349f59f04d6c85c55a2fea5db8fa0ba53d3096a040ce5a7"
 		hash = "40eef1f52c7b81750cee2b74b5d2f4155d4e58bdde5e18ea612ab09ed0864554"
 		logic_hash = "56d3b62717fae240ed7c6becfd6523962bb536fe4f7746e7c80f97851fe30501"
@@ -221135,11 +221543,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Netfiltersys_EDC6 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - netfilter2.sys"
 		author = "Florian Roth"
 		id = "382202e4-66c5-574b-a16f-1ce4f6e10f24"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6913-L6934"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L6999-L7020"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "edc6e32e3545f859e5b49ece1cabd13623122c1f03a2f7454a61034b3ff577ed"
 		hash = "79e7165e626c7bde546cd1bea4b9ec206de8bed7821479856bdb0a2adc3e3617"
 		hash = "18b923b169b2c3c7db5cbfda0db0999f04adb2cf6c917e5b1fb2ff04714ecac1"
@@ -221167,11 +221575,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_E428 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - zam64.sys, zamguard32.sys, zamguard64.sys"
 		author = "Florian Roth"
 		id = "3a87403b-9df1-566b-af2d-e22732584b63"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6937-L6953"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7023-L7039"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e428ddf9afc9b2d11e2271f0a67a2d6638b860c2c12d4b8cc63d33f3349ee93f"
 		logic_hash = "8bd47884d13cfc03ececb849688a1c843c4de684a6d32923493f9d0af3d33b7b"
 		score = 40
@@ -221194,11 +221602,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrserverddkprovider_Cpuzsys_Windowsrserver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - cpuz.sys"
 		author = "Florian Roth"
 		id = "5eede083-38a6-50f5-b31e-a4880d4b4304"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6956-L6975"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7042-L7061"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "be683cd38e64280567c59f7dc0a45570abcb8a75f1d894853bbbd25675b4adf7"
 		logic_hash = "6fc3676bace692d3c83f0ccebe39be7d9dec3965935a8cf8971594fd6c206b90"
 		score = 40
@@ -221224,11 +221632,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_0909 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "e1be6d99-bee6-5208-976b-04a2fde0602b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L6978-L6997"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7064-L7083"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0909005d625866ef8ccd8ae8af5745a469f4f70561b644d6e38b80bccb53eb06"
 		logic_hash = "f224ce42de29a91805c38c230c5b311878339c20d18bcd482b5738f246b12cbc"
 		score = 40
@@ -221254,11 +221662,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "0f9615f9-4cb9-5be7-bc88-4965e143da3e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7000-L7020"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7086-L7106"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3cb111fdedc32f2f253aacde4372b710035c8652eb3586553652477a521c9284"
 		hash = "9bfd24947052bfe9f2979113a7941e40bd7e3a82eaa081a32ad4064159f07c91"
 		logic_hash = "cb6f7a26f4564d7a60a8dee25f5018fd4f3b4decfef6dfdb0d0b2f1df982adf7"
@@ -221285,11 +221693,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Watchdogdevelopmentcomllc_Wsdkdsys_Wsdkd_6278 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - wsdkd.sys"
 		author = "Florian Roth"
 		id = "4beb5c5a-5bdf-513e-9d43-00c30289eddb"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7023-L7042"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7109-L7128"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6278bc785113831b2ec3368e2c9c9e89e8aca49085a59d8d38dac651471d6440"
 		logic_hash = "3df6c8424981c50e765d8730f702b2a541b4e7312eea2ae27518d0958531f3e0"
 		score = 40
@@ -221315,11 +221723,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Huawei_Hwosec_Huaweimatebook_B179 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HwOs2Ec7x64.sys"
 		author = "Florian Roth"
 		id = "7fdaa5bb-7874-51cc-90a0-d718b5ad7ac8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7045-L7065"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7131-L7151"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "b179e1ab6dc0b1aee783adbcad4ad6bb75a8a64cb798f30c0dd2ee8aaf43e6de"
 		hash = "bb1135b51acca8348d285dc5461d10e8f57260e7d0c8cc4a092734d53fc40cbc"
 		logic_hash = "6c35f9cdd6d48a5804a95bbfd15564e1b9d145b121a72df7fe345ede0c2eed26"
@@ -221346,11 +221754,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Hpinc_Hpportioxsys_Hpportio_A468 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HpPortIox64.sys"
 		author = "Florian Roth"
 		id = "ee20509d-fdf5-5c5a-8f49-5392c6f015ad"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7068-L7086"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7154-L7172"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a4680fabf606d6580893434e81c130ff7ec9467a15e6534692443465f264d3c9"
 		logic_hash = "a1e7828c2e39afe4279e6c9b5d34263478919336ed6b7d01bb45b1fdb2032878"
 		score = 40
@@ -221375,11 +221783,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_7661 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - zam64.sys, zamguard32.sys, zamguard64.sys"
 		author = "Florian Roth"
 		id = "cf60dd6e-f13e-5498-b3e1-b28c4b469f10"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7089-L7105"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7175-L7191"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "76614f2e372f33100a8d92bf372cdbc1e183930ca747eed0b0cf2501293b990a"
 		logic_hash = "8428303996166eb968534f192a1e15cc374ed412b8915b41a323fcf6d8bd238c"
 		score = 40
@@ -221402,11 +221810,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Gigabytetechnologycoltd_Gdrvsys_Gigabytesoftware
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - gdrv.sys"
 		author = "Florian Roth"
 		id = "158dd78f-3665-59d6-8528-f4489791d55e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7108-L7127"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7194-L7213"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "8b92cdb91a2e2fab3881d54f5862e723826b759749f837a11c9e9d85d52095a2"
 		logic_hash = "565bd93231c1cffbb52efc9fedae7c41593ba93a2540dadf199806793359f67d"
 		score = 40
@@ -221432,11 +221840,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_881B : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - SANDRA.sys"
 		author = "Florian Roth"
 		id = "926f0aef-ede3-554e-874d-7b617efbf2bd"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7130-L7149"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7216-L7235"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "881bca6dc2dafe1ae18aeb59216af939a3ac37248c13ed42ad0e1048a3855461"
 		logic_hash = "0d1427a94c21e7055a8d3d1e23e0ee3c513030530c15778eed40283979dba6f9"
 		score = 40
@@ -221462,11 +221870,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_5192 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "63cc2959-9cfa-575d-894f-fbb63349a4e7"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7152-L7171"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7238-L7257"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "5192ec4501d0fe0b1c8f7bf9b778f7524a7a70a26bbbb66e5dab8480f6fdbb8b"
 		logic_hash = "39194a4e7085e17fef079075949360155d6ce279e3bc1a92f1b3a12b70e7f15c"
 		score = 40
@@ -221492,11 +221900,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Terabyteinc_Tboflhelper_AA20 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - tboflhelper.sys"
 		author = "Florian Roth"
 		id = "2c2707de-4fd3-5f25-8c83-8e64ed799840"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7174-L7191"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7260-L7277"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "aa20aa2316cd6d203146bd2bc5b7466ba7b83a8500654a688172bcafa82ab168"
 		logic_hash = "0d5e105cc22ef07fb2ab2a7ee7d3f24cc7cb45595ab20929b23c1f25d61d0f6f"
 		score = 40
@@ -221520,11 +221928,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Radiantsystemsinc_Radhwmgrsys_Radiantsystemsinch
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - RadHwMgr.sys"
 		author = "Florian Roth"
 		id = "17bc5473-e539-503d-8805-957c4384a0d7"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7194-L7214"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7280-L7300"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0f30ecd4faec147a2335a4fc031c8a1ac9310c35339ebeb651eb1429421951a0"
 		hash = "903d6d71da64566b1d9c32d4fb1a1491e9f91006ad2281bb91d4f1ee9567ef7b"
 		logic_hash = "09782a4b713c385896e9793c7fe4771ad00b8736e44c2639f94239751cf17222"
@@ -221551,11 +221959,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Insydesoftware_Insydeflash_Insydeflashutilitybit
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iscflashx64.sys"
 		author = "Florian Roth"
 		id = "76578c75-a19c-54b1-b956-c26b8fe6e4ad"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7217-L7236"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7303-L7322"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ce0a4430d090ba2f1b46abeaae0cb5fd176ac39a236888fa363bf6f9fd6036d9"
 		logic_hash = "ba20c0a151a7e6ef4c2e70426cf4132d9c30f40b6a91e4402e20d15201b6c56e"
 		score = 40
@@ -221581,11 +221989,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_80A5 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "80e3827b-44e7-5b59-a7db-c7daf0e38664"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7239-L7258"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7325-L7344"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "80a59ca71fc20961ccafc0686051e86ae4afbbd4578cb26ad4570b9207651085"
 		logic_hash = "f736ac96f1efde446400aaa49fba7cc84a0a10b3425561f67811da86dbee14a8"
 		score = 40
@@ -221611,11 +222019,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Microfocus_Microfocusxtier_5351 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nscm.sys"
 		author = "Florian Roth"
 		id = "e2d580c9-79e6-53f1-ab4a-77e2715b6f91"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7261-L7279"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7347-L7365"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "5351c81b4ec5a0d79c39d24bac7600d10eac30c13546fde43d23636b3f421e7c"
 		logic_hash = "efbf3fd36c3ca5c2b95796cdaefb175ad1957866649e73366a1d6810cbcb5e81"
 		score = 40
@@ -221640,11 +222048,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sunmicrosystemsinc_Vboxdrvsys_Sunvirtualbox_R_78
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - vboxdrv.sys"
 		author = "Florian Roth"
 		id = "c367a41e-58e4-59cd-a3f4-dfcd001e7040"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7282-L7302"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7368-L7388"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "78827fa00ea48d96ac9af8d1c1e317d02ce11793e7f7f6e4c7aac7b5d7dd490f"
 		hash = "c26b51b4c37330800cff8519252e110116c3aaade94ceb9894ec5bfb1b8f9924"
 		logic_hash = "5e95853e7a2013132a6565b5908475e6369a56ff6c58f0e10c875b72b15b2523"
@@ -221671,11 +222079,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Corsairmemoryinc_Corsairllaccess_Corsairllaccess
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - CorsairLLAccess64.sys"
 		author = "Florian Roth"
 		id = "95bb049c-cef2-5235-8e3d-ebe9591b7e27"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7305-L7325"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7391-L7411"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "5fad3775feb8b6f6dcbd1642ae6b6a565ff7b64eadfc9bf9777918b51696ab36"
 		hash = "29a90ae1dcee66335ece4287a06482716530509912be863c85a2a03a6450a5b6"
 		logic_hash = "5dc9ec007f318b16034b43248be9807c024780aa58eb714982130656e7f2b6a6"
@@ -221702,11 +222110,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Razerinc_Rzpnk_Rzpnk_16E2 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rzpnk.sys"
 		author = "Florian Roth"
 		id = "8c1ee58c-e03e-55dd-a1ff-bc03594778ae"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7328-L7348"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7414-L7434"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "16e2b071991b470a76dff4b6312d3c7e2133ad9ac4b6a62dda4e32281952fb23"
 		hash = "0c925468c3376458d0e1ec65e097bd1a81a03901035c0195e8f6ef904ef3f901"
 		logic_hash = "162cf712c505520635388ec61c69165a2fff8704c7edef58c63cc8cbcc624e0d"
@@ -221733,11 +222141,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "3efdeeef-8fe7-57a7-9424-505b46fb75e4"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7351-L7371"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7437-L7457"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "060d25126e45309414b380ee29f900840b689eae4217a8e621563f130c1d457f"
 		hash = "b8321471be85dc8a67ac18a2460cab50e7c41cb47252f9a7278b1e69d6970f25"
 		logic_hash = "f7a87edc0403a7b8273256805bb8c7aadadde8143db84be9b3968ef67cf3c1c4"
@@ -221764,11 +222172,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ludashicom_Computerzsys_7553 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "9880d118-943b-5532-8e6a-22f0a9d9b255"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7374-L7394"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7460-L7480"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7553c76b006bd2c75af4e4ee00a02279d3f1f5d691e7dbdc955eac46fd3614c3"
 		hash = "64dddd5ac53fe2c9de2b317c09034d1bccaf21d6c03ccfde3518e5aa3623dd66"
 		logic_hash = "e60b387fe83bffdd1411f3b8fb491f0b60ff0de3eac87c9c5ee8c55ca6c48afc"
@@ -221795,11 +222203,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Overclockingtool_Atillksys_Overclockingtool_11A9
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - atillk64.sys"
 		author = "Florian Roth"
 		id = "9b7e6787-abbf-5bfb-a833-a0b078566ed7"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7397-L7417"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7483-L7503"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "11a9787831ac4f0657aeb5e7019c23acc39d8833faf28f85bd10d7590ea4cc5f"
 		hash = "d2182b6ef3255c7c1a69223cd3c2d68eb8ba3112ce433cd49cd803dc76412d4b"
 		logic_hash = "07b8fb1b1b86b58a6fb7f18f3b1b70eee5826fa5c629a8cef1b97afbae7ea7c3"
@@ -221826,11 +222234,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_2A62 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt64.sys"
 		author = "Florian Roth"
 		id = "7c67b2a6-a2da-56ce-8ed4-017838ea7673"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7420-L7439"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7506-L7525"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2a6212f3b68a6f263e96420b3607b31cfdfe51afff516f3c87d27bf8a89721e8"
 		logic_hash = "5fae0a4ba7d11e3714baab3417a1bdd9fff6275fa9347c0389d8627374533bbf"
 		score = 40
@@ -221856,11 +222264,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_AAA3 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "9b0770d3-d004-552f-be65-6dcc14f06cc7"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7442-L7461"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7528-L7547"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "aaa3459bcac25423f78ed72dbae4d7ef19e7c5c65770cbe5210b14e33cd1816c"
 		logic_hash = "bb87661658fa874985bbe1050c19eb8ea9136ec62c224d53cd4920866e6a6b1f"
 		score = 40
@@ -221886,11 +222294,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswvmmsys_Avastantivirus_3650 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswVmm.sys"
 		author = "Florian Roth"
 		id = "1b3abcb0-5317-58f0-bb7a-6bc1996483fa"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7464-L7483"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7550-L7569"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "36505921af5a09175395ebaea29c72b2a69a3a9204384a767a5be8a721f31b10"
 		logic_hash = "afe8e12664ee9061c2b2ecdcaaef0c38ece604d050e31b46208f9a22545042ca"
 		score = 40
@@ -221916,11 +222324,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Gigabytetechnologycoltd_Gdrvsys_Gdrv_FF67 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - gdrv.sys"
 		author = "Florian Roth"
 		id = "b5062d65-a4bc-5d0e-9883-7c1fa54138e8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7486-L7505"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7572-L7591"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ff6729518a380bf57f1bc6f1ec0aa7f3012e1618b8d9b0f31a61d299ee2b4339"
 		logic_hash = "18c40b7312d0b65d83287e452e8b9429eaed36245d17ef1b82ec04a968303a39"
 		score = 40
@@ -221946,11 +222354,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - procexp.Sys"
 		author = "Florian Roth"
 		id = "d5bbf94d-394a-599e-93f3-6f9d79cca02f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7508-L7527"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7594-L7613"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "440883cd9d6a76db5e53517d0ec7fe13d5a50d2f6a7f91ecfc863bc3490e4f5c"
 		logic_hash = "b038dcb0a536e16d71035d11537757f529589a435616abacd94aadd5663c2a17"
 		score = 40
@@ -221976,11 +222384,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Rivetnetworksllc_Kfecodrvsys_Killertrafficcontro
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - KfeCo10X64.sys"
 		author = "Florian Roth"
 		id = "eff26fc8-a458-5c15-8a0b-86773f8f6289"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7530-L7549"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7616-L7635"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "b583414fcee280128788f7b39451c511376fe821f455d4f3702795e96d560704"
 		logic_hash = "d4f37a4c7014694cfcf57c11ee9d41edec1b6fa77a564341663c3411764dbcda"
 		score = 40
@@ -222006,11 +222414,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "1ffe9a5e-5cdc-5db4-8247-e9726ee15428"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7552-L7571"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7638-L7657"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3d008e636e74c846fe7c00f90089ff725561cb3d49ce3253f2bbfbc939bbfcb2"
 		logic_hash = "d52c104de520b575b404d320a8ec762a146da8cc0567b5f30dc8594b7a1742ef"
 		score = 40
@@ -222036,11 +222444,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroaegis_ED2F : F
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "288ce092-a3f2-57d0-9d28-a0c4b6faa52f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7574-L7593"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7660-L7679"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ed2f33452ec32830ffef2d5dc832985db9600c306ed890c47f3f33ccbb335c39"
 		logic_hash = "1da8ef4d1877ba9d2c31d994735f6395367de990be6c875c0cba37654ee39ad3"
 		score = 40
@@ -222066,11 +222474,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibxsys_Ntiolib_09BE : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NTIOLib.sys"
 		author = "Florian Roth"
 		id = "30b7487c-d5b7-52b1-a209-f6eb01f0f406"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7596-L7615"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7682-L7701"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "09bedbf7a41e0f8dabe4f41d331db58373ce15b2e9204540873a1884f38bdde1"
 		logic_hash = "23f5a77bae75d686a980e65dd6efe4ad216a60d75631fed169a83cc88d64675e"
 		score = 40
@@ -222096,11 +222504,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_A802 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "9cb0be23-e1d9-5698-bde2-81a870f81f83"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7618-L7637"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7704-L7723"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a8027daa6facf1ff81405daf6763249e9acf232a1a191b6bf106711630e6188e"
 		logic_hash = "8ef06932883bbd5ad62bd5d975fb341277a83271f7a21fc77cdebc6b9f4a05a6"
 		score = 40
@@ -222126,11 +222534,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "0328757c-e561-567c-b7ad-7e6bcba19bb5"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7640-L7659"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7726-L7745"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0f016c80c4938fbcd47a47409969b3925f54292eba2ce01a8e45222ce8615eb8"
 		logic_hash = "014039b9b1b4ea903b4c014ca3d3ff946b1b0f4759d8d78c1fcf825d11318e42"
 		score = 40
@@ -222156,11 +222564,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sunmicrosystemsinc_Vboxdrvsys_Sunvirtualbox_R_75
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxDrv.sys"
 		author = "Florian Roth"
 		id = "5ccaf486-04c4-5066-b307-e76b6e484d01"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7662-L7681"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7748-L7767"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7539157df91923d4575f7f57c8eb8b0fd87f064c919c1db85e73eebb2910b60c"
 		logic_hash = "dd40b144e403136b4359106d2efeb24335b83ffc13a62fdce7c9bd602dc45506"
 		score = 40
@@ -222186,11 +222594,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Interfacecorporation_Cpxcsys_Gpcxc_1183 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - CP2X72C.SYS"
 		author = "Florian Roth"
 		id = "cd8eccb8-d106-514c-8b92-7d5016d9a182"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7684-L7703"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7770-L7789"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "11832c345e9898c4f74d3bf8f126cf84b4b1a66ad36135e15d103dbf2ac17359"
 		logic_hash = "5842fcb278bb2b659760677fea80cbb110347e495e9f1a39fc901f0927753b88"
 		score = 40
@@ -222216,11 +222624,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_478D : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "13ee4d76-b778-593e-85e6-8402d01352e8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7706-L7725"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7792-L7811"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "478d855b648ef4501d3b08b3b10e94076ac67546b0ce86b454324f1bf9a78aa0"
 		logic_hash = "29a09ee10d391b3183052255622f7b96a0e2bf649acc30e10d57e1cb3b17b84f"
 		score = 40
@@ -222246,11 +222654,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Activeclean_A903 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "3142d323-869f-5e25-b860-da2c34f659ce"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7728-L7747"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7814-L7833"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a903f329b70f0078197cb7683aae1bb432eaf58572fe572f7cb4bc2080042d7e"
 		logic_hash = "b79d850df65fa7a96642e4a1da2240e001c87d44d64c621c756face489c0eb6b"
 		score = 40
@@ -222276,11 +222684,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - procexp.Sys"
 		author = "Florian Roth"
 		id = "ce58b5cb-437a-56b2-8ccb-9399ce2ef6c3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7750-L7770"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7836-L7856"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3ff39728f1c11d1108f65ec5eb3d722fd1a1279c530d79712e0d32b34880baaa"
 		hash = "86721ee8161096348ed3dbe1ccbf933ae004c315b1691745a8af4a0df9fed675"
 		logic_hash = "3035342ffaf651efc8de23d2da68540ee7d89b2bf2b5c2925094e7fe2a3f7c28"
@@ -222307,11 +222715,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_1B17 : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HWiNFO32.SYS"
 		author = "Florian Roth"
 		id = "f9c35fdf-7048-53b3-bff2-b30f283eadc6"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7773-L7792"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7859-L7878"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1b17d12076d047e74d15e6e51e10497ad49419bec7fbe93386c57d3efbaadc0b"
 		logic_hash = "cd8e28cc91da2da748b449b175c24f7271019fa6e9b475b8689183eb1866c59a"
 		score = 40
@@ -222337,11 +222745,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_6CF1 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - libnicm.sys"
 		author = "Florian Roth"
 		id = "4226b41f-4828-558b-b990-fd63dbc5b2e3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7795-L7813"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7881-L7899"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6cf1cac0e97d30bb445b710fd8513879678a8b07be95d309cbf29e9b328ff259"
 		logic_hash = "60fcd09b5ad2beef9a28c78590e6a935b5a2818db45175960527285a4a765ea5"
 		score = 40
@@ -222360,17 +222768,48 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_6CF1 : FILE
 	condition:
 		uint16( 0 ) == 0x5a4d and filesize < 100KB and all of them
 }
+rule LOLDRIVERS_PUA_VULN_Driver_Paloaltonetworksinc_Cyvrlpcsys_Cortexxdradvancedendpointprotection_05F8 : FILE
+{
+	meta:
+		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - cyvrlpc.sys"
+		author = "Florian Roth"
+		id = "8fbbf1cf-1b23-55f6-b8fd-8708dbcce9c3"
+		date = "2025-09-18"
+		modified = "2025-09-18"
+		reference = "https://github.com/magicsword-io/LOLDrivers"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7902-L7922"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
+		hash = "05f8f514d1367aca856564af5443a75f47d22a30ce63f0b024a41e6b9553a527"
+		hash = "2cd7a0c4e8d24404c92e4ed8539b2136028a8ca663f3432e417b00665493e13f"
+		logic_hash = "872be697fe5418805ab41d0c6cf63835bd082affeb0b8e4676aa0567c97e60a6"
+		score = 40
+		quality = 80
+		tags = "FILE"
+
+	strings:
+		$ = { 00460069006c0065004400650073006300720069007000740069006f006e[1-8]0043006f007200740065007800200058004400520020004c005000430020004400720069007600650072 }
+		$ = { 0043006f006d00700061006e0079004e0061006d0065[1-8]00500061006c006f00200041006c0074006f0020004e006500740077006f0072006b0073002c00200049006e0063002e }
+		$ = { 00460069006c006500560065007200730069006f006e[1-8]0038002e0032002e0032002e00340039003700300038 }
+		$ = { 00500072006f006400750063007400560065007200730069006f006e[1-8]0038002e0032002e0032002e00340039003700300038 }
+		$ = { 0049006e007400650072006e0061006c004e0061006d0065[1-8]0063007900760072006c00700063002e007300790073 }
+		$ = { 00500072006f0064007500630074004e0061006d0065[1-8]0043006f00720074006500780020005800440052212200200041006400760061006e00630065006400200045006e00640070006f0069006e0074002000500072006f00740065006300740069006f006e }
+		$ = { 004f0072006900670069006e0061006c00460069006c0065006e0061006d0065[1-8]0063007900760072006c00700063002e007300790073 }
+		$ = { 004c006500670061006c0043006f0070007900720069006700680074[1-8]00a9002000500061006c006f00200041006c0074006f0020004e006500740077006f0072006b0073002c00200049006e0063002e00200041006c006c0020007200690067006800740073002000720065007300650072007600650064 }
+
+	condition:
+		uint16( 0 ) == 0x5a4d and filesize < 2200KB and all of them
+}
 rule LOLDRIVERS_PUA_VULN_Driver_Tenasyscorporation_Rtifsys_Intime_EAE5 : FILE
 {
 	meta:
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtif.sys"
 		author = "Florian Roth"
 		id = "bd54bf19-8af7-5afb-b861-e1ecb145ca1a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7816-L7835"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7925-L7944"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "eae5c993b250dcc5fee01deeb30045b0e5ee7cf9306ef6edd8c58e4dc743a8ed"
 		logic_hash = "ea0bb86a2cc5f3349678d9a698e14301207ba1bf6c19f9caf91abd72e7794a8c"
 		score = 40
@@ -222396,11 +222835,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - procexp.Sys"
 		author = "Florian Roth"
 		id = "a101f69b-ca19-5aeb-a168-1a10dbd6ec12"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7838-L7857"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7947-L7966"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "bdbceca41e576841cad2f2b38ee6dbf92fd77fbbfdfe6ecf99f0623d44ef182c"
 		logic_hash = "c4310d622e5861f4c63d9e9c39ee94acbfb35d24a91f50158f1d695d1f0cf254"
 		score = 40
@@ -222426,11 +222865,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Databaseharborsoftware_Sysinfodetectorxsys_Sysin
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - SysInfoDetectorX64.sys"
 		author = "Florian Roth"
 		id = "5d65c0b6-176b-5c11-996d-2caae24c95af"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7860-L7879"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7969-L7988"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "45e5977b8d5baec776eb2e62a84981a8e46f6ce17947c9a76fa1f955dc547271"
 		logic_hash = "3c67bbee00427b7f8ed689a5ff83641bad2b62dc685b5155ea81f6dbba4377b0"
 		score = 40
@@ -222456,11 +222895,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_7048 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "adc55873-9711-5304-97d4-037174c036ff"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7882-L7903"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L7991-L8012"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7048d90ed4c83ad52eb9c677f615627b32815066e34230c3b407ebb01279bae6"
 		hash = "d80714d87529bb0bc7abcc12d768c43a697fbca59741c38fa0b46900da4db30e"
 		hash = "fed0fe2489ae807913be33827b3b11359652a127e33b64464cc570c05abd0d17"
@@ -222488,11 +222927,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Arthurliberman_Alsysiosys_Alsysio_7A20 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ALSysIO64.sys"
 		author = "Florian Roth"
 		id = "8f0aeecd-13dd-5e6a-a248-a2eb6a565062"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7906-L7925"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8015-L8034"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7a20ca8f9361eb892257b3693095ffeee61457dc4e22d9b119e3a9f3a1507069"
 		logic_hash = "72cf62e8ae925e57d52527b4be380d317ee49b5bb3b1629d00182da9a2b4c5cb"
 		score = 40
@@ -222518,11 +222957,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_7837 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "47963173-d9a8-5a16-9959-d99e6e8920f3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7928-L7947"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8037-L8056"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7837cb350338c4958968d06b105466da6518f5bb522a6e70e87c0cad85128408"
 		logic_hash = "0d0e3e2675e5d6b11369a388a6e7a947e603db2562aefb802c977728419bb667"
 		score = 40
@@ -222548,11 +222987,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmelsys_Trendmicroearlylaunchantim
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Tmel.sys"
 		author = "Florian Roth"
 		id = "03f8b653-0ecc-5161-935e-5f670fd54bb1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7950-L7969"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8059-L8078"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e505569892551b2ba79d8792badff0a41faea033e8d8f85c3afea33463c70bd9"
 		logic_hash = "7645c180f10ba31e259cdfa4904c16941ce777412416527c95fa9592ed76da8c"
 		score = 40
@@ -222578,11 +223017,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ncrcorporation_Radhwmgrsys_Ncrcorporationhardwar
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - RadHwMgr.sys"
 		author = "Florian Roth"
 		id = "e5a0a70b-13ea-584f-a7f8-387ca23b9ecd"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7972-L7991"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8081-L8100"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "df96d844b967d404e58a12fc57487abc24cd3bd1f8417acfe1ce1ee4a0b0b858"
 		logic_hash = "2194da0b4589893a0884b9a8c0ed5a556b008152b9c03613074892001406fc21"
 		score = 40
@@ -222608,11 +223047,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "9e448b85-4455-5a80-9147-e6c83b1427aa"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L7994-L8013"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8103-L8122"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0b2ad05939b0aabbdc011082fad7960baa0c459ec16a2b29f37c1fa31795a46d"
 		logic_hash = "e4e6178a894262ed52bd5ee6e0879f54d4cb81ec467f065f0b00d34ac55064b0"
 		score = 40
@@ -222638,11 +223077,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tenasyscorporation_Rtifsys_Intime_BA40 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtif.sys"
 		author = "Florian Roth"
 		id = "a932bccb-6c13-5d78-afab-ecca0d072815"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8016-L8035"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8125-L8144"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ba40b1fc798c2f78165e78997b4baf3d99858ee39a372ca6fbc303057793e50d"
 		logic_hash = "ea4d6b524d8e4229b090890145a02617482c38ae077d5fd9a7fd46fa6e917b1a"
 		score = 40
@@ -222668,11 +223107,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_828A : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "0ff55ef5-4de8-53e9-b10e-2c3eda501fa7"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8038-L8057"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8147-L8166"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "828a18b16418c021b6c4aa8c6d54cef4e815efca0d48b9ff14822f9ccb69dff2"
 		logic_hash = "e5eb524d77c082acac68ea7b24bf10e445dd1afc9be97333980d8a8d580a6e98"
 		score = 40
@@ -222698,11 +223137,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sunmicrosystemsinc_Vboxusbmonsys_Virtualboxusbmo
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxUSBMon.sys"
 		author = "Florian Roth"
 		id = "f1c042e9-1bbe-5a21-9a46-519c93cb7b2c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8060-L8079"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8169-L8188"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "8a2482e19040d591c7cec5dfc35865596ce0154350b5c4e1c9eecc86e7752145"
 		logic_hash = "bf3569ba1652fc95c0752a4bf58586ecbe41db63d58ff6326cbd7ef6c2d5b65f"
 		score = 40
@@ -222728,11 +223167,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Copyright_Advancedmalwareprotection_6F55 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - amsdk.sys"
 		author = "Florian Roth"
 		id = "6eb82ac7-9544-5554-b7af-557dd843d29d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8082-L8100"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8191-L8209"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6f55c148bb27c14408cf0f16f344abcd63539174ac855e510a42d78cfaec451c"
 		logic_hash = "4b5b303a3311ec88e1ebad890eb08fe3af13b3c6fdd7cf88421a9f7590661832"
 		score = 40
@@ -222757,11 +223196,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_0DC4 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "80f3a10e-1943-522d-a881-4e67bc908de3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8103-L8122"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8212-L8231"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0dc4ff96d7e7db696e0391c5a1dda92a0b0aedbf1b0535bf5d62ebeec5b2311c"
 		logic_hash = "291aa7d4bd435f112fb6678d8b495d38df94b7a6256d71ac39dd055ab3c94719"
 		score = 40
@@ -222787,11 +223226,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tenasyscorporation_Rtifsys_Intime_3670 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtif.sys"
 		author = "Florian Roth"
 		id = "0756f1e4-4cc4-5161-8792-c8b7cfe11965"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8125-L8145"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8234-L8254"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3670ccd9515d529bb31751fcd613066348057741adeaf0bffd1b9a54eb8baa76"
 		hash = "0d133ced666c798ea63b6d8026ec507d429e834daa7c74e4e091e462e5815180"
 		logic_hash = "3ca3c8fe11a696ad5eaf4b806c277a903a665b3c16a5c8a86dbf8468a71ad9ee"
@@ -222818,11 +223257,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_EEA5 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "2942b5b0-7270-5b7a-98f7-beee11e7aa57"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8148-L8167"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8257-L8276"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "eea53103e7a5a55dc1df79797395a2a3e96123ebd71cdd2db4b1be80e7b3f02b"
 		logic_hash = "47bcbc01fc9d12d72613093da34efd44b9d45af700a83450e36aed9fa972ae9b"
 		score = 40
@@ -222848,11 +223287,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_9CA5 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "41660c6a-2c4c-5362-94cc-f701eb939870"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8170-L8189"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8279-L8298"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9ca586b49135166eea00c6f83329a2d134152e0e9423822a51c13394265b6340"
 		logic_hash = "a666e2b5c53129dc1f82a945d828bb84fc31e54c1c69cc6666222e4b9a45ea39"
 		score = 40
@@ -222878,11 +223317,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_4E54 : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HWiNFO32.SYS"
 		author = "Florian Roth"
 		id = "d6f57b92-e6fe-5723-9fbf-ee7ccc3aa5a2"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8192-L8211"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8301-L8320"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4e54e98df13110aac41f3207e400cce2a00df29ce18c32186e536c1de25a75ce"
 		logic_hash = "81a80cb4cdeb79ba7b32cb981c4f6d986fc465a78566aded7d7bf3f06e3e027f"
 		score = 40
@@ -222908,11 +223347,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_2D2C : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iQVW64.SYS"
 		author = "Florian Roth"
 		id = "f2aefc0c-b851-5341-acee-20d02c838548"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8214-L8233"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8323-L8342"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2d2c7ee9547738a8a676ab785c151e8b48ed40fe7cf6174650814c7f5f58513b"
 		logic_hash = "991c554b098cc048d925ab989b0ca3950b07fd13e75ddcc0e8d8f4e24f6e58a6"
 		score = 40
@@ -222938,11 +223377,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Almicosoftware_Sfdrvxsys_Speedfan_X_F4EE : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - sfdrvx64.sys"
 		author = "Florian Roth"
 		id = "efacff94-b2cd-55b8-94ef-076b29aba00d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8236-L8255"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8345-L8364"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f4ee803eefdb4eaeedb3024c3516f1f9a202c77f4870d6b74356bbde32b3b560"
 		logic_hash = "7ad25b1c03c5f7aff57f6ae40fae6232a0649d643a4ccd6ed1eee886bfad7f68"
 		score = 40
@@ -222968,11 +223407,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_5CFA : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "a563b3de-1a05-55bf-ae93-03e84ef1cb26"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8258-L8277"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8367-L8386"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "5cfad3d473961763306d72c12bd5ae14183a1a5778325c9acacca764b79ca185"
 		logic_hash = "772f33e1190458ffbe4f6636fc775fea47d4ab242cecc5a77d00ee34de4ecf86"
 		score = 40
@@ -222998,11 +223437,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Computerzsys_Ludashisystemdriver_898E : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "fc239233-68cc-5e0c-94b3-fa78f95998b1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8280-L8300"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8389-L8409"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "898e07cf276ec2090b3e7ca7c192cc0fa10d6f13d989ef1cb5826ca9ce25b289"
 		hash = "07d0090c76155318e78a676e2f8af1500c20aaa1e84f047c674d5f990f5a09c8"
 		logic_hash = "8895375f8ce3efa2fec38f6b42d4401b64d5dbde4c1bd9eead31ecb442f72588"
@@ -223029,11 +223468,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "9a6e76da-aff1-5944-a5ce-a056f3f013c4"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8303-L8323"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8412-L8432"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "afda5af5f210336061bff0fab0ed93ee495312bed639ec5db56fbac0ea8247d3"
 		hash = "b2364c3cf230648dad30952701aef90acfc9891541c7e154e30c9750da213ed1"
 		logic_hash = "c969121df4f2e873fbff32b00484550a8a80e4fcc0cd093a2c93c566c249977a"
@@ -223060,11 +223499,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Interfacecorporation_Cpxcsys_Gpcxcdiobmpcicpci_6
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - CP2X72C.SYS"
 		author = "Florian Roth"
 		id = "b6d09923-9ea3-56a0-9692-ee2cf00545e7"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8326-L8346"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8435-L8455"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "63865f04c1150655817ed4c9f56ad9f637d41ebd2965b6127fc7c02757a7800e"
 		hash = "9c8ed1506b3e35f5eea6ac539e286d46ef76ddbfdfc5406390fd2157c762ce91"
 		logic_hash = "ceae34b4cd1698fc1d779b5860437b1017401c8f954d74804fcdbb13a5603186"
@@ -223091,11 +223530,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrddkprovider_Rtportsys_Windowsrddkdriver_
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtport.sys"
 		author = "Florian Roth"
 		id = "054d4045-5d8d-5bd9-aaba-3a0cbef517af"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8349-L8370"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8458-L8479"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c490d6c0844f59fdb4aa850a06e283fbf5e5b6ac20ff42ead03d549d8ae1c01b"
 		hash = "a29093d4d708185ba8be35709113fb42e402bbfbf2960d3e00fd7c759ef0b94e"
 		hash = "e3dbafce5ad2bf17446d0f853aeedf58cc25aa1080ab97e22375a1022d6acb16"
@@ -223123,11 +223562,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Arthurliberman_Alsysiosys_Alsysio_119C : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ALSysIO64.sys"
 		author = "Florian Roth"
 		id = "abb75d3f-eeb2-5ae7-976a-3f9e8627d6ca"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8373-L8392"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8482-L8501"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "119c48b79735fda0ecd973d77d9bdc6b329960caed09b38ab454236ca039d280"
 		logic_hash = "1ff636a8954a5f049c582d8436111ffe5a4e89e3f38870c9c8ac9706f0b1acd2"
 		score = 40
@@ -223153,11 +223592,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_263E : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt64.sys"
 		author = "Florian Roth"
 		id = "2ff1ee8e-cd67-58e7-b301-e1f7712b6031"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8395-L8414"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8504-L8523"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "263e8f1e20612849aea95272da85773f577fd962a7a6d525b53f43407aa7ad24"
 		logic_hash = "c4a5f4e6908dcf3280adcebb9d8c58fb58be06267b524cb37f15d99091eb4a98"
 		score = 40
@@ -223183,11 +223622,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Almicosoftware_Sfdrvxsys_Speedfan_X_88FB : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - sfdrvx64.sys"
 		author = "Florian Roth"
 		id = "b97c6cc0-76f2-56a2-9725-672ac9f6aa9b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8417-L8436"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8526-L8545"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "88fb0a846f52c3b680c695cd349bf56151a53a75a07b8b0b4fe026ab8aa0a9af"
 		logic_hash = "9c38d3552116177e73a66e56d3f53f8f50ed698a8747cbc59ccbee3cfec0db0d"
 		score = 40
@@ -223213,11 +223652,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_E839 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NTIOLib.sys"
 		author = "Florian Roth"
 		id = "8a7a82a3-f24e-5887-9d95-a997179616d9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8439-L8458"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8548-L8567"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e83908eba2501a00ef9e74e7d1c8b4ff1279f1cd6051707fd51824f87e4378fa"
 		logic_hash = "452a3eeb969ca2a3145b1f525401490911aeec23b29e88395f33dddb693417d0"
 		score = 40
@@ -223243,11 +223682,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Hilschergesellschaftfrsystemaoutomationmbh_Physm
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - physmem.sys"
 		author = "Florian Roth"
 		id = "1759efbf-dabf-5790-a624-9e344884f98c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8461-L8480"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8570-L8589"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c299063e3eae8ddc15839767e83b9808fd43418dc5a1af7e4f44b97ba53fbd3d"
 		logic_hash = "64d1a7c9772d6a627bd2cec5c466a2627fa28d4a640ebe7fac5b948a02f1ff2a"
 		score = 40
@@ -223273,11 +223712,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tenasyscorporation_Rtifsys_Intime_4CE8 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtif.sys"
 		author = "Florian Roth"
 		id = "b9e35ec1-d960-5b7a-9461-93b206ded648"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8483-L8502"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8592-L8611"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4ce8583768720be90fae66eed3b6b4a8c7c64e033be53d4cd98246d6e06086d0"
 		logic_hash = "65d2d5a1727f55c5a09c2dac5472095b92316eaaabf6356224b175ffe6b7c5a3"
 		score = 40
@@ -223303,11 +223742,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Amdryzenmasterdriversys_Amd
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AMDRyzenMasterDriver.sys"
 		author = "Florian Roth"
 		id = "f80640c2-ec8d-5350-ba26-4dc6974816f2"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8505-L8524"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8614-L8633"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "af1011c76a22af7be97a0b3e0ce11aca0509820c59fa7c8eeaaa1b2c0225f75a"
 		logic_hash = "9fc3405f0415b37f348f5a7ea83344a60a9a987acfa844663811e834927f234a"
 		score = 40
@@ -223333,11 +223772,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_ADA4 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "55ef1733-e9e8-5c60-8461-233e4fa4f0ae"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8527-L8546"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8636-L8655"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ada4e42bf5ef58ef1aad94435441003b1cc1fcaa5d38bfdbe1a3d736dc451d47"
 		logic_hash = "d102d9add684a93cec7f05196b3e3ca39ff470df7df1b5fd58001b460c0a2dfc"
 		score = 40
@@ -223363,11 +223802,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_9B2F : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt64.sys"
 		author = "Florian Roth"
 		id = "d2e1c8d4-b8a7-5a0d-817a-f68ddda1c652"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8549-L8568"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8658-L8677"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9b2f051ac901ab47d0012a1002cb8b2db28c14e9480c0dd55e1ac11c81ba9285"
 		logic_hash = "156c30e23f3a22442c635c449290dfcfc5f02fb3b3a0a65f0966306bd1d71f7c"
 		score = 40
@@ -223393,11 +223832,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Dell_Dellinstrumentation_BC26 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - dellinstrumentation.sys"
 		author = "Florian Roth"
 		id = "1b840e79-f68c-5074-872e-5825e05abf32"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8571-L8587"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8680-L8696"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "bc2606740e4648c3732541db929f2e02ea8567520d35de57c671e93c71e632f3"
 		logic_hash = "2df5d5a8beb0b7b8fa6f65a8ac37a8d564aad1085ffb83386e2ae570049afda6"
 		score = 40
@@ -223420,11 +223859,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_F629 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nscm.sys"
 		author = "Florian Roth"
 		id = "05b5dc1a-9507-512f-9f1c-42cd36a2666f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8590-L8609"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8699-L8718"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f62911334068c9edd44b9c3e8dee8155a0097aa331dd4566a61afa3549f35f65"
 		hash = "0cf91e8f64a7c98dbeab21597bd76723aee892ed8fa4ee44b09f9e75089308e2"
 		logic_hash = "b4ad3eedff5e41aa07d42c46dd5ef97ef281c049ed676e6b93474f21e20da428"
@@ -223450,11 +223889,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cyreninc_Amp_Cyrenamp_CBB8 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - amp.sys"
 		author = "Florian Roth"
 		id = "a2b01649-d98b-5d99-9fb3-e9a648db62ad"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8612-L8631"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8721-L8740"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "cbb8239a765bf5b2c1b6a5c8832d2cab8fef5deacadfb65d8ed43ef56d291ab6"
 		logic_hash = "79514ed74f7ca8fae3b4a36ae240d325fb70555cb8371e03a498b6fb9992b961"
 		score = 40
@@ -223480,11 +223919,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Netfiltersdkcom_Lgdcatchersys_Netfiltersdk_0C42
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - LgDCatcher.sys"
 		author = "Florian Roth"
 		id = "3659a46f-25cf-5f9f-9ac5-578e2ffa6e45"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8634-L8653"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8743-L8762"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0c42fe45ffa9a9c36c87a7f01510a077da6340ffd86bf8509f02c6939da133c5"
 		logic_hash = "ca3a99d2b899c907450d0a975db142d391135f70d8f6e42f937e03e2b0c7a9ce"
 		score = 40
@@ -223510,11 +223949,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Supermicrocomputerinc_Superbmc_Superbmc_F843 : F
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - superbmc.sys"
 		author = "Florian Roth"
 		id = "bf870b5d-ab2d-587d-a7ce-da7a02960d2c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8656-L8675"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8765-L8784"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f8430bdc6fd01f42217d66d87a3ef6f66cb2700ebb39c4f25c8b851858cc4b35"
 		logic_hash = "a628c561060c20f97c03b11be8c6d475b390d10ee7bf8dff9cc05600d68b8fc8"
 		score = 40
@@ -223540,11 +223979,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "45f59f43-b8eb-5c58-a386-a7bb19a88253"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8678-L8697"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8787-L8806"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1023dcd4c80db19e9f82f95b1c5e1ddb60db7ac034848dd5cc1c78104a6350f4"
 		logic_hash = "5dd553f7a90a5680d1a250a951e0166a526690dbef5fe431fa37347b3a5f2078"
 		score = 40
@@ -223570,11 +224009,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_F877 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iQVW64.SYS"
 		author = "Florian Roth"
 		id = "b2a52cf7-6f64-5409-8764-e26f7b9e45c8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8700-L8720"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8809-L8829"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f877296e8506e6a1acbdacdc5085b18c6842320a2775a329d286bac796f08d54"
 		hash = "de3597ae7196ca8c0750dce296a8a4f58893774f764455a125464766fcc9b3b5"
 		logic_hash = "65966a05952fcf57b8d722154fe6dcafba49fffa0494086e1ff2bf76229d0c78"
@@ -223601,11 +224040,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "9c9c668c-f83c-5166-a4ae-717709df5e70"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8723-L8742"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8832-L8851"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ae3a6a0726f667658fc3e3180980609dcb31bdbf833d7cb76ba5d405058d5156"
 		logic_hash = "7ff6b127fcdbe2a1612d46fccdf23d0fbaa2f6a91a54b718658ebd2d3fea8bce"
 		score = 40
@@ -223631,11 +224070,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Almicosoftware_Sfdrvxsys_Speedfan_X_AD23 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - sfdrvx32.sys"
 		author = "Florian Roth"
 		id = "df1de7d1-dd2a-5c6c-980d-a080b343f4f7"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8745-L8764"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8854-L8873"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ad23d77a38655acb71216824e363df8ac41a48a1a0080f35a0d23aa14b54460b"
 		logic_hash = "8cdd734afe9bdf25157395096e64bfa743e4f17e1bde796269d6b5c875147561"
 		score = 40
@@ -223661,11 +224100,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrddkprovider_Rtportsys_Windowsrddkdriver_
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtport.sys"
 		author = "Florian Roth"
 		id = "8ed20998-ff6a-56d1-aa40-b6b35f308cbd"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8767-L8786"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8876-L8895"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6f806a9de79ac2886613c20758546f7e9597db5a20744f7dd82d310b7d6457d0"
 		logic_hash = "707ec81c9fb679a439f23e97e92c6d08b541cd433bfa4fa4296a664cabb403d0"
 		score = 40
@@ -223691,11 +224130,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiowxsys_Realtekiodriver_B205 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtkiow8x64.sys "
 		author = "Florian Roth"
 		id = "0246761e-08b5-557b-950c-598083488d4f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8789-L8808"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8898-L8917"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "b205835b818d8a50903cf76936fcf8160060762725bd74a523320cfbd091c038"
 		logic_hash = "8313ea1ab68c635fd99927884741a087ea5d93e3e2d3d3c9171609f17545d3cc"
 		score = 40
@@ -223721,11 +224160,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Filseclabcorporation_Filnk_Filseclabdynamicdefen
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - filnk.sys"
 		author = "Florian Roth"
 		id = "cedb7acf-a1a9-566c-becd-f3e9952a9a3d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8811-L8830"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8920-L8939"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ae55a0e93e5ef3948adecf20fa55b0f555dcf40589917a5bfbaa732075f0cc12"
 		logic_hash = "36e491c2841bb77cfc3c07545a30af7edef940e4f36fffd33f6a35f5d8980c86"
 		score = 40
@@ -223751,11 +224190,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_CBF7 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - sandra.sys"
 		author = "Florian Roth"
 		id = "b6cf6e40-1414-57a4-839a-7bd45e33b6c8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8833-L8852"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8942-L8961"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "cbf74bed1a4d3d5819b7c50e9d91e5760db1562d8032122edac6f0970f427183"
 		logic_hash = "4093b8e8e67632b5ee28b0e8843398e3e32c33b6fbb18c68730f4495d4c025ad"
 		score = 40
@@ -223781,11 +224220,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "54901649-06c2-5bcb-a725-8a4d206dc00c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8855-L8874"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8964-L8983"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a47555d04b375f844073fdcc71e5ccaa1bbb201e24dcdebe2399e055e15c849f"
 		logic_hash = "212de91b3abdc9948aad64531983df3c75e36ff73e56a6b5e8a488571fc39465"
 		score = 40
@@ -223811,11 +224250,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtier_66F8 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - libnicm.sys"
 		author = "Florian Roth"
 		id = "4ced2cc9-9068-5e5f-a9c6-f091b4550028"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8877-L8896"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L8986-L9005"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "66f8bd2b29763acfbb7423f4c3c9c3af9f3ca4113bd580ab32f6e3ee4a4fc64e"
 		hash = "7f84f009704bc36f0e97c7be3de90648a5e7c21b4f870e4f210514d4418079a0"
 		logic_hash = "bb8f360956167a6616fa3449f4dcbc78f938a69c979298d921757c6f1e779601"
@@ -223841,11 +224280,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - DcProtect.sys"
 		author = "Florian Roth"
 		id = "91f857f9-14eb-5b6d-8aed-41c2dae736e1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8899-L8918"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9008-L9027"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "55b5bcbf8fb4e1ce99d201d3903d785888c928aa26e947ce2cdb99eefd0dae03"
 		logic_hash = "3379ec91998a5850e3181784a43fa669817d2f3930bc790bf7b46857a2393d93"
 		score = 40
@@ -223871,11 +224310,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustekcomputerinc_Atsziosys_Atsziodriver_1A4F :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ATSZIO.sys"
 		author = "Florian Roth"
 		id = "a7b74018-53bc-5f36-b1cd-50d87c5928e0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8921-L8944"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9030-L9053"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1a4f7d7926efc3e3488758ce318246ea78a061bde759ec6c906ff005dd8213e5"
 		hash = "0da746e49fd662be910d0e366934a7e02898714eaaa577e261ab40eb44222b5c"
 		hash = "e32ab30d01dcff6418544d93f99ae812d2ce6396e809686620547bea05074f6f"
@@ -223905,11 +224344,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Filseclabcorporation_Filwfp_Filseclabfirewall_49
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - filwfp.sys"
 		author = "Florian Roth"
 		id = "ca80dd10-59cc-576d-a077-01dff115016f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8947-L8966"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9056-L9075"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "490cfbb540dcd70b7bff4fdd62e7ed7400bbfebaf5083523d49f7184670f7b9a"
 		logic_hash = "722b36f80e7c899c75667c989390161a30d1336be397c771174e8753865a6f8c"
 		score = 40
@@ -223935,11 +224374,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asrockincorporation_Asrautochkupddrvsys_Asrautoc
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AsrAutoChkUpdDrv_1_0_32.sys"
 		author = "Florian Roth"
 		id = "64fed65f-7b98-54a9-b84d-00401c4e4094"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8969-L8988"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9078-L9097"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4ae42c1f11a98dee07a0d7199f611699511f1fb95120fabc4c3c349c485467fe"
 		logic_hash = "a07a0630526bf3b9d427a83b00269428059e640787a834ff129cdb23b4c4c245"
 		score = 40
@@ -223965,11 +224404,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Razerinc_Rzpnk_Rzpnk_9E34 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rzpnk.sys"
 		author = "Florian Roth"
 		id = "17aba336-885e-556a-a05e-9cba2ddbf656"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L8991-L9010"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9100-L9119"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9e3430d5e0e93bc4a5dccc985053912065e65722bfc2eaf431bc1da91410434c"
 		logic_hash = "d07bb8afe8e9e55d9bbf5c96ab8be6bf1f3b65a08873f8956436b87ad3b826d8"
 		score = 40
@@ -223995,11 +224434,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Wisecleanercom_Wiseunlosys_Wiseunlo_9D53 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - WiseUnlo.sys"
 		author = "Florian Roth"
 		id = "4b731a73-af46-5607-96c3-6aeeb7df9976"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9013-L9033"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9122-L9142"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9d530642aeb6524691d06b9e02a84e3487c9cdd86c264b105035d925c984823a"
 		hash = "5e27fe26110d2b9f6c2bad407d3d0611356576b531564f75ff96f9f72d5fcae4"
 		logic_hash = "bdf3933b96f571ca3f07d9c3775847d5053f3f147b75068e7dad4a152480935e"
@@ -224026,11 +224465,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_BCFC : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "aabd529a-516f-5e7f-85e2-b7fa207b89cd"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9036-L9055"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9145-L9164"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "bcfc2c9883e6c1b8429be44cc4db988a9eecb544988fbd756d18cfca6201876f"
 		logic_hash = "10b04a7ca71652632fb836bfb76f6be8b4c1d9e7e6566f623b52a850b3dbebde"
 		score = 40
@@ -224056,11 +224495,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrddkprovider_Gdrvsys_Windowsrddkdriver_F4
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - gdrv.sys"
 		author = "Florian Roth"
 		id = "e7e01116-2971-59fd-bada-ac22cdc17670"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9058-L9078"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9167-L9187"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f4ff679066269392f6b7c3ba6257fc60dd609e4f9c491b00e1a16e4c405b0b9b"
 		hash = "cfc5c585dd4e592dd1a08887ded28b92d9a5820587b6f4f8fa4f56d60289259b"
 		logic_hash = "e7ca103b49c11733154f9f4bf164be90f25d3534ea103312047d7f1a9c240131"
@@ -224087,11 +224526,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_DBC6 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "9a004873-765d-5db7-87e1-8796286635e3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9081-L9100"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9190-L9209"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "dbc604b4e01362a3e51357af4a87686834fe913852a4e0a8c0d4c1a0f7d076ed"
 		logic_hash = "becd57b696fe37ea0ae1bd83aa1c00258d1a58fd83c80d9772bea625ad0d6afc"
 		score = 40
@@ -224117,11 +224556,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Corsairmemoryinc_Corsairllaccess_Corsairllaccess
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - CorsairLLAccess64.sys"
 		author = "Florian Roth"
 		id = "ec067130-dde8-58a8-884f-eeda3c7adf57"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9103-L9122"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9212-L9231"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f15ae970e222ce06dbf3752b223270d0e726fb78ebec3598b4f8225b5a0880b1"
 		logic_hash = "ae01cd2b9b1c504298c0295fd4f3e54199df371787676f19ba0a3ad9340f0c56"
 		score = 40
@@ -224147,11 +224586,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_4E37 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "c827a2fc-e533-5113-a7e5-8ae4f5718d63"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9125-L9144"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9234-L9253"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4e37592a2a415f520438330c32cfbdbd6af594deef5290b2fa4b9722b898ff69"
 		logic_hash = "cd104e4130ef7fcc525a31aacc1180933cd6fe99a7b0c10a54622c512d699364"
 		score = 40
@@ -224177,11 +224616,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_ECD0 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "f683f7c5-15cb-5e1b-9d6e-4261c85a581a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9147-L9166"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9256-L9275"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ecd07df7ad6fee9269a9e9429eb199bf3e24cf672aa1d013b7e8d90d75324566"
 		logic_hash = "48342828a25e7fdd6dad197bb079d58fc1937b9630f021067a7f197e53c912d9"
 		score = 40
@@ -224207,11 +224646,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_6701 : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HWiNFO32.SYS"
 		author = "Florian Roth"
 		id = "89f292a0-04cd-5c07-9c43-9fef78748ef4"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9169-L9188"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9278-L9297"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6701433861742c08eb50f1e785962378143ad5b6c374ac29118168599f8a0f1c"
 		logic_hash = "c6d8f88f83fffed54cd4adf0542a40531765b0cea0e963ed7ad5d646a7901f19"
 		score = 40
@@ -224237,11 +224676,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Radiantsystemsinc_Radhwmgrsys_Radiantsystemsinch
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - RadHwMgr.sys"
 		author = "Florian Roth"
 		id = "1903bced-7391-5d95-a71b-a2657286b5cd"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9191-L9210"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9300-L9319"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "00c3e86952eebb113d91d118629077b3370ebc41eeacb419762d2de30a43c09c"
 		logic_hash = "d5975b9f192b982cb0febc0314e9597f387830e6c1cc4bf0202918ce75c8ca33"
 		score = 40
@@ -224267,11 +224706,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Cn_Computerzsys_DEE3 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ComputerZ.Sys"
 		author = "Florian Roth"
 		id = "189bf93d-db65-50d7-8637-62877742ccae"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9213-L9233"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9322-L9342"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "dee384604d2d0018473941acbefe553711ded7344a4932daeffb876fe2fa0233"
 		hash = "26ecd3cea139218120a9f168c8c0c3b856e0dd8fb2205c2a4bcb398f5f35d8dd"
 		logic_hash = "106ecc5e36dbf66a7660d00bfcce40934528899d60bd2bb7711c56f515119fcc"
@@ -224298,11 +224737,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpot_Avastantivirus_36E3 : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "6ea52f09-df49-5bc4-a3bc-34a80e78b739"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9236-L9255"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9345-L9364"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "36e3127f045ef1fa7426a3ff8c441092d3b66923d2b69826034e48306609e289"
 		logic_hash = "c8c776a3ef3f452b261c7348f0634f9bac7e00f5028eeb56af41461d240a5216"
 		score = 40
@@ -224328,11 +224767,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_FDA9 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "d405ca94-8b2c-57cd-b6da-8dbfd5f8d858"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9258-L9277"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9367-L9386"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "fda93c6e41212e86af07f57ca95db841161f00b08dae6304a51b467056e56280"
 		logic_hash = "2548a054742e55e13e146fa3389c4fb17bdf4e7785bc824e5dd8be7d0cddd75a"
 		score = 40
@@ -224358,11 +224797,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_6E9E : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HWiNFO32.SYS"
 		author = "Florian Roth"
 		id = "8ec4875c-4f84-5706-81c8-9dd94dccb962"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9280-L9299"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9389-L9408"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6e9e9e0b9a23deec5f28dc45f0bbe7423565f037f74be2957e82e5f72c886094"
 		logic_hash = "1a5841556e8589b9fda2167a5ad9c6ac0ec7bb9e9358220ebc18e9675fe6254b"
 		score = 40
@@ -224388,11 +224827,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_1228 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "a46d53f7-ddac-5597-be0d-0e05232bbaec"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9302-L9321"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9411-L9430"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1228d0b6b4f907384346f64e918cc28021fe1cd7d4e39687bca34a708998261a"
 		logic_hash = "6d10896a203562741de37cb97e858a1d70451ad5fc1341ad80d6aa4765b8de9a"
 		score = 40
@@ -224418,11 +224857,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Htcvive_Viverraudiosys_Vivevirtualaudiodriver_9D
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ViveRRAudio.sys"
 		author = "Florian Roth"
 		id = "800db2d7-2446-5ded-8e6a-6e5bd74e1931"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9324-L9343"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9433-L9452"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9d5e8700a434838eb63a0573178b4291f07a9d96dabfb4ead40253a3cd9edefd"
 		logic_hash = "07493d054825bf086aaafa49eb7c06e3f5e7ad742732cfca9b84e736bb236e2b"
 		score = 40
@@ -224448,11 +224887,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Biostargroup_Iodriver_Biostariodriver_D205 : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - BS_RCIO64.sys"
 		author = "Florian Roth"
 		id = "ea90277d-696d-5674-b679-9a340359e853"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9346-L9365"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9455-L9474"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d205286bffdf09bc033c09e95c519c1c267b40c2ee8bab703c6a2d86741ccd3e"
 		logic_hash = "8c88f91ab8ff231e4ab6e532b8d71ba810fa62e684dec7fff6b74c4f85a96f65"
 		score = 40
@@ -224478,11 +224917,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Amifldrvsys_Windowsrwindd
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - amifldrv64.sys, amifldrv.sys"
 		author = "Florian Roth"
 		id = "9c05031d-2062-53fb-982c-f874bf902b48"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9368-L9388"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9477-L9497"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "38d87b51f4b69ba2dae1477684a1415f1a3b578eee5e1126673b1beaefee9a20"
 		hash = "ffc72f0bde21ba20aa97bee99d9e96870e5aa40cce9884e44c612757f939494f"
 		logic_hash = "fb233e5c3cd88ab1450d3371b2f916af9dc8f0b5ffd145e47ad2f0678495b630"
@@ -224509,11 +224948,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Inferre_Hwdetectngsys_Hwdetectngsys_D456 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - hwdetectng.sys"
 		author = "Florian Roth"
 		id = "861a355c-e883-5384-9d77-b572575905d1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9391-L9412"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9500-L9521"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d45600f3015a54fa2c9baa7897edbd821aeea2532e6aadb8065415ed0a23d0c2"
 		hash = "43136de6b77ef85bc661d401723f38624e93c4408d758bc9f27987f2b4511fee"
 		hash = "2f8b68de1e541093f2d4525a0d02f36d361cd69ee8b1db18e6dd064af3856f4f"
@@ -224541,11 +224980,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Adlicesoftware_Truesight_Truesight_BFC2 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - truesight.sys"
 		author = "Florian Roth"
 		id = "89e4602a-9233-5955-9edb-c09fb2b01376"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9415-L9434"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9524-L9543"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "bfc2ef3b404294fe2fa05a8b71c7f786b58519175b7202a69fe30f45e607ff1c"
 		logic_hash = "31bf547d77d003653090c31588635255d5983e179146bf53b5624dc3fdcf8422"
 		score = 40
@@ -224571,11 +225010,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "3c2a3d3b-ec7f-509d-a00a-0bb1b73f50cf"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9437-L9456"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9546-L9565"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "87b4c5b7f653b47c9c3bed833f4d65648db22481e9fc54aa4a8c6549fa31712b"
 		logic_hash = "e1bf0fb9255ba7cd386ac0d51ce1d22ffde535a0064683f2178fac388b6944a0"
 		score = 40
@@ -224601,11 +225040,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Highresolutionenterpriseswwwhighrezcouk_Inpoutxs
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - inpoutx64.sys"
 		author = "Florian Roth"
 		id = "2103d553-3e8a-5f81-b54e-c125aa7746ca"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9459-L9480"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9568-L9589"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f581decc2888ef27ee1ea85ea23bbb5fb2fe6a554266ff5a1476acd1d29d53af"
 		hash = "f8965fdce668692c3785afa3559159f9a18287bc0d53abb21902895a8ecf221b"
 		hash = "2d83ccb1ad9839c9f5b3f10b1f856177df1594c66cbbc7661677d4b462ebf44d"
@@ -224633,11 +225072,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_12ED : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "d8599978-d388-5b67-99ff-d4bde156b433"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9483-L9502"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9592-L9611"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "12eda8b65ed8c1d80464a0c535ea099dffdb4981c134294cb0fa424efc85ee56"
 		logic_hash = "9c43c1e37bcc87d616e8d7fa1a610b4d3f28b60d2203d0e466939a41b1a8a7d7"
 		score = 40
@@ -224663,11 +225102,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_FF1C : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HWiNFO32.SYS"
 		author = "Florian Roth"
 		id = "2c04159c-312f-52a5-8a6c-3fc8346dda5e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9505-L9524"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9614-L9633"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ff1ccef7374a1a5054a6f4437e3e0504b14ed76e17090cc6b1a4ec0e2da427a5"
 		logic_hash = "ee97df01a31ceb88274de9890887f6203bee9b173a2034ad4570a9bb92d13dd2"
 		score = 40
@@ -224693,11 +225132,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_EBE2 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "6d854b08-4675-53c5-9d7f-753c94310df0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9527-L9546"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9636-L9655"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ebe2e9ec6d5d94c2d58fbcc9d78c5f0ee7a2f2c1aed6d1b309f383186d11dfa3"
 		logic_hash = "4f671c0023ef9bbb82a3fdd328709bb9c2a579fbef7f0a348b01fd4188ded3d4"
 		score = 40
@@ -224723,11 +225162,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtierforwindows_V_CA34 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nscm.sys"
 		author = "Florian Roth"
 		id = "326a5e40-0706-5daf-b1a5-8bcff8b3fcae"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9549-L9567"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9658-L9676"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ca34f945117ec853a713183fa4e8cf85ea0c2c49ca26e73d869fee021f7b491d"
 		logic_hash = "20276f0c10cef963957e6f868643166567862b89124d96371b80dfe217eab4b6"
 		score = 40
@@ -224752,11 +225191,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Adlinktechnologyinc_Adrmdrvsys_Adlinkresourceman
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ADRMDRVSYS.sys"
 		author = "Florian Roth"
 		id = "8d11b32d-0305-5033-a05b-4abaae17970b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9570-L9589"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9679-L9698"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a1f79a2e1441970bb3e7c838f8c14a8f3d39a46b0ff9648614e922ac475c743d"
 		logic_hash = "ffbcfcd307c79f1e0c087a1b9c4c94f3b34290fbb714ebab8ee13557d116d1c8"
 		score = 40
@@ -224782,11 +225221,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Adlink_Pxitrigsys_Pxitriggerioforwindowsx_56EC :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - pxitrig64.sys"
 		author = "Florian Roth"
 		id = "1f12d162-81ae-5840-a8d8-efa0e31bb2e5"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9592-L9611"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9701-L9720"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "56ece6b6b1d2da18458c9d8edc586bd2b9f7c4b092a9745fbed659238b2b3157"
 		logic_hash = "b9ed8720fef8e96d9cf8b08e63c5951aa410254eb1d995f039387d6a77269e84"
 		score = 40
@@ -224812,11 +225251,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Razerinc_Rzpnk_Rzpnk_46D1 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rzpnk.sys"
 		author = "Florian Roth"
 		id = "af2cb913-c98c-5d29-9822-095df2e8c270"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9614-L9636"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9723-L9745"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "46d1dc89cc5fa327e7adf3e3d6d498657240772b85548c17d2e356aac193dd28"
 		hash = "dafa4459d88a8ab738b003b70953e0780f6b8f09344ce3cd631af70c78310b53"
 		hash = "4c2d2122ef7a100e1651f2ec50528c0d1a2b8a71c075461f0dc58a1aca36bc61"
@@ -224845,11 +225284,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Corsairmemoryinc_Corsairllaccess_Corsairllaccess
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - CorsairLLAccess64.sys"
 		author = "Florian Roth"
 		id = "50cf8320-c182-5f59-b2a7-750c618312bf"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9639-L9659"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9748-L9768"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a334bdf0c0ab07803380eb6ef83eefe7c147d6962595dd9c943a6a76f2200b0d"
 		hash = "000547560fea0dd4b477eb28bf781ea67bf83c748945ce8923f90fdd14eb7a4b"
 		logic_hash = "881222a52349787251b723640a42b468e4d3f8ee614329de61d7816b00beb9ff"
@@ -224876,11 +225315,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_1C12 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "14390895-6fae-5e00-9d0d-76347782873c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9662-L9681"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9771-L9790"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1c1251784e6f61525d0082882a969cb8a0c5d5359be22f5a73e3b0cd38b51687"
 		logic_hash = "d8f6326a34caddc2c91ac47e57ed022086bea7122203f166cd5e3176c369a3e4"
 		score = 40
@@ -224906,11 +225345,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroaegis_4BC0 : F
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "da911735-e7b3-5721-8254-958f25b0efa1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9684-L9703"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9793-L9812"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4bc0921ffd4acc865525d3faf98961e8decc5aec4974552cbbf2ae8d5a569de4"
 		logic_hash = "1f138a336f979f9a4a75796cdd6cab5716a17f1ded02350db64a6ec618c7a1dd"
 		score = 40
@@ -224936,11 +225375,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Iobitinformationtechnology_Iobitunlockersys_Unlo
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iobitunlocker.sys"
 		author = "Florian Roth"
 		id = "a9cbfdc3-6c84-5c6f-98a9-8cf77cc32d9d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9706-L9725"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9815-L9834"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f85cca4badff17d1aa90752153ccec77a68ad282b69e3985fdc4743eaea85004"
 		logic_hash = "1a7df58e346f6ae2224163302bbc14815c6d612c1414b59663d3d9f730925499"
 		score = 40
@@ -224966,11 +225405,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtierforwindows_V_C190 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - libnicm.sys"
 		author = "Florian Roth"
 		id = "9a9903d6-bdab-5694-9e26-66a797e299d5"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9728-L9746"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9837-L9855"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c190e4a7f1781ec9fa8c17506b4745a1369dcdf174ce07f85de1a66cf4b5ed8a"
 		logic_hash = "44017c1fab02aec40335b310646d9760ce4db2da785d08a430442a5afe9d4887"
 		score = 40
@@ -224995,11 +225434,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Chengduwesthouseinteractiveentertainmentltd_Seas
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - SeasunProtect.sys"
 		author = "Florian Roth"
 		id = "bbef97ef-c7c4-5b33-a2f4-f0643d2b6ca1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9749-L9768"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9858-L9877"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "507b07b0dc0e638b65b4a4d11a462b35439c746d42337b9888927bf994176102"
 		logic_hash = "545a3bf25d5b387cccf9f20e06a83f34d266add00c9d18652f6898738e01f157"
 		score = 40
@@ -225025,11 +225464,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - procexp.Sys"
 		author = "Florian Roth"
 		id = "8fc2f891-9898-551b-8a21-5222af319764"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9771-L9790"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9880-L9899"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9b6a84f7c40ea51c38cc4d2e93efb3375e9d98d4894a85941190d94fbe73a4e4"
 		logic_hash = "beca5e85d2b29d6a37e9d783facf37bb375095ae5d47a8a2eff663afbc22ffc3"
 		score = 40
@@ -225055,11 +225494,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "6c041a1a-b6f2-50f1-a079-1a4abc0c1f37"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9793-L9812"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9902-L9921"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7d43769b353d63093228a59eb19bba87ce6b552d7e1a99bf34a54eee641aa0ea"
 		logic_hash = "5c3addc4d27338e1ed76b65327198acef97969b13e6ac8284153fcc1fd992b4d"
 		score = 40
@@ -225085,11 +225524,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_7337 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ngiodriver.sys"
 		author = "Florian Roth"
 		id = "69622a5d-bccf-51cc-8e8b-f1792c89275a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9815-L9835"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9924-L9944"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "733789d0a253e8d80cc3240e365b8d4274e510e36007f6e4b5fd13b07b084c3e"
 		hash = "d1463b7fec911c10a8c96d84eb7c0f9e95fa488d826647a591a38c0593f812a4"
 		logic_hash = "9f3772548952491a3c20cdecdba491017a7bb7c113360feae778426539e5d9b8"
@@ -225116,11 +225555,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_ADC1 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "77819373-6f49-56bc-8636-d25cd75491b7"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9838-L9857"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9947-L9966"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "adc10de960f40fa9f6e28449748250fa9ddfd331115b77a79809a50c606753ee"
 		logic_hash = "896055705d276e007082616e944be968d90087798e3c4cfcc35c3ecaf3a781b0"
 		score = 40
@@ -225146,11 +225585,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Sbiosiosys_Samsungrbiosio
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - SBIOSIO64.sys"
 		author = "Florian Roth"
 		id = "e8515bb1-cf81-510a-9d48-7fd353c6c37a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9860-L9880"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9969-L9989"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1e24c45ce2672ee403db34077c88e8b7d7797d113c6fd161906dce3784da627d"
 		hash = "39336e2ce105901ab65021d6fdc3932d3d6aab665fe4bd55aa1aa66eb0de32f0"
 		logic_hash = "d9be90591690481e778ebb8a18c633d7ceccdaafa3989352d94bd1995e3470f4"
@@ -225177,11 +225616,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpot_Avginternetsecurit
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "1ac2562c-9d06-5372-bc45-e9491a7bfeea"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9883-L9902"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L9992-L10011"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "94911fe6f2aba9683b10353094caf71ee4a882de63b4620797629d79f18feec5"
 		logic_hash = "45bd63fd965c9c40b0d687af623f58922c708608a25e58b2c1ad436312e6284d"
 		score = 40
@@ -225207,11 +225646,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Fujitsulimited_Advdrvsys_Microsoftrwindowsropera
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ADV64DRV.sys"
 		author = "Florian Roth"
 		id = "fa878fd1-9d19-561e-bd01-b4693a48f480"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9905-L9923"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10014-L10032"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "04a85e359525d662338cae86c1e59b1d7aa9bd12b920e8067503723dc1e03162"
 		logic_hash = "7b98ca983166c65065b6fe146957ac438426c0ad2566016e0a61ca3be68f163e"
 		score = 40
@@ -225236,11 +225675,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Microworldtechnologiesinc_Procobsrvesx_Escanecon
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ProcObsrvesx.sys"
 		author = "Florian Roth"
 		id = "0a9fd431-04d7-5d47-86f2-c4d5086e9f98"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9926-L9945"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10035-L10054"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "37206b758eac2c7775ef881c1dc9a96129a517069bdf47049afc3b29e328408e"
 		logic_hash = "b15135b9ae60c53de1e9ab6549812636131a71f98e45bbcabe125eaeea8c9be5"
 		score = 40
@@ -225266,11 +225705,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Amdryzenmasterdriversys_Amd
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AMDRyzenMasterDriver.sys"
 		author = "Florian Roth"
 		id = "aa757ead-9ab0-5c5f-ba50-f310130e3d08"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9948-L9967"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10057-L10076"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ff9623317287358440ec67da9ba79994d9b17b99ffdd709ec836478fe1fc22a5"
 		logic_hash = "d47eec2132d31ce4f4009456805e7b75e43054edf13c3f056416638cf3928e41"
 		score = 40
@@ -225296,11 +225735,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sunmicrosystemsinc_Vboxtapsys_Virtualboxhostinte
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxTAP.sys"
 		author = "Florian Roth"
 		id = "657161e9-b714-5bd9-bbb7-5ad7df6a83c5"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9970-L9989"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10079-L10098"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "cfa28e2f624f927d4cbd2952306570d86901d2f24e3d07cc6277e98289d09783"
 		logic_hash = "1fefb271c505de9c1d08d558a53f8150cb8724b1b97ac2014f30d2c593f05f6b"
 		score = 40
@@ -225326,11 +225765,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Generalelectriccompany_Gedevicedriver_Proficymac
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - GEDevDrv.SYS"
 		author = "Florian Roth"
 		id = "c9951c04-1a18-53df-abaa-bfcd7c0a1aec"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L9992-L10012"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10101-L10121"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a369942ce8d4b70ebf664981e12c736ec980dbe5a74585dd826553c4723b1bce"
 		hash = "ae73dd357e5950face9c956570088f334d18464cd49f00c56420e3d6ff47e8dc"
 		logic_hash = "e9af30ff414f7c42b656519453924a90be7cf567c5d5ac6c29713d6799a369c1"
@@ -225357,11 +225796,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_85FD : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ngiodriver.sys"
 		author = "Florian Roth"
 		id = "50552007-935f-5476-a596-6052030c08c4"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10015-L10034"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10124-L10143"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "85fdd255c5d7add25fd7cd502221387a5e11f02144753890218dd31a8333a1a3"
 		logic_hash = "dd2e7c64c1f0139e2c365e8f726e026c66857334dbfd29eda3ebffa483677b5f"
 		score = 40
@@ -225387,11 +225826,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_7CF7 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "7114725c-9cca-53c3-8902-79d83386fef4"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10037-L10056"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10146-L10165"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7cf756afcaf2ce4f8fb479fdede152a17eabf4c5c7c329699dab026a4c1d4fd0"
 		logic_hash = "f6570bb8a690a21b67637f265f36dbe8a3adb63e30c025216c25df73099ad173"
 		score = 40
@@ -225417,11 +225856,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_7795 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - procexp.Sys"
 		author = "Florian Roth"
 		id = "84866b07-19cc-5c75-acc3-7640adcf68e8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10059-L10078"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10168-L10187"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "77950e2a40ac0447ae7ee1ee3ef1242ce22796a157074e6f04e345b1956e143c"
 		logic_hash = "f59507fdf64c5eca6139f149595b9919704fead73d4e66c93630ca6cf9582a82"
 		score = 40
@@ -225447,11 +225886,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_B019 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - SANDRA.sys"
 		author = "Florian Roth"
 		id = "4edbf604-a98c-5877-8385-eff85575daa4"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10081-L10100"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10190-L10209"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "b019ebd77ac19cdd72bba3318032752649bd56a7576723a8ae1cccd70ee1e61a"
 		logic_hash = "1ef6c4c199fad08babe5f4484444c157dfcfea891f392682689cf2df34088179"
 		score = 40
@@ -225477,11 +225916,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevicesinc_Amdpowerprofilersys_Amdu
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AMDPowerProfiler.sys"
 		author = "Florian Roth"
 		id = "6475e885-711f-53ea-9ab6-cdb45b3a0917"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10103-L10122"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10212-L10231"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0af5ccb3d33a9ba92071c9637be6254030d61998733a5eb3583e865e17844e05"
 		logic_hash = "ac1fd75b411624e0f4cd6d455a61e1ac3c08d421182c4f9eb90698ee29eff77a"
 		score = 40
@@ -225507,11 +225946,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiosys_Realtekiodriver_074A : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtkio.sys, rtkio64.sys, rtkiow8x64.sys, rtkiow10x64.sys"
 		author = "Florian Roth"
 		id = "2cb53106-382d-5645-a72c-28a64112bb47"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10125-L10144"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10234-L10253"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "074ae477c8c7ae76c6f2b0bf77ac17935a8e8ee51b52155d2821d93ab30f3761"
 		logic_hash = "b76e7a17aa7da3d6a1972a40fbcaa4ca63edb4220b07d807ee54fea649b13a6d"
 		score = 40
@@ -225537,11 +225976,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_98B7 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NTIOLib.sys"
 		author = "Florian Roth"
 		id = "f827cf5e-23c7-5db8-9949-14382788bbdd"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10147-L10166"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10256-L10275"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "98b734dda78c16ebcaa4afeb31007926542b63b2f163b2f733fa0d00dbb344d8"
 		logic_hash = "db97be0a54fc813022a609ffdabe0e0cff306ef894c560f75a43a4aa890590d5"
 		score = 40
@@ -225567,11 +226006,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Novellinc_Novellxtierforwindows_V_7A2C : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nicm.sys"
 		author = "Florian Roth"
 		id = "eae98a64-3478-55fc-b839-7a1ec0f1521d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10169-L10187"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10278-L10296"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7a2cd1dc110d014165c001ce65578da0c0c8d7d41cc1fa44f974e8a82296fc25"
 		logic_hash = "01badc48c33814577b1a6000b4ff46473b48f85d8f8e8d6071d26b81d3cde22d"
 		score = 40
@@ -225596,11 +226035,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_9A95 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - zam64.sys, zamguard32.sys, zamguard64.sys"
 		author = "Florian Roth"
 		id = "de7c3f85-1101-58c2-882b-e7e59d95fdd8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10190-L10206"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10299-L10315"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9a95a70f68144980f2d684e96c79bdc93ebca1587f46afae6962478631e85d0c"
 		logic_hash = "3b699e2afa7e4c4284d725cc159b46a609e4020703bc0efc7ba6563084d67f0e"
 		score = 40
@@ -225623,11 +226062,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Microsoftcorporation_Afdsys_Microsoftwindowsoper
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Afd.sys"
 		author = "Florian Roth"
 		id = "c018c2ba-ecf9-5523-a73a-bc827bcd994b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10209-L10228"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10318-L10337"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "95fd266cc454177901cb58f4d30417c4a7caf29be62bb8649e5b8fca58823600"
 		logic_hash = "b97cb7665f6d080a5abaeedbf74d9d77de1aafc3581c2aa0386b5f1b8467ba34"
 		score = 40
@@ -225653,11 +226092,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_19BF : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iQVW64.SYS"
 		author = "Florian Roth"
 		id = "4e733353-21f8-5a32-b735-fccd3ffba831"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10231-L10250"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10340-L10359"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "19bf0d0f55d2ad33ef2d105520bde8fb4286f00e9d7a721e3c9587b9408a0775"
 		logic_hash = "b05c520a5816f2dc7a35319f7f5d11001c5d64cdee479e213ac95950acf26bfc"
 		score = 40
@@ -225683,11 +226122,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Itmsystem_023D : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - probmon.sys"
 		author = "Florian Roth"
 		id = "a6a1350d-3d8e-5527-8458-e880647b8e14"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10253-L10270"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10362-L10379"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "023d722cbbdd04e3db77de7e6e3cfeabcef21ba5b2f04c3f3a33691801dd45eb"
 		logic_hash = "b15ead98d0b7f35242095d47af96a8466fb16da42e63680fed59d126591f63d9"
 		score = 40
@@ -225711,11 +226150,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_2BBC : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - zam64.sys, zamguard32.sys, zamguard64.sys"
 		author = "Florian Roth"
 		id = "171ebc5a-3e8a-5771-8960-b623f6581759"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10273-L10289"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10382-L10398"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2bbc6b9dd5e6d0327250b32305be20c89b19b56d33a096522ee33f22d8c82ff1"
 		logic_hash = "d311a2d88741100de1ca65107b08418f0d5a3fc44e4e388faf3434f9fec77dcc"
 		score = 40
@@ -225738,11 +226177,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Logitechinc_Lvavsys_Logitechwebcamsoftware_E86C
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - Lv561av.sys"
 		author = "Florian Roth"
 		id = "3402e3fc-82be-577d-a297-fcae7539bcfc"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10292-L10311"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10401-L10420"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e86cb77de7b6a8025f9a546f6c45d135f471e664963cf70b381bee2dfd0fdef4"
 		logic_hash = "ffab2936594602db403cd2aa85e7dffdcb10ec199fe857b947ae3214492106d4"
 		score = 40
@@ -225768,11 +226207,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Getactechnologycorporation_Mtcbsvsys_Getacsystem
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - GtcKmdfBs.sys"
 		author = "Florian Roth"
 		id = "8634c295-d4b3-5f35-8ed3-4b11936593f9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10314-L10333"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10423-L10442"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e6d1ee0455068b74cf537388c874acb335382876aa9d74586efb05d6cc362ae5"
 		logic_hash = "bdd3eb671365ee774f50c3bbffc33aaffb3651f92101a133d1ddcc8b4a495e8f"
 		score = 40
@@ -225798,11 +226237,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Hpinc_Hpportioxsys_Hpportio_C505 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HpPortIox64.sys"
 		author = "Florian Roth"
 		id = "2fb75598-3743-50c5-b9cf-d0e928f0c57c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10336-L10355"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10445-L10464"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c5050a2017490fff7aa53c73755982b339ddb0fd7cef2cde32c81bc9834331c5"
 		logic_hash = "6174ef1374e0dfd523f7dcdbbdaab1002a95040c1a33f26bf5145d5dcbf87b08"
 		score = 40
@@ -225828,11 +226267,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiowxsys_Realtekiodriver_AB8F : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtkio.sys, rtkio64.sys, rtkiow8x64.sys, rtkiow10x64.sys"
 		author = "Florian Roth"
 		id = "fd0941e8-747f-5337-aaf2-f819e32b8884"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10358-L10377"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10467-L10486"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ab8f2217e59319b88080e052782e559a706fa4fb7b8b708f709ff3617124da89"
 		logic_hash = "9be0907f77c5d4803a1ad7ac79cc42c15807a5b2d43e00a2448c6278ad5ea6c4"
 		score = 40
@@ -225858,11 +226297,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpot_Avginternetsecurit
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "e7cfd1c7-bd56-5fb1-8e6a-bc49b67b7c2c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10380-L10399"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10489-L10508"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2ce81759bfa236913bbbb9b2cbc093140b099486fd002910b18e2c6e31fdc4f1"
 		logic_hash = "0ac2638aaea5a401222d1451281ba8dba8fe4ef43da24e5eecbdd6d57f7b1dbb"
 		score = 40
@@ -225888,11 +226327,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Innotekgmbh_Vboxtapsys_Virtualboxhostinterfacene
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxTAP.sys"
 		author = "Florian Roth"
 		id = "3e90f336-734c-53bd-bc82-5045a9eb1ed2"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10402-L10421"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10511-L10530"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "994f322def98c99aec7ea0036ef5f4b802120458782ae3867d116d55215c56e4"
 		logic_hash = "25e4171bb112adf44101ca24c7d88e8a11a487b3c41d1f9eed29129c5621456b"
 		score = 40
@@ -225918,11 +226357,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_9254 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NTIOLib.sys"
 		author = "Florian Roth"
 		id = "ac7837d9-055e-502d-a497-fe96b0aa701d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10424-L10443"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10533-L10552"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9254f012009d55f555418ff85f7d93b184ab7cb0e37aecdfdab62cfe94dea96b"
 		logic_hash = "cfe16d39c54ccb7ceca1e0fc1033a4d67a0bc9c62c27dcefabe07b68b947e688"
 		score = 40
@@ -225948,11 +226387,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - DcProtect.sys"
 		author = "Florian Roth"
 		id = "b44afa7f-6a0d-5cbd-ab2c-910d211f5cb0"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10446-L10465"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10555-L10574"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3af9c376d43321e813057ecd0403e71cafc3302139e2409ab41e254386c33ecb"
 		logic_hash = "84d9015bf6ddbfcd60052a6ffcf4bfa6a2c2f8748b3b7f21ad65c1c8377dc3cb"
 		score = 40
@@ -225978,11 +226417,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_4429 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iqvw64e.sys, iQVW64.SYS, IQVW32.sys, NalDrv.sys"
 		author = "Florian Roth"
 		id = "0ffa7a9b-5174-53df-a332-e8b9e460eb1b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10468-L10488"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10577-L10597"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4429f32db1cc70567919d7d47b844a91cf1329a6cd116f582305f3b7b60cd60b"
 		hash = "a59c40e7470b7003e8adfee37c77606663e78d7e3f2ebb8d60910af19924d8df"
 		logic_hash = "3dd4326755957e11ca961eb87d0ccae5b63dc7ea4e9dc8e9c67e9c6d52bf894b"
@@ -226009,11 +226448,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realtek_Rtkiowxsys_Realtekiodriver_32E1 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - rtkio.sys, rtkio64.sys, rtkiow8x64.sys, rtkiow10x64.sys"
 		author = "Florian Roth"
 		id = "52d07201-6af3-5675-a5f0-9b6a7bb39b28"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10491-L10510"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10600-L10619"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "32e1a8513eee746d17eb5402fb9d8ff9507fb6e1238e7ff06f7a5c50ff3df993"
 		logic_hash = "fd106f69d83d2b1aeb1fdaf16f5809b0fd0d200dec00292efd9bd62422e518a8"
 		score = 40
@@ -226039,11 +226478,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Micsystechnologycoltd_Msiosys_Msiodriverversion_
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - MsIo64.sys"
 		author = "Florian Roth"
 		id = "6db1af54-b12d-5213-b184-7df7f628882e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10513-L10532"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10622-L10641"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "43ba8d96d5e8e54cab59d82d495eeca730eeb16e4743ed134cdd495c51a4fc89"
 		logic_hash = "910724e7bac9c9c83e703be52e43f4cd88dda344127f2ebc7aee01981467e9e7"
 		score = 40
@@ -226069,11 +226508,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "30ef7f0d-e6f4-5a98-87c2-286ac64c3886"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10535-L10554"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10644-L10663"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1078af0c70e03ac17c7b8aa5ee03593f5decfef2f536716646a4ded1e98c153c"
 		logic_hash = "e565dcf1bdc8ebaf90c1e42bf3e72ce561cb95f5977809fb9082bb430353dd9b"
 		score = 40
@@ -226099,11 +226538,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Gigabytetechnologycoltd_Gdrvsys_Gigabytesoftware
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - gdrv.sys"
 		author = "Florian Roth"
 		id = "dba48ad5-9b35-555e-814e-73b74f157b66"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10557-L10576"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10666-L10685"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "26c28746e947389856543837aa59a5b1f4697e5721a04d00aa28151a2659b097"
 		logic_hash = "2a6f460b66c7e94dfead7bdb3dc46a181ba2e33b40fca1812f0b412daf0a46c4"
 		score = 40
@@ -226129,11 +226568,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Interfacecorporation_Cpxcsys_Gpcxcdiobmpcicpci_0
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - CP2X72C.SYS"
 		author = "Florian Roth"
 		id = "da7c0052-5ff9-5257-a65f-7856f772b4c6"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10579-L10599"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10688-L10708"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "05c15a75d183301382a082f6d76bf3ab4c520bf158abca4433d9881134461686"
 		hash = "4b4ea21da21a1167c00b903c05a4e3af6c514ea3dfe0b5f371f6a06305e1d27f"
 		logic_hash = "485222f31dbe1e486e86c64b607de6742747b3ab2571adfc8c210205032b380b"
@@ -226160,11 +226599,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_CC68 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "14971376-05dc-59c2-bce7-498eabb52678"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10602-L10621"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10711-L10730"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "cc687fe3741bbde1dd142eac0ef59fd1d4457daee43cdde23bb162ef28d04e64"
 		logic_hash = "26f1740a069d238aadb1922512e23184cb3cf34d9ef1ff1b942755a49fbd48b0"
 		score = 40
@@ -226190,11 +226629,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_A209 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt.sys"
 		author = "Florian Roth"
 		id = "e38fec7b-bc36-5fa5-a32e-fd82aa05dd19"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10624-L10643"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10733-L10752"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a2096b460e31451659b0dde752264c362f47254c8191930bc921ff16a4311641"
 		logic_hash = "33238c8b189c5aabe45b238a44fde02b6f9436329c8700ff5b64505784438e69"
 		score = 40
@@ -226220,11 +226659,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrcodenamelonghornddkprovider_Cpudriver_Wi
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - WCPU.sys"
 		author = "Florian Roth"
 		id = "4ca1b53c-7539-5e0e-8309-224a4a859480"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10646-L10665"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10755-L10774"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "159e7c5a12157af92e0d14a0d3ea116f91c09e21a9831486e6dc592c93c10980"
 		logic_hash = "e4bcd8644bcc82c63d9d963aeb9a0a4250d8b3be3fb1122156148f4582fe6d48"
 		score = 40
@@ -226250,11 +226689,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Proxydrvsys_Nn_0B20 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ProxyDrv.sys"
 		author = "Florian Roth"
 		id = "cf4d7446-a97e-58b5-aea7-c77516abacf5"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10668-L10687"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10777-L10796"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0b205838a8271daea89656b1ec7c5bb7244c42a8b8000d7697e92095da6b9b94"
 		logic_hash = "04460d4fa04b60519b0479baab3e07b389dfe255f43b3dcea3d13ca33dc84ded"
 		score = 40
@@ -226280,11 +226719,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Msi_Ntiolibsys_Ntiolib_1DDF : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NTIOLib.sys"
 		author = "Florian Roth"
 		id = "54f03573-22a0-51ea-b3cd-201d27459cf1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10690-L10709"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10799-L10818"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1ddfe4756f5db9fb319d6c6da9c41c588a729d9e7817190b027b38e9c076d219"
 		logic_hash = "23a5fb0826068df015769d604ff393d7d649b919efabd237a004c6946a358448"
 		score = 40
@@ -226310,11 +226749,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_654C : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "c2883a08-8832-514d-a472-e53370fe9a88"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10712-L10731"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10821-L10840"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "654c5ba47f74008c8f49cbb97988017eec8c898adc3bb851bc6e1fdf9dcf54ad"
 		logic_hash = "f494a64914971b82f191becf020023de1139e5f466e5c1db9912d1d1edbdd0f2"
 		score = 40
@@ -226340,11 +226779,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Marvintestsolutionsinc_Hwsys_Hw_FD38 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HW.sys"
 		author = "Florian Roth"
 		id = "50ae31e8-41e0-5913-b04a-63b97aa9bbc2"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10734-L10754"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10843-L10863"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "fd388cf1df06d419b14dedbeb24c6f4dff37bea26018775f09d56b3067f0de2c"
 		hash = "6a4875ae86131a594019dec4abd46ac6ba47e57a88287b814d07d929858fe3e5"
 		logic_hash = "9307a3f6003f6b88d4384aad37803597d7444bcfae806a9f3d59c9a1e59d56e5"
@@ -226371,11 +226810,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "140374de-63f5-5ea2-9546-9356d697f971"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10757-L10776"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10866-L10885"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "6e0aa67cfdbe27a059cbd066443337f81c5b6d37444d14792d1c765d9d122dcf"
 		logic_hash = "79370b21c6049790a259feebf590222ef8c57bb1564401d68a960ae2c547639a"
 		score = 40
@@ -226401,11 +226840,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "c7b13c18-84a2-5362-bd10-a80c001c6efc"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10779-L10798"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10888-L10907"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a2f45d95d54f4e110b577e621fefa0483fa0e3dcca14c500c298fb9209e491c1"
 		logic_hash = "7fc1a629395b0558eecf2744dcb121a5b2cdbd51f4291a679f9526f21c4f21c0"
 		score = 40
@@ -226431,11 +226870,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realteksemiconductorcorporation_Rtspciewindowsx_
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - RtsPer.sys"
 		author = "Florian Roth"
 		id = "6a46843f-7e70-555a-9de7-cd04b562cc02"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10801-L10820"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10910-L10929"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "a1fa7d8275ccd14a6adc438ef4b950e7de4ed26fcbe4b3e184243663b03c83d6"
 		logic_hash = "927c9e4a956de81c5943d17cf81d0a1d5adfddb3c4e5ec9e9899bfeed01ee1a0"
 		score = 40
@@ -226461,11 +226900,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Advancedmicrodevices_Aoddriversys_Amdoverdrivese
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AODDriver.sys"
 		author = "Florian Roth"
 		id = "8ad51684-d220-51ff-ab94-3a4326f514ab"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10823-L10842"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10932-L10951"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "81d54ebef1716e195955046ffded498a5a7e325bf83e7847893aa3b0b3776d05"
 		logic_hash = "fc91d46473eecbc49e074df0c05a1dfee352d3607f9393a6836e37a1c071bdf6"
 		score = 40
@@ -226491,11 +226930,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realsilsemiconductorcorporation_Rtsusbwindowsx_W
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - RtsUer.sys"
 		author = "Florian Roth"
 		id = "37865300-811d-54f2-af8e-1bb720a181f2"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10845-L10864"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10954-L10973"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "39171fcaff172d6b38762acef3d3352f9a375e3db7e54a7b51261a53b3c94266"
 		logic_hash = "1235de8e713f8e5ae4f46ebd3f9a41462b8e43e4aea062978f648273cde2d7d1"
 		score = 40
@@ -226521,11 +226960,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Realixtm_Hwinfosys_Hwinfokerneldriver_EC9B : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - HWiNFO32.SYS"
 		author = "Florian Roth"
 		id = "a77a77da-6373-5298-86c3-88503aa6a7e5"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10867-L10886"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10976-L10995"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "ec9bd7fb90c3a2aa4605bd73fe1f74399e2cda75fd4c5fff84660ad4f797c4fe"
 		logic_hash = "e16906686623895cf9d6e3c58701f32d44b50b1fe85b95dcf3a8978a62f06a3c"
 		score = 40
@@ -226551,11 +226990,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_D7C7 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - sandra.sys"
 		author = "Florian Roth"
 		id = "37c763dd-7375-518a-afc8-d3ca5623987e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10889-L10908"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L10998-L11017"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d7c79238f862b471740aff4cc3982658d1339795e9ec884a8921efe2e547d7c3"
 		logic_hash = "146b74a7750951a07d2e8b64d25e0c0371fc6295b2ee843cf6a7d67c272555a7"
 		score = 40
@@ -226581,11 +227020,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorporation_Nvflash_Nvidiaflashdriver_AFDD
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvflash.sys"
 		author = "Florian Roth"
 		id = "f8e2c69d-d3fb-58f8-bc03-3ad5ce67f0bf"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10911-L10930"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11020-L11039"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "afdd66562dea51001c3a9de300f91fc3eb965d6848dfce92ccb9b75853e02508"
 		logic_hash = "f23537a1efc5e13efb9e145d6c04bb21c3dc7cd49d1913755528f08b94c316ac"
 		score = 40
@@ -226611,11 +227050,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_F85E : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "43ea92d7-a820-5ccc-b37f-05b96ead1246"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10933-L10952"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11042-L11061"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f85eb576acb5db0d2f48e5f09a7244165a876fa1ca8697ebb773e4d7071d4439"
 		logic_hash = "71bef9b60efad8f7bc149d93b94c37e59fd42f01ee01d7964c39ef0d79b997e0"
 		score = 40
@@ -226641,11 +227080,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Vektortsecurityservice_Vboxdrv_Antidetectpublicb
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxDrv.sys"
 		author = "Florian Roth"
 		id = "1ee8489d-ef29-5d5b-80f5-8f0a206eda3f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10955-L10974"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11064-L11083"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "26f41e4268be59f5de07552b51fa52d18d88be94f8895eb4a16de0f3940cf712"
 		logic_hash = "913dc412be3eaa31903d3fac94e07174789bb746bb382a5f1c08fea50541f6c6"
 		score = 40
@@ -226671,11 +227110,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_3C42 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "e4c649d8-941e-57d8-9193-a7e5c3de4671"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10977-L10996"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11086-L11105"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3c4207c90c97733fae2a08679d63fbbe94dfcf96fdfdf88406aa7ab3f80ea78f"
 		logic_hash = "b3e67939d8f6e6121c3d36dfe5ccb01c9cd2a2d5488053a9834c7cb147ac250e"
 		score = 40
@@ -226701,11 +227140,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asustekcomputerinc_Atsziosys_Atsziodriver_55A1 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ATSZIO.sys"
 		author = "Florian Roth"
 		id = "3bd64a09-bfa9-5b87-8048-60e61c1a61f7"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L10999-L11019"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11108-L11128"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "55a1535e173c998fbbc978009b02d36ca0c737340d84ac2a8da73dfc2f450ef9"
 		hash = "c64d4ac416363c7a1aa828929544d1c1d78cf032b39769943b851cfc4c0faafc"
 		logic_hash = "a6c5fd6c88e08f663479840ae853a0dd22427d0059f0c6aa961dcc1a395dacce"
@@ -226732,11 +227171,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Sbiosiosys_Samsungrbiosio
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - SBIOSIO64.sys"
 		author = "Florian Roth"
 		id = "d2eed5da-ca7c-5ae3-ab44-2a49f43ec409"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11022-L11042"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11131-L11151"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "b3d1bdd4ad819b99870b6e2ed3527dfc0e3ce27b929ad64382b9c3d4e332315c"
 		hash = "442d506c1ac1f48f6224f0cdd64590779aee9c88bdda2f2cc3169b862cba1243"
 		logic_hash = "5bcc568a4f4edc03e51801c4b256b34ed7f7ae08b7e00ca3f4bd7559502e3c76"
@@ -226763,11 +227202,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sisoftware_Sandra_Sisoftwaresandra_1AAF : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - sandra.sys"
 		author = "Florian Roth"
 		id = "9fc423bb-451b-52e8-ba81-7113cd1621c8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11045-L11064"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11154-L11173"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1aaf4c1e3cb6774857e2eef27c17e68dc1ae577112e4769665f516c2e8c4e27b"
 		logic_hash = "e441204be274ce4379526096008b545e2a53b11c26c270c2df0c1f70b98d1e57"
 		score = 40
@@ -226793,11 +227232,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - DcProtect.sys"
 		author = "Florian Roth"
 		id = "4be3fa3a-dec2-5906-99b0-024c8ed059a5"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11067-L11086"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11176-L11195"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1698ba7eeee6ff9272cc25b242af89190ff23fd9530f21aa8f0f3792412594f3"
 		logic_hash = "be362e0f19f3565a77b1dbd78ea04f85b7f56fd6889d8fa48ed9ded25134bc2e"
 		score = 40
@@ -226823,11 +227262,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Aegis_C901 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "a1c33a78-bef9-59fc-8976-876c1fe68aff"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11089-L11108"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11198-L11217"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c9014b03866bf37faa8fdb16b6af7cfec976aaef179fd5797d0c0bf8079d3a8c"
 		logic_hash = "2320a0cc02aa28c6495f553b2c7c9c0486599e510d8378dfb3f15b988ff90983"
 		score = 40
@@ -226853,11 +227292,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Symanteccorporation_Vproeventmonitorsys_Symantec
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VProEventMonitor.sys"
 		author = "Florian Roth"
 		id = "84fa4df8-ac81-5de0-994d-9d754642a01e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11111-L11130"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11220-L11239"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7877c1b0e7429453b750218ca491c2825dae684ad9616642eff7b41715c70aca"
 		logic_hash = "693ace66d01afcdd61fe23a3baa8b950153d38bdc386a43861005654c269cd3d"
 		score = 40
@@ -226883,11 +227322,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Wj_Kprocesshacker_C725 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - kprocesshacker.sys"
 		author = "Florian Roth"
 		id = "53a8740a-65a5-5eb5-afc5-b86058982071"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11133-L11151"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11242-L11260"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c725919e6357126d512c638f993cf572112f323da359645e4088f789eb4c7b8c"
 		logic_hash = "78c3a92f79cbbc31d9191da527bf834e366454f1b5109600aca7954ca4e77226"
 		score = 40
@@ -226912,11 +227351,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpot_Avastantivirus_7AD0 : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "e9db51b4-48a2-53a9-999d-5676d0a4aa91"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11154-L11173"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11263-L11282"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "7ad0ab23023bc500c3b46f414a8b363c5f8700861bc4745cecc14dd34bcee9ed"
 		logic_hash = "2cfb950364b5259679e0dcc7ebe34fd6703ae376b5e1717428a88f0c2ba823f5"
 		score = 40
@@ -226942,11 +227381,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_83A1 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "5164ae7c-795d-55fd-837a-e45a054fdd3e"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11176-L11195"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11285-L11304"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "83a1fabf782d5f041132d7c7281525f6610207b38f33ff3c5e44eb9444dd0cbc"
 		logic_hash = "16b76760cc8831b7e53cb5f12625cd1dcd059253aa195d763011ccc1cf48a2c5"
 		score = 40
@@ -226972,11 +227411,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_C082 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "36d4d011-edf0-53e8-9665-b75520140df3"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11198-L11217"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11307-L11326"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c082514317bf80a2f5129d84a5a55e411a95e32d03a4df1274537704c80e41dd"
 		logic_hash = "de63522d95ff422588d388c3533e268bd09fcf895d60277b7f7470ca7b1e9a33"
 		score = 40
@@ -227002,11 +227441,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Creativetechnologyinnovationcoltd_Ctiiosys_Ctiio
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - CtiIo64.sys"
 		author = "Florian Roth"
 		id = "3cc780a4-7b9c-516e-91a1-705f785922d2"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11220-L11239"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11329-L11348"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "2121a2bb8ebbf2e6e82c782b6f3c6b7904f686aa495def25cf1cf52a42e16109"
 		logic_hash = "58b715cbea724f7d8f946f613ec35fc3bf29cc34c1e32ebc2910d73092f96d83"
 		score = 40
@@ -227032,11 +227471,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Ssmartsoftwaresolutionsgmbh_Sysdrvs_Sysdrvs_0E53
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - SysDrv3S.sys"
 		author = "Florian Roth"
 		id = "9ace902a-a3bf-56fa-8eb8-99a82c1adf0b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11242-L11261"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11351-L11370"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0e53b58415fa68552928622118d5b8a3a851b2fc512709a90b63ba46acda8b6b"
 		logic_hash = "4d165a6f340f31b18e62ae9f35dd1c5e278217b949e6162119f0e512a262dc38"
 		score = 40
@@ -227062,11 +227501,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_14AD :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "0501fc8b-cc72-5c03-97cf-411051119ccf"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11264-L11283"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11373-L11392"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "14adbf0bc43414a7700e5403100cff7fc6ade50bebfab16a17acf2fdda5a9da8"
 		logic_hash = "157a559b87310d33a96c77208afd4ae9ceea23df99417408e413dee0be507dd3"
 		score = 40
@@ -227092,11 +227531,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Marvintestsolutionsinc_Hwsys_Hw_0483 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - hw.sys"
 		author = "Florian Roth"
 		id = "cfcc8aa0-6fde-56bd-8422-b9cbb559adce"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11286-L11305"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11395-L11414"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0483b32f9544e9c3cc3f206e7bc983ea83f5a9ca44864f2af9b8fc10ff45949f"
 		logic_hash = "30c9579c3df11a77899bab8bc0782ee00bf5cb8f08d10925a19de82c609b8373"
 		score = 40
@@ -227122,11 +227561,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Geintelligentplatformsinc_Gedevicedriver_Proficy
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - GEDevDrv.SYS"
 		author = "Florian Roth"
 		id = "d90e2248-2b47-51d5-a3d2-06a7b61bc95d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11308-L11328"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11417-L11437"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "cac5dc7c3da69b682097144f12a816530091d4708ca432a7ce39f6abe6616461"
 		hash = "51145a3fa8258aac106f65f34159d23c54b48b6d54ec0421748b3939ab6778eb"
 		logic_hash = "f3c26142b2f18490c79ea7a658397b9c029286a3040bf2159e3fcc76c4bbd788"
@@ -227153,11 +227592,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrserverddkprovider_Cpuzsys_Windowsrserver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - cpuz_x64.sys"
 		author = "Florian Roth"
 		id = "ddcb8217-640d-598d-9afd-a1c15d1bbb8c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11331-L11350"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11440-L11459"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "3871e16758a1778907667f78589359734f7f62f9dc953ec558946dcdbe6951e3"
 		logic_hash = "5613c77f79128bc7ac3bbe698dcd8be2fca2f59cb60a40ed97f0c80ba9aff690"
 		score = 40
@@ -227183,11 +227622,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Lowleveldriver_F941 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - GPU-Z.sys"
 		author = "Florian Roth"
 		id = "a65168c0-5f0e-5871-867b-bab6f42b3c21"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11353-L11369"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11462-L11478"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "f9418b5e90a235339a4a1a889490faca39cd117a51ba4446daa1011da06c7ecd"
 		logic_hash = "fdc81fdc11ac6db386f4c41c2c34ab9dbd8dd93836a6a91b9412288eca7f0411"
 		score = 40
@@ -227210,11 +227649,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_37C6 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iqvw64e.sys, iQVW64.SYS, IQVW32.sys, NalDrv.sys"
 		author = "Florian Roth"
 		id = "f4b17a75-3160-5a73-afe6-531c41fae197"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11372-L11391"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11481-L11500"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "37c637a74bf20d7630281581a8fae124200920df11ad7cd68c14c26cc12c5ec9"
 		logic_hash = "7ab6c3fe4c9cd61c171a71d631a8efc34121bac85e1abf5f281b150f4b6a77a5"
 		score = 40
@@ -227240,11 +227679,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Toshibacorporation_Nchgbiosxsys_Toshibabiospacka
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - NCHGBIOS2x64.SYS"
 		author = "Florian Roth"
 		id = "c0a7d14e-65aa-51e1-a2c1-88a7c56dce57"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11394-L11413"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11503-L11522"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "314384b40626800b1cde6fbc51ebc7d13e91398be2688c2a58354aa08d00b073"
 		logic_hash = "ce2da14c74299d4ad3ab5b882de8bfe810444f21711f2417291bd0298a480e71"
 		score = 40
@@ -227270,11 +227709,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_5439 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - zam64.sys, zamguard32.sys, zamguard64.sys"
 		author = "Florian Roth"
 		id = "f35db7b6-8a4b-5c26-9e00-da5c1c7780e8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11416-L11433"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11525-L11542"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "543991ca8d1c65113dff039b85ae3f9a87f503daec30f46929fd454bc57e5a91"
 		hash = "ab2632a4d93a7f3b7598c06a9fdc773a1b1b69a7dd926bdb7cf578992628e9dd"
 		logic_hash = "d43a364d3f39951140fa3b3395f1d74c306558a6c6946f665873e72377345949"
@@ -227298,11 +227737,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - procexp.Sys"
 		author = "Florian Roth"
 		id = "cd4dd891-8d86-5afa-83ed-1ad0997608de"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11436-L11455"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11545-L11564"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "30abc0cc700fdebc74e62d574addc08f6227f9c7177d9eaa8cbc37d5c017c9bb"
 		logic_hash = "7e1f69495559ca298a05ef6fb3817799b09d66013bae574ec585d27ef89b4dcc"
 		score = 40
@@ -227328,11 +227767,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Zemanaltd_Zam_DE8F : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - zam64.sys, zamguard32.sys, zamguard64.sys"
 		author = "Florian Roth"
 		id = "245da08c-d629-53cb-83fb-476f4fdd1512"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11458-L11474"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11567-L11583"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "de8f8006d8ee429b5f333503defa54b25447f4ed6aeade5e4219e23f3473ef1c"
 		logic_hash = "0cb5b26dd0cd26c77df642ea6bfffdcede293cdb1ecc15430241ab538f835162"
 		score = 40
@@ -227355,11 +227794,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Nvidiacorp_Nvoclocksys_Nvidiasystemutilitydriver
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - nvoclock.sys"
 		author = "Florian Roth"
 		id = "00b4e2c2-cb2b-5de7-be7f-67fd1ed5bb1f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11477-L11496"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11586-L11605"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "0fc0644085f956706ea892563309ba72f0986b7a3d4aa9ae81c1fa1c35e3e2d3"
 		logic_hash = "be5fef829971251225d9cbb72d173affd394c8cce6116b0b705c4b02409b6096"
 		score = 40
@@ -227385,11 +227824,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Supermicrocomputerinc_Phymem_Phymem_1963 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - phymem64.sys"
 		author = "Florian Roth"
 		id = "19673477-eb54-52d7-886e-ebf3216aa77b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11499-L11518"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11608-L11627"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1963d5a0e512b72353953aadbe694f73a9a576f0241a988378fa40bf574eda52"
 		logic_hash = "8f4cdca4c4bc91f216ee3d89093d482d6e56623a159c3eae6debc388cb9d108f"
 		score = 40
@@ -227415,11 +227854,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sysinternalswwwsysinternalscom_Procexpsys_Proces
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - procexp.Sys"
 		author = "Florian Roth"
 		id = "826ee893-06af-5dee-9436-ec3ea7ddd8d9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11521-L11541"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11630-L11650"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "16a2e578bc8683f17a175480fea4f53c838cfae965f1d4caa47eaf9e0b3415c1"
 		hash = "98a123b314cba2de65f899cdbfa386532f178333389e0f0fbd544aff85be02eb"
 		logic_hash = "ee91ed74d1577bc881a029a6790de6d41e0b9494bfeeceec4511b3d8b7c5cff2"
@@ -227446,11 +227885,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Vektortsecurityservice_Vboxdrv_Antidetectpublic_
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxDrv.sys"
 		author = "Florian Roth"
 		id = "e80a43d2-d96f-5fed-a5e1-3e1ea617542a"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11544-L11563"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11653-L11672"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "cfb7af8ac67a379e7869289aeee21837c448ea6f8ab6c93988e7aa423653bd40"
 		logic_hash = "8611a572b8366722e237d622b3701072f564f13a73dd71899dbde6faeab73ef8"
 		score = 40
@@ -227476,11 +227915,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Sunmicrosystemsinc_Vboxdrvsys_Sunvirtualbox_R_C8
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxDrv.sys"
 		author = "Florian Roth"
 		id = "b4cef531-b146-5c20-b429-a90beaad5712"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11566-L11585"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11675-L11694"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "c8940e2e9b069ec94f9f711150b313b437f8429f78d522810601b6ee8b52bada"
 		logic_hash = "4f0a6ffa08a2c219e47c6ae13f6cc6914fe7d0dccb0273bf0905dd9a71eb439f"
 		score = 40
@@ -227506,11 +227945,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Pinduoduoltdcorp_Vboxdrv_Pinduoduosecurevdi_9DAB
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - VBoxDrv.sys"
 		author = "Florian Roth"
 		id = "44e2c561-b9f4-5840-9e0c-53ffee5a3bd1"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11588-L11607"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11697-L11716"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9dab4b6fddc8e1ec0a186aa8382b184a5d52cfcabaaf04ff9e3767021eb09cf4"
 		logic_hash = "894060011b20c84849499127305d8f1d45621c5893f74d59c9278067a329a4d2"
 		score = 40
@@ -227536,11 +227975,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Tgsoftsas_Viragtsys_Viritagentsystem_18DE : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - viragt64.sys"
 		author = "Florian Roth"
 		id = "c3b0b3b0-9281-5d90-bf26-6c4c46c4143b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11610-L11629"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11719-L11738"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "18deed37f60b6aa8634dda2565a0485452487d7bce88afb49301a7352db4e506"
 		logic_hash = "d01aeb1783377e6067976e6955e63495706c96c8d6c113b393a47e6fe17992f0"
 		score = 40
@@ -227566,11 +228005,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "4affbef6-26ac-5087-a881-32fad34fd192"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11632-L11651"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11741-L11760"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "8cfd5b2102fbc77018c7fe6019ec15f07da497f6d73c32a31f4ba07e67ec85d9"
 		logic_hash = "5bc5d8a6cd02e9a684515ea333084c788353641cb29ff08f18a1066d533cf0ed"
 		score = 40
@@ -227596,11 +228035,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_D5C4 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "9994e1c0-b86b-578d-8002-554584e1de2b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11654-L11673"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11763-L11782"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "d5c4ff35eaa74ccdb80c7197d3d113c9cd38561070f2aa69c0affe8ed84a77c9"
 		logic_hash = "d6ad094f2e26ff574917770a94af31110f2ed68e47ee082ad4adfcd7376679a5"
 		score = 40
@@ -227626,11 +228065,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Wj_Kprocesshacker_7021 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - kprocesshacker.sys"
 		author = "Florian Roth"
 		id = "dd2a2bfd-12be-5cdb-8293-c51220015bd9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11676-L11694"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11785-L11803"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "70211a3f90376bbc61f49c22a63075d1d4ddd53f0aefa976216c46e6ba39a9f4"
 		logic_hash = "e5d17a5b57183c3a27815b5b64014e9d95f49129cd451c62380ba8e1b4d25be6"
 		score = 40
@@ -227655,11 +228094,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Trendmicroinc_Tmcommsys_Trendmicroeyes_76E8 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - TmComm.sys"
 		author = "Florian Roth"
 		id = "2d26b107-7fcb-5acd-94e4-ed18c399ad66"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11697-L11716"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11806-L11825"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "76e807b6c0214e66455f09a8de8faad40b738982ca84470f0043de0290449524"
 		logic_hash = "0a9822cd471bb7fdaab454e824e31e1dcd685f9226c4fa34af4f13dd228dc97b"
 		score = 40
@@ -227685,11 +228124,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Paragonsoftwaregmbh_Biontdrv_Paragonsystemutilit
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - BioNTdrv.sys"
 		author = "Florian Roth"
 		id = "e9f2040c-7222-5513-b8c5-9917beb2cf58"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11719-L11737"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11828-L11846"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "174c8d771d31d70fc95448e961a395f5ceb7658f0cc381a718fb3b854cde4efe"
 		logic_hash = "7476011ce35a732c1bd404636bacf63503e88e0463729041aa11221b92cc8d97"
 		score = 40
@@ -227714,11 +228153,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_5148 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "8685ea34-689e-5b00-8aeb-8f15dd7b3f25"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11740-L11759"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11849-L11868"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "51480eebbbfb684149842c3e19a8ffbd3f71183c017e0c4bc6cf06aacf9c0292"
 		logic_hash = "b36414a71e9bd69512ef0c702bf4f7b4bfdb812326a67a0e50f6f75f5c89c152"
 		score = 40
@@ -227744,11 +228183,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Biostargroup_Iodriver_Biostariodriver_1D03 : FIL
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - BS_HWMIO64_W10.sys"
 		author = "Florian Roth"
 		id = "ea157129-3347-5ba0-a115-928b4aef345f"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11762-L11781"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11871-L11890"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "1d0397c263d51e9fc95bcc8baf98d1a853e1c0401cd0e27c7bf5da3fba1c93a8"
 		logic_hash = "26e886b28b40a920558a652197a0d7a31fc5f7b239d3886fdf0f44da4590dabb"
 		score = 40
@@ -227774,11 +228213,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avgtechnologiesczsro_Aswarpotsys_Avginternetsecu
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "ec02c434-7918-5212-85f6-5ee417940b7c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11784-L11803"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11893-L11912"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e2e79f1e696f27fa70d72f97e448081b1fa14d59cbb89bb4a40428534dd5c6f6"
 		logic_hash = "9f77c427b54f1a940547cfc206b8d1aed0288d0664a5a124785c7fcec7b90507"
 		score = 40
@@ -227804,11 +228243,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - DcProtect.sys"
 		author = "Florian Roth"
 		id = "d5d84ed9-f0c5-54a8-8a7d-0006c1c98f1d"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11806-L11825"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11915-L11934"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "b2247e68386c1bdfd48687105c3728ebbad672daffa91b57845b4e49693ffd71"
 		logic_hash = "e1d35eb3ea6012cf8b742e97f08d797b4fd64bcc72bd7ebccb8ca33f11afad67"
 		score = 40
@@ -227834,11 +228273,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Intelcorporation_Iqvwsys_Intelriqvwsys_5F69 : FI
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - iQVW64.SYS"
 		author = "Florian Roth"
 		id = "04fdd9f7-605b-54ee-849d-44a50ef732d2"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11828-L11847"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11937-L11956"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "5f69d6b167a1eeca3f6ac64785c3c01976ee7303171faf998d65852056988683"
 		logic_hash = "0242a0398f90468dfc41eb04570a70d5072fe089b270feb1f5ab7fbd2c7a1ffc"
 		score = 40
@@ -227864,11 +228303,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Ngiodriversys_Avastng_5E3B : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - ngiodriver.sys"
 		author = "Florian Roth"
 		id = "f454f9bf-3dd3-5bb1-a5b5-c00f5356bd25"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11850-L11869"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11959-L11978"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "5e3bc2d7bc56971457d642458563435c7e5c9c3c7c079ef5abeb6a61fb4d52ea"
 		logic_hash = "893fe9de3a164fd33483d139e76db4c213c402f276bd285c9acefd76da1d2f38"
 		score = 40
@@ -227894,11 +228333,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Windowsrwinddkprovider_Dcprotectsys_Dcprotectrwi
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - DcProtect.sys"
 		author = "Florian Roth"
 		id = "38c59d28-a35d-57f5-ad0e-7822e3381b53"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11872-L11891"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L11981-L12000"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9dee9c925f7ea84f56d4a2ad4cf9a88c4dac27380887bf9ac73e7c8108066504"
 		logic_hash = "e7f65896009629498b16fdacd7dcdaafae8336365e621f791e880c108bbab75b"
 		score = 40
@@ -227924,11 +228363,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_9679 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "a1b5efd0-2dd2-5c54-86b6-12684d6ea56b"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11894-L11913"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L12003-L12022"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "9679758455c69877fce866267d60c39d108b495dca183954e4af869902965b3d"
 		logic_hash = "fa486cd644c20c827abc8568933d8537c254cff445f2aef520775e119b6db067"
 		score = 40
@@ -227954,11 +228393,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Elaboratebytesag_Elbycdio_Cdrtools_8137 : FILE
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - elbycdio.sys"
 		author = "Florian Roth"
 		id = "0e696bff-b5da-5116-a5a7-341b6c3098b8"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11916-L11935"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L12025-L12044"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "8137ce22d0d0fc5ea5b174d6ad3506a4949506477b1325da2ccb76511f4c4f60"
 		logic_hash = "cd4ace0ee1000ec8367bdca57423f311d0993d54359e4b3ca6a503738ba07b3b"
 		score = 40
@@ -227984,11 +228423,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Asmediatechnologyinc_Asmiosys_Asmediapcidriver_E
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - AsmIo64.sys"
 		author = "Florian Roth"
 		id = "196ff2dc-bbf5-5728-bcc9-29fa774b1e84"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11938-L11957"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L12047-L12066"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "e4658d93544f69f5cb9aa6d9fec420fecc8750cb57e1e9798da38c139d44f2eb"
 		logic_hash = "93c9c472f0664eabf5aeba70babe66f974fd79eaf37b65987c396e35faea4d4b"
 		score = 40
@@ -228014,11 +228453,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Paragonsoftwaregmbh_Biontdrv_Paragonsystemutilit
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - BioNTdrv.sys"
 		author = "Florian Roth"
 		id = "4c894211-9f20-562f-9e96-49c39fa690bf"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11960-L11978"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L12069-L12087"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "fb0dbc3b9c897b7571b94fb2203ffb1ac0facfe366b2cb1f91904ea5335018f0"
 		logic_hash = "1595824ab80a148d35a7dd7b389e14a6a2d7626e0ed7a49956a2574ff41f8b50"
 		score = 40
@@ -228043,11 +228482,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Pulsesecurellc_Neofltr_Secureapplicationmanager_
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - jnprva.sys, neofltr.sys"
 		author = "Florian Roth"
 		id = "64001b48-e8f6-562c-ba15-0fe98882781c"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L11981-L12000"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L12090-L12109"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "8dbc28fefb8cf9377be55a7c6062988df5a24f0ff475f6dd65cf07fe5173f51d"
 		logic_hash = "2bd8b8400552d8a0d8aced78dc5ca87f69d6495229d3eae7eb4a1e63a218cf3f"
 		score = 40
@@ -228073,11 +228512,11 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_4DA0 :
 		description = "Detects vulnerable driver mentioned in LOLDrivers project using VersionInfo values from the PE header - aswArPot.sys, avgArPot.sys"
 		author = "Florian Roth"
 		id = "bde91bb0-9211-5fea-b725-d556c5a3ccc9"
-		date = "2025-07-03"
-		modified = "2025-07-05"
+		date = "2025-09-18"
+		modified = "2025-09-18"
 		reference = "https://github.com/magicsword-io/LOLDrivers"
-		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/detections/yara/yara-rules_vuln_drivers_strict.yar#L12003-L12022"
-		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cad627f8aeb44e27f87c4cdc9033f80fcf73fb33/LICENSE"
+		source_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/detections/yara/yara-rules_vuln_drivers_strict.yar#L12112-L12131"
+		license_url = "https://github.com/magicsword-io/LOLDrivers//blob/cd02284889343e13b85c860dac34c146409219b1/LICENSE"
 		hash = "4da08c0681fbe028b60a1eaf5cb8890bd3eba4d0e6a8b976495ddcd315e147ba"
 		logic_hash = "c8f2c5a171d1a7192a2eaeae0ab70ce97956b93e68db7a41265e54480bd582f1"
 		score = 40
@@ -228101,7 +228540,7 @@ rule LOLDRIVERS_PUA_VULN_Driver_Avastsoftware_Aswarpotsys_Avastantivirus_4DA0 :
  * YARA Rule Set
  * Repository Name: SEKOIA
  * Repository: https://github.com/SEKOIA-IO/Community
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: a47734fa931e56f8646dab2abf31629431982429
  * Number of Rules: 746
  * Skipped: 0 (age), 3 (quality), 0 (score), 0 (importance)
@@ -231600,7 +232039,7 @@ rule SEKOIA_Implant_Win_Flagpro : FILE
 		license_url = "https://github.com/SEKOIA-IO/Community/blob/a47734fa931e56f8646dab2abf31629431982429/LICENSE.md"
 		logic_hash = "eb1aba9924af474d6d890572a9bf72e0d1aa5dc31dd4cc34648195b0207ab4d6"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "FILE"
 		version = "1.0"
 		classification = "TLP:CLEAR"
@@ -235584,7 +236023,7 @@ rule SEKOIA_Emmenhtal_Strings_Hta_Exe : FILE
 		hash = "e86a22f1c73b85678e64341427c7193ba65903f3c0f29af2e65d7c56d833d912"
 		logic_hash = "93f85a4ccb58c6aeb664c4c843ff80a4ab7b4308a944537f7ebe087515a61659"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "FILE"
 		version = "1.0"
 		classification = "TLP:CLEAR"
@@ -235856,7 +236295,7 @@ rule SEKOIA_Technique_Csv_Dde_Exec_Regex : FILE
 		license_url = "https://github.com/SEKOIA-IO/Community/blob/a47734fa931e56f8646dab2abf31629431982429/LICENSE.md"
 		logic_hash = "fd4c64ad094b8ed543cc6990f2e4f341bb38ba0b4d335347e5676475da94dc06"
 		score = 75
-		quality = 28
+		quality = 53
 		tags = "FILE"
 		version = "1.0"
 		classification = "TLP:CLEAR"
@@ -237258,7 +237697,7 @@ rule SEKOIA_Infostealer_Win_Solarmarker_Powershell : FILE
 		license_url = "https://github.com/SEKOIA-IO/Community/blob/a47734fa931e56f8646dab2abf31629431982429/LICENSE.md"
 		logic_hash = "32267cf7e03ed65da969aeeff5ef5d7291e47446ea11a4b391f085967e8aa67d"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "FILE"
 		version = "1.0"
 		classification = "TLP:CLEAR"
@@ -242129,7 +242568,7 @@ rule SEKOIA_Loader_Win_Purecrypter : FILE
 		license_url = "https://github.com/SEKOIA-IO/Community/blob/a47734fa931e56f8646dab2abf31629431982429/LICENSE.md"
 		logic_hash = "5d0d733a4f8447d2d51656a20640fc9482581e19ba1d53fed7d98e85bb748763"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "FILE"
 		version = "1.0"
 		classification = "TLP:CLEAR"
@@ -242403,7 +242842,7 @@ rule SEKOIA_Loader_Win_Batloader_Scripts : FILE
 		license_url = "https://github.com/SEKOIA-IO/Community/blob/a47734fa931e56f8646dab2abf31629431982429/LICENSE.md"
 		logic_hash = "aab6c7780bbc7bed8994b4e70129107bb7b719642fae92b1d3f9146eb11efabc"
 		score = 75
-		quality = 55
+		quality = 80
 		tags = "FILE"
 		version = "1.0"
 		classification = "TLP:CLEAR"
@@ -251109,7 +251548,7 @@ rule SEKOIA_Backdoor_Powershellempire_Gen : FILE
  * YARA Rule Set
  * Repository Name: Synacktiv
  * Repository: https://github.com/synacktiv/synacktiv-rules
- * Retrieval Date: 2025-09-07
+ * Retrieval Date: 2025-09-21
  * Git Commit: 81b4591c31165a77783671ea63d64ac79c2e84c7
  * Number of Rules: 3
  * Skipped: 0 (age), 0 (quality), 0 (score), 0 (importance)
@@ -251315,10 +251754,10 @@ rule SYNACKTIV_SYNACKTIV_WEBSHELL_ASPX_Suo5_May25 : WEBSHELL COMMODITY FILE
  * YARA Rule Set
  * Repository Name: Signature Base
  * Repository: https://github.com/Neo23x0/signature-base
- * Retrieval Date: 2025-09-07
- * Git Commit: 246b83ab6e030ba699da86296b851027328a9e98
- * Number of Rules: 4366
- * Skipped: 0 (age), 9 (quality), 4 (score), 0 (importance)
+ * Retrieval Date: 2025-09-21
+ * Git Commit: e1e4eeda2287ab19e4f674bafa0049e43f12605e
+ * Number of Rules: 4370
+ * Skipped: 0 (age), 7 (quality), 4 (score), 0 (importance)
  *
  *
  * LICENSE
@@ -251372,8 +251811,8 @@ private rule SIGNATURE_BASE_Hatman_Mftmsr_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hatman.yar#L65-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hatman.yar#L65-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a03a3f5c583843acb216a8edefceaa1e89248fe72db49bcd906d2183998b1674"
 		score = 75
 		quality = 85
@@ -251397,8 +251836,8 @@ private rule SIGNATURE_BASE_Hatman_Origcode_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hatman.yar#L58-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hatman.yar#L58-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f6286e084bdbf3e2730a1aa3b7e302c1611c987447e083780e2d03000d1d226e"
 		score = 75
 		quality = 85
@@ -251420,8 +251859,8 @@ private rule SIGNATURE_BASE_Hatman_Loadoff_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hatman.yar#L74-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hatman.yar#L74-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "70d33c40b919d1852eded8c4afa96978c8b4503f95fb4a48e1d8b89864b77d38"
 		score = 75
 		quality = 85
@@ -251445,8 +251884,8 @@ private rule SIGNATURE_BASE_Hatman_Origaddr_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hatman.yar#L51-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hatman.yar#L51-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e9f775326dc0496662fbec98438e0273c51a88a434542dfcabd6e8b11131ab3e"
 		score = 75
 		quality = 85
@@ -251468,8 +251907,8 @@ private rule SIGNATURE_BASE_Hatman_Memcpy_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hatman.yar#L29-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hatman.yar#L29-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1e1566cc09e1ddd70cdb3b199f6972931f84a29ae2ef4815a5ecf1fe42afe42b"
 		score = 75
 		quality = 85
@@ -251493,8 +251932,8 @@ private rule SIGNATURE_BASE_Hatman_Nullsub_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hatman.yar#L45-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hatman.yar#L45-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7e7a7494e68450a03aeddfaa1fd0a3fb3cff06684d5bb0c4615571e698293fe3"
 		score = 75
 		quality = 85
@@ -251515,8 +251954,8 @@ private rule SIGNATURE_BASE_Hatman_Dividers_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hatman.yar#L38-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hatman.yar#L38-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "92ec47ea81b78ec9b05f5c17164daaef7112c8590b4443f70cf3bf2efd108e1f"
 		score = 75
 		quality = 85
@@ -251538,8 +251977,8 @@ private rule SIGNATURE_BASE_Hatman_Setstatus_PRIVATE : HATMAN
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hatman.yar#L21-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hatman.yar#L21-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "264292bbc479413bf70f05b96bcea3c856906eb8c711720831bea9b887a7ffb0"
 		score = 75
 		quality = 85
@@ -251562,8 +252001,8 @@ rule SIGNATURE_BASE_Eternalrocks_Taskhost : FILE
 		date = "2017-05-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/stamparm/status/864865144748298242"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_eternalrocks.yar#L12-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_eternalrocks.yar#L12-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "45e5295f34280078c586c4cb643dba65aed63beffb1d6ded05de03403caf273a"
 		score = 75
 		quality = 85
@@ -251590,8 +252029,8 @@ rule SIGNATURE_BASE_Eternalrocks_Svchost : FILE
 		date = "2017-05-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/stamparm/status/864865144748298242"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_eternalrocks.yar#L32-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_eternalrocks.yar#L32-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "989df6d582949adbc4e0e2063c99d9ad83c367cedae1030dc23aade091216602"
 		score = 75
 		quality = 85
@@ -251617,8 +252056,8 @@ rule SIGNATURE_BASE_Sliver_Implant_32Bit_1
 		date = "2022-11-18"
 		modified = "2025-03-21"
 		reference = "https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_gcti_sliver.yar#L26-L94"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_gcti_sliver.yar#L26-L94"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "911f4106350871ddb1396410d36f2d2eadac1166397e28a553b28678543a9357"
 		logic_hash = "3fec6fbba86a24b395e58f02fb35a60b1b9a4b941b4d85c060cc6159c6aa8265"
 		score = 75
@@ -251648,8 +252087,8 @@ rule SIGNATURE_BASE_Sliver_Implant_64Bit_1
 		date = "2022-11-18"
 		modified = "2025-03-21"
 		reference = "https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_gcti_sliver.yar#L112-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_gcti_sliver.yar#L112-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2d1c9de42942a16c88a042f307f0ace215cdc67241432e1152080870fe95ea87"
 		logic_hash = "ccfd944a5bc6521c89d44572910e2998e2404d472a593f9d97224d606d247bcd"
 		score = 75
@@ -251678,8 +252117,8 @@ rule SIGNATURE_BASE_Octowave_Installer_03_2025 : FILE
 		date = "2025-03-28"
 		modified = "2025-04-08"
 		reference = "https://x.com/CyberRaiju/status/1893450184224362946?t=u0X6ST2Qgnrf-ujjphGOSg&s=19"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_octowave_installer_mar25.yar#L1-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_octowave_installer_mar25.yar#L1-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "14b6247cf619ecb8f14fc0a860fa4285e58db2defa15488cda1b2431b3e3e980"
 		score = 75
 		quality = 60
@@ -251718,8 +252157,8 @@ rule SIGNATURE_BASE_Sharpcat : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/SharpCat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_sharpcat.yar#L8-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_sharpcat.yar#L8-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4a38812b07b40bdde03049dbff1f9de38cadaf9941ab8b40b84016b1d5cbfd51"
 		score = 75
 		quality = 85
@@ -251744,8 +252183,8 @@ rule SIGNATURE_BASE_MAL_WIPER_Unknown_Jun25 : FILE
 		date = "2025-06-19"
 		modified = "2025-07-01"
 		reference = "https://x.com/cyb3rops/status/1935707307805134975"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_wipers_jun25.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_wipers_jun25.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "64569f65814d63e55ea938e3dd9bd359da4597328887bdacf37bb5545ea32424"
 		score = 75
 		quality = 35
@@ -251769,8 +252208,8 @@ rule SIGNATURE_BASE_SUSP_LNX_SH_Disk_Wiper_Script_Jun25 : FILE
 		date = "2025-06-19"
 		modified = "2025-07-01"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_wipers_jun25.yar#L23-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_wipers_jun25.yar#L23-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "99a0a393c2a636c10195c7ad85f3b282a30ba05fbc0f0db7fc04b0f79fbc6760"
 		score = 65
 		quality = 85
@@ -251794,8 +252233,8 @@ rule SIGNATURE_BASE_SUSP_PY_Pyinstaller_Swiper_Jun25 : FILE
 		date = "2025-06-19"
 		modified = "2025-07-01"
 		reference = "https://x.com/cyb3rops/status/1935707307805134975"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_wipers_jun25.yar#L41-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_wipers_jun25.yar#L41-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "824bdda031336b2d9a60b09bfa36e68a2e03159b217c9c25dd708df454144e1e"
 		score = 65
 		quality = 85
@@ -251820,8 +252259,8 @@ rule SIGNATURE_BASE_APT_MAL_IR_Druidfly_Wiper_Jun25 : FILE
 		date = "2025-06-21"
 		modified = "2025-07-01"
 		reference = "https://x.com/threatintel/status/1936049254432231444"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_wipers_jun25.yar#L61-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_wipers_jun25.yar#L61-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9d3872506b03ea03a2c3cd7304c6b2d9dfafa04a29e19dc9be4924eaaa5db2d6"
 		score = 80
 		quality = 85
@@ -251849,8 +252288,8 @@ rule SIGNATURE_BASE_Ransom_Lockergoga_Mar19_1 : FILE
 		date = "2019-03-19"
 		modified = "2023-12-05"
 		reference = "https://www.nrk.no/norge/skreddersydd-dobbeltangrep-mot-hydro-1.14480202"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ransom_lockergoga.yar#L2-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ransom_lockergoga.yar#L2-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "076d799113f5bf6c00aa29895cca83ff86e89706cf15ca6971a991d345d0ad65"
 		score = 75
 		quality = 85
@@ -251884,14 +252323,14 @@ rule SIGNATURE_BASE_MAL_ZIP_Socgholish_Mar21_1 : ZIP JS SOCGHOLISH FILE
 		date = "2021-03-29"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_socgholish.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_socgholish.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4f6566c145be5046b6be6a43c64d0acae38cada5eb49b2f73135b3ac3d6ba770"
 		hash = "54f756fbf8c20c76af7c9f538ff861690800c622d1c9db26eb3afedc50835b09"
 		hash = "dfdbec1846b74238ba3cfb8c7580c64a0fa8b14b6ed2b0e0e951cc6a9202dd8d"
 		logic_hash = "6621b029f65720e468bd167fcd7429a1f7ba8975298ddbd913b13fbe9e117df2"
 		score = 75
-		quality = 35
+		quality = 60
 		tags = "ZIP, JS, SOCGHOLISH, FILE"
 
 	strings:
@@ -251913,8 +252352,8 @@ rule SIGNATURE_BASE_EXT_MAL_JS_Socgholish_Mar21_1 : JS SOCGHOLISH FILE
 		date = "2021-03-29"
 		modified = "2023-01-02"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_socgholish.yar#L25-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_socgholish.yar#L25-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7ccbdcde5a9b30f8b2b866a5ca173063dec7bc92034e7cf10e3eebff017f3c23"
 		hash = "f6d738baea6802cbbb3ae63b39bf65fbd641a1f0d2f0c819a8c56f677b97bed1"
 		hash = "c7372ffaf831ad963c0a9348beeaadb5e814ceeb878a0cc7709473343d63a51c"
@@ -251947,8 +252386,8 @@ rule SIGNATURE_BASE_Socgholish_JS_22_02_2022 : FILE
 		date = "2022-02-22"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_socgholish.yar#L53-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_socgholish.yar#L53-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3e14d04da9cc38f371961f6115f37c30"
 		hash = "dffa20158dcc110366f939bd137515c3"
 		hash = "afee3af324951b1840c789540d5c8bff"
@@ -251976,8 +252415,8 @@ rule SIGNATURE_BASE_Duqu1_5_Modules
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://medium.com/chronicle-blog/who-is-gossipgirl-3b4170f846c0"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_duqu1_5_modules.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_duqu1_5_modules.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bb3961e2b473c22c3d5939adeb86819eb846ccd07f5736abb5e897918580aace"
 		logic_hash = "795107e227cfb73f6ea09fcdb078f8b57a30d47a2cb702b2d47cc936dea5ae9f"
 		score = 75
@@ -252003,8 +252442,8 @@ rule SIGNATURE_BASE_APT_APT28_Generic_Poco_Openssl
 		date = "2020-08-13"
 		modified = "2023-12-05"
 		reference = "https://www.nsa.gov/news-features/press-room/Article/2311407/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecu/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt28_drovorub.yar#L1-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt28_drovorub.yar#L1-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b6a78c358b3aee6b172ec29e72ce810c6fbf332f180d5879f0889f47688225e1"
 		score = 50
 		quality = 85
@@ -252032,8 +252471,8 @@ rule SIGNATURE_BASE_APT_APT28_Drovorub_Library_And_Unique_Strings : FILE
 		date = "2020-08-13"
 		modified = "2023-12-05"
 		reference = "https://www.nsa.gov/news-features/press-room/Article/2311407/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecu/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt28_drovorub.yar#L23-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt28_drovorub.yar#L23-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "adb0d4cb6d589213e6a125d3cc20fcea8164b697bdd24d897ce75e7c7f06120a"
 		score = 75
 		quality = 85
@@ -252060,8 +252499,8 @@ rule SIGNATURE_BASE_APT_APT28_Drovorub_Unique_Network_Comms_Strings
 		date = "2020-08-13"
 		modified = "2023-12-05"
 		reference = "https://www.nsa.gov/news-features/press-room/Article/2311407/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecu/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt28_drovorub.yar#L44-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt28_drovorub.yar#L44-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8c82766b76c36fe64c6aa99577e1997d7181dbd36a4c27329845ae8a413f5327"
 		score = 75
 		quality = 85
@@ -252098,8 +252537,8 @@ rule SIGNATURE_BASE_Cheshirecat_Sample2 : FILE
 		date = "2015-08-08"
 		modified = "2023-12-05"
 		reference = "https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cheshirecat.yar#L11-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cheshirecat.yar#L11-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "dc18850d065ff6a8364421a9c8f9dd5fcce6c7567f4881466cee00e5cd0c7aa8"
 		logic_hash = "4dd299cfe36545dba5ccac22d2eedc405f548fe5f976514d1cfa8238b472782c"
 		score = 70
@@ -252127,8 +252566,8 @@ rule SIGNATURE_BASE_Cheshirecat_Gen1 : FILE
 		date = "2015-08-08"
 		modified = "2023-12-05"
 		reference = "https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cheshirecat.yar#L35-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cheshirecat.yar#L35-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d1bbda9340bc2d2fcefd6bf9a3c30fe0b99c66fb978b3a4583f17c521cfcf4b0"
 		score = 90
 		quality = 85
@@ -252173,8 +252612,8 @@ rule SIGNATURE_BASE_Cheshirecat_Gen2 : FILE
 		date = "2015-08-08"
 		modified = "2023-12-05"
 		reference = "https://malware-research.org/prepare-father-of-stuxnet-news-are-coming/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cheshirecat.yar#L76-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cheshirecat.yar#L76-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3c5d6ce6cc09c416d3449f7f5fc09139ce9271b69d743832b4b2548682e4ddf1"
 		score = 70
 		quality = 85
@@ -252213,8 +252652,8 @@ rule SIGNATURE_BASE_Gen_Macro_Shellexecute_Action : FILE
 		date = "2019-01-08"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ItsReallyNick/status/1091170625698316288"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_macro_ShellExecute_action.yar#L1-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_macro_ShellExecute_action.yar#L1-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "da40175579f7d76d10ad0188851f111ba5d875ce990b2940166dd28eac2a742d"
 		score = 75
 		quality = 85
@@ -252249,8 +252688,8 @@ rule SIGNATURE_BASE_MAL_Netfilter_Dropper_Jun_2021_1_1 : FILE
 		date = "2020-06-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/struppigel/status/1405483373280235520"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_netfilter.yar#L4-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_netfilter.yar#L4-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b70eb5d2d234d0f523c41fa146f315cf7239bbe7a988b393e75ea6cf6aa438d3"
 		score = 75
 		quality = 85
@@ -252280,8 +252719,8 @@ rule SIGNATURE_BASE_MAL_Netfilter_May_2021_1_1 : FILE
 		date = "2020-06-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/struppigel/status/1405483373280235520"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_netfilter.yar#L28-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_netfilter.yar#L28-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ba72bbc38c27d0c8d6eea7d513c3ca40276edd929c93abae4098639f7d7649a5"
 		score = 75
 		quality = 83
@@ -252313,11 +252752,11 @@ rule SIGNATURE_BASE_LOG_EXPL_Sharepoint_CVE_2023_29357_Sep23_1 : CVE_2023_29357
 		date = "2023-09-28"
 		modified = "2023-10-01"
 		reference = "https://twitter.com/Gi7w0rm/status/1706764212704591953?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_sharepoint_cve_2023_29357.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_sharepoint_cve_2023_29357.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "03e3a4715c8683dc8d03ad6720c1c9b40482bd0bfa3020aa1152565ec9ec929f"
 		score = 70
-		quality = 35
+		quality = 85
 		tags = "CVE-2023-29357"
 
 	strings:
@@ -252335,8 +252774,8 @@ rule SIGNATURE_BASE_HKTL_EXPL_POC_PY_Sharepoint_CVE_2023_29357_Sep23_1 : CVE_202
 		date = "2023-10-01"
 		modified = "2023-10-01"
 		reference = "https://github.com/Chocapikk/CVE-2023-29357"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_sharepoint_cve_2023_29357.yar#L22-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_sharepoint_cve_2023_29357.yar#L22-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fec7762ab23ba5ee9e793000d080b1d64b93157c6ead9e6939ccfb3c168dd360"
 		score = 80
 		quality = 85
@@ -252357,8 +252796,8 @@ rule SIGNATURE_BASE_HKTL_EXPL_POC_NET_Sharepoint_CVE_2023_29357_Sep23_1 : CVE_20
 		date = "2023-10-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/LuemmelSec/CVE-2023-29357"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_sharepoint_cve_2023_29357.yar#L37-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_sharepoint_cve_2023_29357.yar#L37-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cf621cc9c5074f531df61623b09db68478e94ae6a9a7acc26aa8d9dde79bd30c"
 		score = 80
 		quality = 85
@@ -252386,8 +252825,8 @@ rule SIGNATURE_BASE_Wmimplant
 		date = "2017-03-24"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2017/03/wmimplant_a_wmi_ba.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_wmi_implant.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_wmi_implant.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6422514d25b723e7ab92c1af1301e51d9a93aa41da98791d96c4754a91b5a18e"
 		score = 75
 		quality = 85
@@ -252415,8 +252854,8 @@ rule SIGNATURE_BASE_Neuron_Common_Strings : FILE
 		date = "2017-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/turla-group-malware"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_neuron.yar#L9-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_neuron.yar#L9-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d1d7a96fcadc137e80ad866c838502713db9cdfe59939342b8e3beacf9c7fe29"
 		logic_hash = "5f7a704fa0b6892b40868689c876e2f8252bb7319424212454408cbdf66f0b9f"
 		score = 75
@@ -252448,8 +252887,8 @@ rule SIGNATURE_BASE_Nautilus_Forensic_Artificats
 		date = "2017-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/turla-group-malware"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_neuron.yar#L98-L125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_neuron.yar#L98-L125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "17ae559a4640636f1285c7078a4366954d5a41c098419db32315e354f0ae619d"
 		score = 60
 		quality = 85
@@ -252485,8 +252924,8 @@ rule SIGNATURE_BASE_Windowsshell_S3 : FILE
 		date = "2016-03-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/odzhan/shells/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_winshells.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_winshells.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "344575a58db288c9b5dacc654abc36d38db2e645acff05e894ff51183c61357d"
 		logic_hash = "b9274f909b50247a4f5111a14806faadba7814e26805bef7d61eaaf8be4b46ed"
 		score = 75
@@ -252517,8 +252956,8 @@ rule SIGNATURE_BASE_Windosshell_S1 : FILE
 		date = "2016-03-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/odzhan/shells/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_winshells.yar#L33-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_winshells.yar#L33-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4a397497cfaf91e05a9b9d6fa6e335243cca3f175d5d81296b96c13c624818bd"
 		logic_hash = "29fcddc549c615ca5cdda60272926671bc1446c3c7b51c9a2fd867b6b68858b2"
 		score = 75
@@ -252548,8 +252987,8 @@ rule SIGNATURE_BASE_Windowsshell_S4 : FILE
 		date = "2016-03-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/odzhan/shells/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_winshells.yar#L55-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_winshells.yar#L55-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f00a1af494067b275407c449b11dfcf5cb9b59a6fac685ebd3f0eb193337e1d6"
 		logic_hash = "fff280debdd32a736e37a73800f226bf6def5dd107abd1d9237d92904622c9ec"
 		score = 75
@@ -252579,8 +253018,8 @@ rule SIGNATURE_BASE_Windowsshell_Gen : FILE
 		date = "2016-03-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/odzhan/shells/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_winshells.yar#L79-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_winshells.yar#L79-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "753dd12f649bcbfcc2c60a2f3be27df5297a671a0ee1856093eed04113616581"
 		score = 75
 		quality = 85
@@ -252610,8 +253049,8 @@ rule SIGNATURE_BASE_Windowsshell_Gen2 : FILE
 		date = "2016-03-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/odzhan/shells/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_winshells.yar#L101-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_winshells.yar#L101-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c5ce27554b2ee25b974b567ef5a9ae877906250073da477f0ab5d71d162ac81a"
 		score = 75
 		quality = 85
@@ -252642,8 +253081,8 @@ rule SIGNATURE_BASE_Ping_Command_In_EXE : FILE
 		date = "2016-11-03"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1ea24774471eade7b7c50f0eae520e2b30dbec693e162b83ab0074465f179372"
 		score = 60
 		quality = 85
@@ -252665,8 +253104,8 @@ rule SIGNATURE_BASE_Googlebot_Useragent : FILE
 		date = "2017-01-27"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L17-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L17-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa6cc3625d3740b91d7f1193cea0bdb621ae9445e42300123b01e322f715b976"
 		score = 65
 		quality = 85
@@ -252689,11 +253128,11 @@ rule SIGNATURE_BASE_Gen_Net_Localgroup_Administrators_Add_Command : FILE
 		date = "2017-07-08"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L34-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L34-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "af4d7c8586022583e2019bbdc3638704e1d237b25e3c214f3bc2db64c58c8bd3"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 
@@ -252712,8 +253151,8 @@ rule SIGNATURE_BASE_Suspicious_Script_Running_From_HTTP
 		date = "2017-08-20"
 		modified = "2025-03-21"
 		reference = "https://www.hybrid-analysis.com/sample/a112274e109c5819d54aa8de89b0e707b243f4929a83e77439e3ff01ed218a35?environmentId=100"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L48-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L48-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "49ead238b9153886ddbcfe37939628fd848283373e2807797d0849559ebecf6c"
 		score = 50
 		quality = 85
@@ -252738,8 +253177,8 @@ rule SIGNATURE_BASE_Reconcommands_In_File : FILE
 		date = "2017-12-11"
 		modified = "2025-03-21"
 		reference = "https://twitter.com/haroonmeer/status/939099379834658817"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L66-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L66-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "73b4bcf76f42a6bf9c3d9dfe3f4e754ce2856e03a47cfd35388d47290209e65d"
 		score = 40
 		quality = 85
@@ -252768,8 +253207,8 @@ rule SIGNATURE_BASE_VBS_Dropper_Script_Dec17_1 : FILE
 		date = "2018-01-01"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L88-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L88-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f3c55bd6bf382891263887e46a794329c78bff87b7685088911261fc3b3b133d"
 		score = 80
 		quality = 85
@@ -252796,8 +253235,8 @@ rule SIGNATURE_BASE_SUSP_PDB_Strings_Keylogger_Backdoor : HIGHVOL FILE
 		date = "2018-03-23"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L109-L130"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L109-L130"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9a842ff8cd8be98a2e37a81706a9c594e8bf1bcc6bd3cedfe4747cd52f6044f5"
 		score = 65
 		quality = 85
@@ -252826,8 +253265,8 @@ rule SIGNATURE_BASE_SUSP_Microsoft_Copyright_String_Anomaly_2 : FILE
 		date = "2018-05-11"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L132-L146"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L132-L146"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "60bc5d8d0853f474b81d2274a65977a12a481e4b669b38ae47a325eeb60d2735"
 		score = 60
 		quality = 85
@@ -252850,8 +253289,8 @@ rule SIGNATURE_BASE_SUSP_LNK_File_Appdata_Roaming : FILE
 		date = "2018-05-16"
 		modified = "2025-03-21"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/05/deep-dive-into-rig-exploit-kit-delivering-grobios-trojan.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L148-L168"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L148-L168"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5e5c78d3fe3fcdbfb097f833fbb1e15ad1f79e63b330eaba754d8b5296b5165a"
 		score = 50
 		quality = 85
@@ -252876,8 +253315,8 @@ rule SIGNATURE_BASE_SUSP_LNK_File_Pathtraversal : FILE
 		date = "2018-05-16"
 		modified = "2025-03-21"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/05/deep-dive-into-rig-exploit-kit-delivering-grobios-trojan.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L170-L186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L170-L186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9935c454518abe7fd4ec4f09e36e4200ec7c9f3b3ad004e9b49d60c08f508236"
 		score = 40
 		quality = 85
@@ -252899,8 +253338,8 @@ rule SIGNATURE_BASE_SUSP_Script_Obfuscation_Char_Concat
 		date = "2018-10-04"
 		modified = "2025-03-21"
 		reference = "https://twitter.com/JaromirHorejsi/status/1047084277920411648"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L188-L200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L188-L200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "28b648e0e1c22fefa49a937f40bd4ed09c5d3894ff059979bad69e8bc98fcac2"
 		score = 65
 		quality = 85
@@ -252922,8 +253361,8 @@ rule SIGNATURE_BASE_SUSP_Powershell_IEX_Download_Combo
 		date = "2018-10-04"
 		modified = "2025-03-21"
 		reference = "https://twitter.com/JaromirHorejsi/status/1047084277920411648"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L202-L218"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L202-L218"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0a1507859354e0e0d9284befcf777c4d3883496eb96524a246a1df4f3a247aa9"
 		score = 65
 		quality = 85
@@ -252948,8 +253387,8 @@ rule SIGNATURE_BASE_SUSP_Win32Dll_String : FILE
 		date = "2018-10-24"
 		modified = "2025-03-21"
 		reference = "https://medium.com/@Sebdraven/apt-sidewinder-changes-theirs-ttps-to-install-their-backdoor-f92604a2739"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L220-L232"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L220-L232"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "514596e078483920cedf0091cd769d8462acfd39956c3ed3e12d630b02ebb7cc"
 		score = 65
 		quality = 85
@@ -252971,8 +253410,8 @@ rule SIGNATURE_BASE_SUSP_Modified_Systemexefilename_In_File : FILE
 		date = "2018-12-11"
 		modified = "2025-03-21"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L234-L248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L234-L248"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "45c01024c4e6a3563cd27d8a78e2236d49aa795d24f322774a14b4c7289830c4"
 		score = 65
 		quality = 85
@@ -252995,8 +253434,8 @@ rule SIGNATURE_BASE_SUSP_JAVA_Class_With_VBS_Content : FILE
 		date = "2019-01-03"
 		modified = "2025-03-20"
 		reference = "https://www.menlosecurity.com/blog/a-jar-full-of-problems-for-financial-services-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L250-L275"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L250-L275"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bf325bbb6a448f977e4e661e4296c4145de9a809c79cee8538d660ecaff76e94"
 		score = 70
 		quality = 83
@@ -253023,8 +253462,8 @@ rule SIGNATURE_BASE_SUSP_RAR_With_PDF_Script_Obfuscation : FILE
 		date = "2019-04-06"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L277-L293"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L277-L293"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "05e9fd7620a70a490548d4562c80497bcf888e493b8e1188e0a0e0c274e2a7e5"
 		score = 65
 		quality = 85
@@ -253050,8 +253489,8 @@ rule SIGNATURE_BASE_SUSP_Netsh_Portproxy_Command
 		date = "2019-04-20"
 		modified = "2025-03-21"
 		reference = "https://docs.microsoft.com/en-us/windows-server/networking/technologies/netsh/netsh-interface-portproxy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L295-L308"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L295-L308"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dbf82a908e77886af1c31c51f5f6684015cbcb22bf28876c2e1b0dd1ea5bd2b4"
 		score = 65
 		quality = 85
@@ -253073,8 +253512,8 @@ rule SIGNATURE_BASE_SUSP_Dropperbackdoor_Keywords : FILE
 		date = "2019-04-24"
 		modified = "2025-03-21"
 		reference = "https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L310-L322"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L310-L322"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e83fa95bb2b9ac821d0a00af23834495066ad2cad38ef4f4dcc81aee75415d74"
 		score = 65
 		quality = 85
@@ -253096,11 +253535,11 @@ rule SIGNATURE_BASE_SUSP_SFX_Cmd : FILE
 		date = "2018-09-27"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L324-L336"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L324-L336"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "592de6a2165396c4ae8f494e26e56d0a759903b51167b1531b791897dce66868"
 		score = 65
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		hash1 = "965129e5d0c439df97624347534bc24168935e7a71b9ff950c86faae3baec403"
 
@@ -253119,8 +253558,8 @@ rule SIGNATURE_BASE_SUSP_XMRIG_Reference : FILE
 		date = "2019-06-20"
 		modified = "2025-03-21"
 		reference = "https://twitter.com/itaitevet/status/1141677424045953024"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L338-L350"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L338-L350"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c1e6f5fc390a8ada0688885bba7ed90372915deba5a5e7e5b0cd17ec450ce240"
 		score = 70
 		quality = 85
@@ -253141,8 +253580,8 @@ rule SIGNATURE_BASE_SUSP_Just_EICAR : FILE
 		date = "2019-03-24"
 		modified = "2025-03-21"
 		reference = "http://2016.eicar.org/85-0-Download.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L352-L365"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L352-L365"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a48fc3542fb07131fe0a2e25277009d21b9ca7c9e112873249e5b9c31511af79"
 		score = 40
 		quality = 85
@@ -253164,8 +253603,8 @@ rule SIGNATURE_BASE_SUSP_PDB_Path_Keywords : FILE
 		date = "2019-10-04"
 		modified = "2025-03-21"
 		reference = "https://twitter.com/stvemillertime/status/1179832666285326337?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L367-L393"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L367-L393"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "274b4b40190b8f7e3d123fad63e2bb6b2114a3dbef062791d442109cac149b08"
 		score = 65
 		quality = 85
@@ -253201,8 +253640,8 @@ rule SIGNATURE_BASE_SUSP_Disable_ETW_Jun20_1
 		date = "2020-06-06"
 		modified = "2025-03-21"
 		reference = "https://gist.github.com/Cyb3rWard0g/a4a115fd3ab518a0e593525a379adee3"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L395-L413"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L395-L413"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "182ad2512bcfbcd92d13380113b32982eb367e458019f07038a12f494dfbebb6"
 		score = 65
 		quality = 85
@@ -253229,8 +253668,8 @@ rule SIGNATURE_BASE_SUSP_PE_Discord_Attachment_Oct21_1 : FILE
 		date = "2021-10-12"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L415-L429"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L415-L429"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4d84ec50738f4c7aca8e77c3aabdcd77f3071733a2245a58283f070f2b220599"
 		score = 70
 		quality = 85
@@ -253251,8 +253690,8 @@ rule SIGNATURE_BASE_SUSP_Encoded_Discord_Attachment_Oct21_1 : FILE
 		date = "2021-10-12"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_strings.yar#L431-L456"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_strings.yar#L431-L456"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1ea5a83e91b5c5b4b8a1d507c365bc1583394c97a28b7d7a576f085854676769"
 		score = 70
 		quality = 85
@@ -253281,8 +253720,8 @@ rule SIGNATURE_BASE_Invoke_Smbexec : FILE
 		date = "2017-06-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Kevin-Robertson/Invoke-TheHash"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_invoke_thehash.yar#L12-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_invoke_thehash.yar#L12-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cc9feb7d4eadfc470aabf18d82c884f454ebcdd37f3ca6b0ee4b3634cd9e33ae"
 		score = 75
 		quality = 85
@@ -253309,8 +253748,8 @@ rule SIGNATURE_BASE_Invoke_Wmiexec_Gen_1
 		date = "2017-06-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Kevin-Robertson/Invoke-TheHash"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_invoke_thehash.yar#L32-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_invoke_thehash.yar#L32-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "12aeba5255527a337c49f1c4d1dc506a13ea02da69a8fc509c77bcb07c2135c8"
 		score = 75
 		quality = 85
@@ -253339,8 +253778,8 @@ rule SIGNATURE_BASE_Invoke_Smbexec_Invoke_Wmiexec_1
 		date = "2017-06-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Kevin-Robertson/Invoke-TheHash"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_invoke_thehash.yar#L53-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_invoke_thehash.yar#L53-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "feb2973cd7e2c221cd91ec543f1d943cf1b5d5d18fe74c8f7e58341f76f95b51"
 		score = 75
 		quality = 85
@@ -253367,8 +253806,8 @@ rule SIGNATURE_BASE_Invoke_Wmiexec_Gen
 		date = "2017-06-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Kevin-Robertson/Invoke-TheHash"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_invoke_thehash.yar#L72-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_invoke_thehash.yar#L72-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1ee79b7ea576adb71bde903756cda7af22e55eee9c4c3964cc9edc8930083fa2"
 		score = 75
 		quality = 85
@@ -253392,15 +253831,15 @@ rule SIGNATURE_BASE_MAL_LNX_PLAGUE_BACKDOOR_Jul25 : FILE
 	meta:
 		description = "Detects Plague backdoor ELF binaries, related to PAM authentication alteration."
 		author = "Pezier Pierre-Henri"
-		id = "b0304550-3b68-50fc-b0b9-232c965624c1"
+		id = "3b59adb4-91b4-56d1-875e-60de130ae11f"
 		date = "2025-07-25"
-		modified = "2025-08-01"
+		modified = "2025-09-17"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_lnx_plague.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_lnx_plague.yar#L1-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "14b0c90a2eff6b94b9c5160875fcf29aff15dcfdfd3402d953441d9b0dca8b39"
 		hash = "7c3ada3f63a32f4727c62067d13e40bcb9aa9cbec8fb7e99a319931fc5a9332e"
-		logic_hash = "2d96beef8e52b41731ebecc079e0cc6ea07ebda3d5c6130e66b1f2c9bdd8dd51"
+		logic_hash = "9ef7d8153c8567f85b8713467bf5b175e0c2af050e1f275fb2441bbca8d20a79"
 		score = 80
 		quality = 85
 		tags = "FILE"
@@ -253408,9 +253847,18 @@ rule SIGNATURE_BASE_MAL_LNX_PLAGUE_BACKDOOR_Jul25 : FILE
 	strings:
 		$s1 = "decrypt_phrase"
 		$s2 = "init_phrases"
+		$x1 = "captured_password"
+		$x2 = "updateklog"
+		$x3 = "init_cred_structs"
+		$xop1 = {
+         48 8b [4] 00    // mov     rax, cs:_ent_ptr
+         8b 00           // mov     eax, [rax]
+         3d ca b2 e9 f1  // cmp     eax, 0F1E9B2CAh
+         74              // jz      short loc_4586
+      }
 
 	condition:
-		uint32be( 0 ) == 0x7f454c46 and filesize < 1MB and all of them
+		uint32be( 0 ) == 0x7f454c46 and filesize < 1MB and 2 of them
 }
 rule SIGNATURE_BASE_SUSP_WER_Critical_Heapcorruption : FILE
 {
@@ -253421,8 +253869,8 @@ rule SIGNATURE_BASE_SUSP_WER_Critical_Heapcorruption : FILE
 		date = "2019-10-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1185459425710092288"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_wer_files.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_wer_files.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "efa84e375f31ca37b9dd9c7a74251929ac957b9bd530e92f74b8836f56048fea"
 		score = 45
 		quality = 85
@@ -253445,11 +253893,11 @@ rule SIGNATURE_BASE_SUSP_WER_Suspicious_Crash_Directory : FILE
 		date = "2019-10-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1185585050059976705"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_wer_files.yar#L20-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_wer_files.yar#L20-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a197feeafca38ffe33428fa807e2b80e3071ab8960926fc2f328748bda299910"
 		score = 45
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -253476,8 +253924,8 @@ rule SIGNATURE_BASE_MAL_RTF_Embedded_OLE_PE : FILE
 		date = "2018-01-22"
 		modified = "2023-11-25"
 		reference = "https://www.nextron-systems.com/2018/01/22/creating-yara-rules-detect-embedded-exe-files-ole-objects/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_strings_in_ole.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_strings_in_ole.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "054abb34ae84e02469d726809a6d8aa582ebad65dd8385de7800d3f5db7ee31c"
 		score = 65
 		quality = 85
@@ -253504,8 +253952,8 @@ rule SIGNATURE_BASE_EXPL_Gitlab_CE_RCE_CVE_2021_22205 : CVE_2021_22205
 		date = "2021-10-26"
 		modified = "2023-12-05"
 		reference = "https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_gitlab_cve_2021_22205.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_gitlab_cve_2021_22205.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "54b841716a6bd56706c1c38fcda9a27ffd7feba2660602b191e8e347983e578d"
 		score = 70
 		quality = 85
@@ -253534,11 +253982,11 @@ rule SIGNATURE_BASE_EXPL_Gitlab_CE_RCE_Malformed_JPG_CVE_2021_22204 : CVE_2021_2
 		date = "2021-10-26"
 		modified = "2023-12-05"
 		reference = "https://attackerkb.com/topics/D41jRUXCiJ/cve-2021-22205/rapid7-analysis?referrer=blog"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_gitlab_cve_2021_22205.yar#L29-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_gitlab_cve_2021_22205.yar#L29-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0718ad24337acbb746c6e0d7e0b42d2d034ff583ec6fd12b34fda4737d7e78b0"
 		score = 70
-		quality = 58
+		quality = 83
 		tags = "CVE-2021-22204, CVE-2021-22205, FILE"
 
 	strings:
@@ -253557,8 +254005,8 @@ rule SIGNATURE_BASE_Shellcode_Apihashing_FIN8_1
 		date = "2021-03-16"
 		modified = "2023-12-05"
 		reference = "https://www.bitdefender.com/files/News/CaseStudies/study/394/Bitdefender-PR-Whitepaper-BADHATCH-creat5237-en-EN.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin8.yar#L1-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin8.yar#L1-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5d47119a588aa69b3e241618d6dbb9df6117a6751bbff39a1f95340bc26611a7"
 		score = 75
 		quality = 85
@@ -253583,8 +254031,8 @@ rule SIGNATURE_BASE_SUSP_ZIP_LNK_Phishattachment_Pattern_Jun22_1 : FILE
 		date = "2022-06-23"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_phish_attachments.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_phish_attachments.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2ff398379e3d8112991eeacd99bf9d3bafbf3e9266f012d2539d6b2661d5969e"
 		score = 65
 		quality = 85
@@ -253610,8 +254058,8 @@ rule SIGNATURE_BASE_SUSP_ZIP_ISO_Phishattachment_Pattern_Jun22_1 : FILE
 		date = "2022-06-23"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_phish_attachments.yar#L23-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_phish_attachments.yar#L23-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "21de56d6209050b429c0cce82fd334d1b38a2a3727db5ead06f36fa9d503e193"
 		score = 65
 		quality = 85
@@ -253637,8 +254085,8 @@ rule SIGNATURE_BASE_SUSP_Archive_Phishing_Attachment_Characteristics_Jun22_1 : F
 		date = "2022-06-29"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/0xtoxin/status/1540524891623014400?s=12&t=IQ0OgChk8tAIdTHaPxh0Vg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_phish_attachments.yar#L43-L141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_phish_attachments.yar#L43-L141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "647044fa3b5cf6f0e9e738fa7b7d24f8918b7a7fb359342e1314d97b50debf87"
 		score = 65
 		quality = 60
@@ -253744,8 +254192,8 @@ rule SIGNATURE_BASE_APT_UTA028_Forensicartefacts_Paloalto_CVE_2024_3400_Apr24_1
 		date = "2024-04-15"
 		modified = "2024-04-18"
 		reference = "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L2-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L2-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1261eecca520daa0619859a45d2289d2c23c73be55e1a3849d2032a38e137f4d"
 		score = 70
 		quality = 85
@@ -253773,8 +254221,8 @@ rule SIGNATURE_BASE_EXPL_Paloalto_CVE_2024_3400_Apr24_1 : CVE_2024_3400
 		date = "2024-04-15"
 		modified = "2025-03-21"
 		reference = "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L27-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L27-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9ebc94a07b189a2d2dd252b5079fa494162739678fd2ca742e6877189a140da9"
 		score = 70
 		quality = 85
@@ -253799,8 +254247,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Base64_Download_Exec_Apr24 : SCRIPT
 		date = "2024-04-18"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L48-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L48-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "90b7781812b4078550b0d66ba020b3bb0a8217f2de03492af98db6c619f31929"
 		score = 75
 		quality = 85
@@ -253824,8 +254272,8 @@ rule SIGNATURE_BASE_SUSP_PY_Import_Statement_Apr24_1
 		date = "2024-04-15"
 		modified = "2025-03-21"
 		reference = "https://www.volexity.com/blog/2024/04/12/zero-day-exploitation-of-unauthenticated-remote-code-execution-vulnerability-in-globalprotect-cve-2024-3400/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L67-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L67-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d5c199d9c3e449ca282f0ca91c94ac783709299b3489f7cec38177a2f843b504"
 		score = 65
 		quality = 85
@@ -253846,8 +254294,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Base64_Exec_Apr24 : SCRIPT CVE_2024_3400 FILE
 		date = "2024-04-18"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L81-L105"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vuln_paloalto_cve_2024_3400_apr24.yar#L81-L105"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e96fb7c8faac12c1f0210689f2b3a7903b42a543b97ddff11298e5ae13cae80b"
 		score = 75
 		quality = 85
@@ -253873,8 +254321,8 @@ rule SIGNATURE_BASE_Bernhardpos
 		date = "2015-07-14"
 		modified = "2023-12-05"
 		reference = "http://morphick.com/blog/2015/7/14/bernhardpos-new-pos-malware-discovered-by-morphick"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_bernhard_pos.yar#L1-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_bernhard_pos.yar#L1-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e49820ef02ba5308ff84e4c8c12e7c3d"
 		logic_hash = "c00f2fda5a391b44767d918945069f18cef084dd4dc6aa94d8f945bf97ac462a"
 		score = 70
@@ -253899,8 +254347,8 @@ rule SIGNATURE_BASE_EXPL_Zoho_RCE_Fix_Lines_Dec21_1 : FILE
 		date = "2021-12-06"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1467784104930385923"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_zoho_rcef_logs.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_zoho_rcef_logs.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e6d9c3364da57c03a5e838f485deefabec2f3ec67d19a9017e564ba702a72d03"
 		score = 65
 		quality = 85
@@ -253926,8 +254374,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php5 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L8-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L8-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0fd91b6ad400a857a6a65c8132c39e6a16712f19"
 		logic_hash = "e882f115a67fe31ece1a81e1a2770b46370a92ac3aa23e348a12cdb5735e8a0e"
 		score = 70
@@ -253951,8 +254399,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Test3693 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L25-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L25-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "246d629ae3ad980b5bfe7e941fe90b855155dbfc"
 		logic_hash = "a10618d54fb7adbbd89a10f2e1ac067ccd1832140bcaf3b92394ebe7323f2d1e"
 		score = 70
@@ -253976,8 +254424,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Mycode12 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L42-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L42-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "64be8760be5ab5c2dcf829e3f87d3e50b1922f17"
 		logic_hash = "94cb0e414634af753db9ec0c63a3a34b4f9104e93e01d67cebab7b3a0c471198"
 		score = 70
@@ -254001,8 +254449,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Offlibrary : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L59-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L59-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "eb5275f99211106ae10a23b7e565d208a94c402b"
 		logic_hash = "ffec24bedfe0794e8f92da5067c41932339e61ec23d71a67ed4b634434cd10d6"
 		score = 70
@@ -254026,8 +254474,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Cfm_Xl : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L76-L91"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L76-L91"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "49c3d16ee970945367a7d6ae86b7ade7cb3b5447"
 		logic_hash = "b6683a24ad58a9444ec91f13e7da5db3e3e768afded09a23e1bbd0a0c23cf6b9"
 		score = 70
@@ -254051,8 +254499,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Linux : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L93-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L93-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "78339abb4e2bb00fe8a012a0a5b7ffce305f4e06"
 		logic_hash = "2c6278acd123e0d41ed4f0f8f0da27d5de1ad56efb8102c9eae442838a0416d0"
 		score = 70
@@ -254076,8 +254524,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Interception3389_Get : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L110-L126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L110-L126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ceb6306f6379c2c1634b5058e1894b43abcf0296"
 		logic_hash = "649e611c9d8948e60811af4209d737b3e797e6b42beba42439541ae543b062d6"
 		score = 70
@@ -254102,8 +254550,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Nc_1 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L128-L143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L128-L143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "51d83961171db000fe4476f36d703ef3de409676"
 		logic_hash = "80ea8f16d943a3775fe9999131272af9e7f1af60d413109e58ecdef036484760"
 		score = 70
@@ -254127,8 +254575,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Blacksky : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L145-L160"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L145-L160"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a60a599c6c8b6a6c0d9da93201d116af257636d7"
 		logic_hash = "3b92f63f536361d8ba0cde853fb546f271abdec3a7c1d44688a42610f5f90c57"
 		score = 70
@@ -254152,8 +254600,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Asp3 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L162-L177"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L162-L177"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "87c5a76989bf08da5562e0b75c196dcb3087a27b"
 		logic_hash = "e5f30a445be30c491e669c633bf2df08cbfb1017ecfc91f9ed83275550488304"
 		score = 70
@@ -254177,8 +254625,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Sniff : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L179-L194"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L179-L194"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e246256696be90189e6d50a4ebc880e6d9e28dfd"
 		logic_hash = "198442e75422055e7d65c5d1aef55819036a99077aa79dbd5006ba97c4fe4af8"
 		score = 70
@@ -254202,8 +254650,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Udf_Udf : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L196-L211"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L196-L211"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "df63372ccab190f2f1d852f709f6b97a8d9d22b9"
 		logic_hash = "c7db32b5e66601e0b8322ac67b6b9ba8d6222891ed01db557bfac9985140421a"
 		score = 70
@@ -254227,8 +254675,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_JSP_Jsp : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L213-L228"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L213-L228"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c58fed3d3d1e82e5591509b04ed09cb3675dc33a"
 		logic_hash = "089e1a553900d149a4087ac81254295d74de15d9baaf73e60ce4f061e450e8c7"
 		score = 70
@@ -254252,8 +254700,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_T00Ls_Lpk_Sethc_V4_Mail : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L230-L245"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L230-L245"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0a9b7b438591ee78ee573028cbb805a9dbb9da96"
 		logic_hash = "b835a6d0c736116e0a8b277dadbf25c2ac333b0d7937a6f67ed59887c610a57a"
 		score = 70
@@ -254277,8 +254725,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Phpwebbackup : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L247-L262"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L247-L262"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c788cb280b7ad0429313837082fe84e9a49efab6"
 		logic_hash = "45452fc415fbafe170a1b1f5a58df40f0ec65a9a6678e675b40a8c54e2d8bd6c"
 		score = 70
@@ -254302,8 +254750,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Dz_Phpcms_Phpbb : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L264-L281"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L264-L281"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "33f23c41df452f8ca2768545ac6e740f30c44d1f"
 		logic_hash = "1455df58f51c3ae7558b89c940d97ea5870f261217b2a09727bb6678bcbd5500"
 		score = 70
@@ -254329,8 +254777,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Picloaked_1 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L283-L299"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L283-L299"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3eab1798cbc9ab3b2c67d3da7b418d07e775db70"
 		logic_hash = "a816ac9e98b7c5208f075ffcb9a6525016d6a5c468005d78ecab90d651423705"
 		score = 70
@@ -254355,8 +254803,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Assembly : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L301-L315"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L301-L315"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2bcb4d22758b20df6b9135d3fb3c8f35a9d9028e"
 		logic_hash = "34dc47b2f91a15a62175f3cab88d5ff24d2a3aa62f74fb9e43a4aaae96ced999"
 		score = 70
@@ -254379,8 +254827,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php8 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L317-L334"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L317-L334"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b7b49f1d6645865691eccd025e140c521ff01cce"
 		logic_hash = "435ceb72c082f702284c464979a907a59a42bb4aa07311f9b2da1a9831efac11"
 		score = 70
@@ -254406,8 +254854,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Tuoku_Script_Xx : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L336-L352"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L336-L352"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2f39f1d9846ae72fc673f9166536dc21d8f396aa"
 		logic_hash = "67c542f172fd1b97fbee4697fd42bab9486e3d779ce62993617e5a5205bd75d4"
 		score = 70
@@ -254432,8 +254880,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_JSPMSSQL : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L354-L369"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L354-L369"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c6b4faecd743d151fe0a4634e37c9a5f6533655f"
 		logic_hash = "c08e69345cb09e41840a81dcd8a015f9e1be93d570b64c310be74631e5314e2f"
 		score = 70
@@ -254457,8 +254905,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Injection_Transit_Jmpost : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L371-L386"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L371-L386"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f80ec26bbdc803786925e8e0450ad7146b2478ff"
 		logic_hash = "6c7f52cf7ff6df9867ea2c46cd8f40ef0e077d4e1d9033cde0649a209bffe21b"
 		score = 70
@@ -254482,8 +254930,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Web_Asp : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L388-L403"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L388-L403"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "aebf6530e89af2ad332062c6aae4a8ca91517c76"
 		logic_hash = "5d2d7e6b9340ee4fd845ff05c99526c919214974b1a0def66492fe3cd4a75fe9"
 		score = 70
@@ -254507,8 +254955,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Wshell_Asp : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L405-L421"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L405-L421"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4a0afdf5a45a759c14e99eb5315964368ca53e9c"
 		logic_hash = "f3c4af85e4798d3a809d8edd9cc46d1df44453f14ed050b002fe789da4d6096f"
 		score = 70
@@ -254533,8 +254981,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Asp404 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L423-L439"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L423-L439"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bed51971288aeabba6dabbfb80d2843ec0c4ebf6"
 		logic_hash = "c84be2e561a08317be11cdb0fe103f8ad182a64d8cd1bf987163ebbeabe20f00"
 		score = 70
@@ -254559,8 +255007,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Serv_U_Asp : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L441-L457"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L441-L457"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cee91cd462a459d31a95ac08fe80c70d2f9c1611"
 		logic_hash = "c98c3f4db5ea812827b6108ef88b57116621142202248f4f26f0c71bd76e33ec"
 		score = 70
@@ -254585,8 +255033,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Cfm_List : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L459-L474"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L459-L474"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "85d445b13d2aef1df3b264c9b66d73f0ff345cec"
 		logic_hash = "41c7c5ba6187a8871dec83bcd859b9377813d60cea8ef2b4ad390c67de04e010"
 		score = 70
@@ -254610,8 +255058,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L476-L491"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L476-L491"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bf12e1d741075cd1bd324a143ec26c732a241dea"
 		logic_hash = "707e2795d82636fbbc4d9f5324e509a526f77f9ead8f3c4d59dd0e95bc94f11e"
 		score = 70
@@ -254635,8 +255083,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Tuoku_Script_Oracle : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L493-L509"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L493-L509"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fc7043aaac0ee2d860d11f18ddfffbede9d07957"
 		logic_hash = "3ad4207e426ed2f9df0e0bac0e906af437b0774ba2ebb541afbe7e29b395ad63"
 		score = 70
@@ -254661,8 +255109,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Aspx4 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L511-L527"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L511-L527"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "200a8f15ffb6e3af31d28c55588003b5025497eb"
 		logic_hash = "0aab8e327b4477cb0b8cd5d4b1e4b52c160180656dad57b0498654da1c8d7a29"
 		score = 70
@@ -254687,8 +255135,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Aspx : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L529-L546"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L529-L546"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8378619b2a7d446477946eabaa1e6744dec651c1"
 		logic_hash = "b59684633fd72bd1804a96850a8b358db98c169415b6e65fe3ecfb4d9fde72d0"
 		score = 70
@@ -254714,8 +255162,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Su7_X_9_X : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L548-L563"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L548-L563"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "808396b51023cc8356f8049cfe279b349ca08f1a"
 		logic_hash = "2d2398cf0f9e253eea343d39b6555f2633f92f627f1c93cc28123d5a7f3d1bf1"
 		score = 70
@@ -254739,8 +255187,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Cfmshell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L565-L580"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L565-L580"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "740796909b5d011128b6c54954788d14faea9117"
 		logic_hash = "0767012ec8fd4a18a64eca04d459efb55fafd29ed052dab8a0eb1b8f4ce7aa66"
 		score = 70
@@ -254764,8 +255212,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Asp4 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L582-L598"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L582-L598"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4005b83ced1c032dc657283341617c410bc007b8"
 		logic_hash = "ae02d1efc975a8592a00cbab823355fb778fbb589f5752dd913aa432b316c3a4"
 		score = 70
@@ -254790,8 +255238,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Serv_U_2_Admin_By_Lake2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L600-L617"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L600-L617"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cb8039f213e611ab2687edd23e63956c55f30578"
 		logic_hash = "a67c08b3a4bed2385d2fa8c007615bfb37a2d739cc13ee2e0f5eda00536b6ea8"
 		score = 70
@@ -254817,8 +255265,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php3 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L619-L634"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L619-L634"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e2924cb0537f4cdfd6f1bd44caaaf68a73419b9d"
 		logic_hash = "ba3892feacbbe3d7c6b6308a22ca22b19ae84b6490df2c976852260da2a96ca1"
 		score = 70
@@ -254842,8 +255290,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Serv_U_By_Goldsun : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L636-L653"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L636-L653"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d4d7a632af65a961a1dbd0cff80d5a5c2b397e8c"
 		logic_hash = "962b2e75c03f716fc039cf26aa238e9a3faf5a7ea8fb3d4da556fa601790055a"
 		score = 70
@@ -254869,8 +255317,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php10 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L655-L670"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L655-L670"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3698c566a0ae07234c8957112cdb34b79362b494"
 		logic_hash = "76bb2dfd518173f031cc3c93b2098edaef4aca09f0dd8228223257b0b7df452b"
 		score = 70
@@ -254894,8 +255342,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Serv_U_Servu : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L671-L686"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L671-L686"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7de701b86820096e486e64ca34f1fa9f2fbba641"
 		logic_hash = "d3956b6daa0649233372aea4176e0d43c44d866146884222f92b7efe01f288bb"
 		score = 70
@@ -254919,8 +255367,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Portrecall_Jsp2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L688-L704"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L688-L704"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "412ed15eb0d24298ba41731502018800ffc24bfc"
 		logic_hash = "1ec77a1b0d30cdebce1b5b07445247016230b733a594d8d1de642c2c8af63031"
 		score = 70
@@ -254945,8 +255393,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Aspx2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L706-L723"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L706-L723"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "95db7a60f4a9245ffd04c4d9724c2745da55e9fd"
 		logic_hash = "7af90992bc3f708d877dcd5841c0d132793e41a0796607907084516d955b3ae0"
 		score = 70
@@ -254972,8 +255420,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Hy2006A : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L725-L740"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L725-L740"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "20da92b2075e6d96636f883dcdd3db4a38c01090"
 		logic_hash = "a24bf11a2728bb8d18ea005b057648770956694e0b257d4464ad15ee3e24eda2"
 		score = 70
@@ -254997,8 +255445,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php1 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L742-L758"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L742-L758"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c2f4b150f53c78777928921b3a985ec678bfae32"
 		logic_hash = "aadf47ac6231b41e720efdd85c481ebac8fccb572e57b86b27a95dd367c0d81b"
 		score = 70
@@ -255023,8 +255471,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Jspshell2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L760-L775"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L760-L775"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cc7bc1460416663012fc93d52e2078c0a277ff79"
 		logic_hash = "3a60991fa557655fbd2450739976ac612a0ea2a3df22873382b05438cac12762"
 		score = 70
@@ -255048,8 +255496,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Tuoku_Script_Mysql : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L777-L791"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L777-L791"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8e242c40aabba48687cfb135b51848af4f2d389d"
 		logic_hash = "bde2ea1ccfc88138456a1b255a32a7323f5ef0f677499db6dc6670987cc37585"
 		score = 70
@@ -255073,8 +255521,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php9 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L793-L807"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L793-L807"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cd3962b1dba9f1b389212e38857568b69ca76725"
 		logic_hash = "bea117862ebc9220a4d9aee091c808274f9907fceb83b528055998ddcc90aa5f"
 		score = 70
@@ -255097,8 +255545,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Portrecall_Jsp : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L809-L823"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L809-L823"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "65e8e4d13ad257c820cad12eef853c6d0134fce8"
 		logic_hash = "98f279c3e50308f67f88ecf8459943187ea152664fe0206c4a7d3435242df2a6"
 		score = 70
@@ -255121,8 +255569,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Aspx3 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L825-L840"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L825-L840"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "dd61481771f67d9593214e605e63b62d5400c72f"
 		logic_hash = "11bf511ee70ff4bde0a9320cb80dd9efa0f437d432c78a859153cfcc8e80db01"
 		score = 70
@@ -255146,8 +255594,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASPX_Shell_Shell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L842-L857"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L842-L857"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1816006827d16ed73cefdd2f11bd4c47c8af43e4"
 		logic_hash = "ac22d89353b4316289bf6c6e13332ac401f4b57f6c29b71861cb48359c1e55f9"
 		score = 70
@@ -255171,8 +255619,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell__Php1_Php7_Php9 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L859-L878"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L859-L878"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6ea5b362f8d8f2e99725d4dd4d2ada5c3939a45a3dde0084571600452ab4673c"
 		score = 70
 		quality = 85
@@ -255200,8 +255648,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell__Serv_U_By_Goldsun_Asp3_Serv_U_Asp : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L880-L899"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L880-L899"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b733e80f234a85a4f65eedd94f535860b4da464adb80a91afc547a8d96b5dc7a"
 		score = 70
 		quality = 85
@@ -255229,8 +255677,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell__Asp4_Asp4_MSSQL__MSSQL_ : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L901-L921"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L901-L921"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a8ec5ad87c83c16f47391c3ce08cee74c6be1e42c288eec6d1559867d28489c6"
 		score = 70
 		quality = 85
@@ -255259,8 +255707,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell__Injection_Jmcook_Jmpost_Manualinjection
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L923-L942"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L923-L942"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0f3a4f81326154a6a6ac448d18be29ad534917bc39aba26cc458f06b43001681"
 		score = 70
 		quality = 85
@@ -255288,8 +255736,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Cmfshell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L944-L959"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L944-L959"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b9b2107c946431e4ad1a8f5e53ac05e132935c0e"
 		logic_hash = "f138a82c2d6a831626fe200308eb89cb50ffeec2f2722599eb4ccbd082bad73d"
 		score = 70
@@ -255313,8 +255761,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php4 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L961-L975"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L961-L975"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "179975f632baff6ee4d674fe3fabc324724fee9e"
 		logic_hash = "e625b6d1fd2c1e62306ccae2775ee7b53ddcdd7a6baef55b386dfcd92dc2e764"
 		score = 70
@@ -255337,8 +255785,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Linux_2_6_Exploit : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L977-L991"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L977-L991"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ec22fac0510d0dc2c29d56c55ff7135239b0aeee"
 		logic_hash = "7f3e2937796358a949ce980210ddeb1a606a7b9c2b4d9c4a4acad49bb556dfc8"
 		score = 70
@@ -255361,8 +255809,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Asp2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L993-L1009"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L993-L1009"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b3ac478e72a0457798a3532f6799adeaf4a7fc87"
 		logic_hash = "6107afe9895c4e0c865e78bece160246815a0d3c589bfc79f8b369b94481cd89"
 		score = 70
@@ -255387,8 +255835,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_FTP_MYSQL_MSSQL_SSH : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L1011-L1029"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L1011-L1029"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fe63b215473584564ef2e08651c77f764999e8ac"
 		logic_hash = "a66884c71ce0cce05ba6607bf66dc55bfae5393746328c06f5c9ca98005d0caf"
 		score = 70
@@ -255415,8 +255863,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Shell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L1031-L1047"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L1031-L1047"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b7b34215c2293ace70fc06cbb9ce73743e867289"
 		logic_hash = "be3961d6568acfaadfa09efda2f914259a59f4e30725c7d434e89f6020e40515"
 		score = 70
@@ -255441,8 +255889,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_PHP_Php7 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L1049-L1064"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L1049-L1064"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "05a3f93dbb6c3705fd5151b6ffb64b53bc555575"
 		logic_hash = "70804d914c6f31422632943bf663f997eb747a290a13b27bfcc66bc3129f136d"
 		score = 70
@@ -255466,8 +255914,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Rootkit : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L1066-L1081"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L1066-L1081"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3bfc1c95782e702cf56184e7d438edcf5802eab3"
 		logic_hash = "5569a179f011ece9802676542d5556fe8d2a2b144e26065b9e0c5bd06c970201"
 		score = 70
@@ -255491,8 +255939,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Jspshell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L1083-L1098"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L1083-L1098"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d16af622f7688d4e0856a2678c4064d3d120e14b"
 		logic_hash = "9b952f941eb87d7a1b4f747f4e0b0b5ee8876190c6f684b811057a2c78044047"
 		score = 70
@@ -255516,8 +255964,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Serv_U_Serv_U : FILE
 		date = "2015-06-23"
 		modified = "2023-01-27"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L1100-L1117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L1100-L1117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1c6415a247c08a63e3359b06575b36017befc0c0"
 		logic_hash = "89cfcbaa38c3b0b6c31af634b4588dcc8bc7a5aa3edac955a162173341d03622"
 		score = 70
@@ -255542,8 +255990,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Webshell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L1119-L1135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L1119-L1135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7ef773df7a2f221468cc8f7683e1ace6b1e8139a"
 		logic_hash = "7d80390a86b1858d2cf4f2be56df7e734aea402de0878adf40ef36721719ca74"
 		score = 70
@@ -255568,8 +256016,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_Tuoku_Script_Mssql_2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L1137-L1153"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L1137-L1153"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ad55512afa109b205e4b1b7968a89df0cf781dc9"
 		logic_hash = "1d4b75eeeddda6e92b8ec38679d5e2b9d21abf2d2b467b91a066dcf628725f0a"
 		score = 70
@@ -255594,8 +256042,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell_ASP_Asp1 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_webshells.yar#L1155-L1171"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_webshells.yar#L1155-L1171"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "78b5889b363043ed8a60bed939744b4b19503552"
 		logic_hash = "3b454b1254d05b2208aee02e966c9c56a338dd3d33a2c6acc2c4df3208314055"
 		score = 70
@@ -255620,11 +256068,11 @@ rule SIGNATURE_BASE_Pos_Malware_Malumpos
 		date = "2015-05-25"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_malumpos.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_malumpos.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ece32e51a12adf0d68420c8d98efbe7df27b9061ddfe4dcedf151f9f06287eee"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = ""
 		sample_filtype = "exe"
 
@@ -255647,8 +256095,8 @@ rule SIGNATURE_BASE_SUSP_Macro_Staroffice : FILE
 		date = "2019-02-06"
 		modified = "2021-05-27"
 		reference = "https://twitter.com/JohnLaTwC/status/1093259873993732096"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_macro_staroffice_suspicious.yar#L1-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_macro_staroffice_suspicious.yar#L1-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "49385335488fa0a598ed48203d9483c5c2f53ae287e003a8cf7d64d56280e62a"
 		score = 60
 		quality = 81
@@ -255687,8 +256135,8 @@ rule SIGNATURE_BASE_APT_NK_Methodology_Artificial_Useragent_IE_Win7 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt37.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt37.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "43119b83a7eaf3dade9477d342b5656970940e9b4f41b3ba5f720d7fbe927762"
 		score = 45
 		quality = 85
@@ -255714,8 +256162,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Scheduledtask_Loader : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L3-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L3-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2d32ee777cb40c6fa58787e92c0de074ea5b81d629a17ccb4f9432d62436f03c"
 		score = 80
 		quality = 85
@@ -255738,8 +256186,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Kaosrat_Yamabot
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L20-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L20-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "92182aac2e56041292102b0486b7de1ee6eb3d54a9fc6786c567acd92073cd84"
 		score = 70
 		quality = 85
@@ -255770,8 +256218,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Trifaux_Easyrat_JUPITER : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L44-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L44-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6108035dbebd34fe994fc1f8b4123321321f6ed5c022be6e84a88f905ea6fb73"
 		score = 80
 		quality = 85
@@ -255794,8 +256242,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Cutiedrop_Magicrat : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L61-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L61-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f289bbd71bdeaf2c42063642454679ec26de5ed24c020af40db694a0ced54884"
 		score = 80
 		quality = 85
@@ -255823,8 +256271,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_HHSD_Filetransfertool : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L87-L126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L87-L126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "665c1b27d64d5377be98aa4e629b077e56f3a44273d98653a338439b3dc05b65"
 		score = 70
 		quality = 85
@@ -255848,8 +256296,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Atharvan_3RAT : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L128-L142"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L128-L142"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "741318234e245a35accc0b102a7891559ce5ef868ccdc3e6e4c8e59d8dea8b24"
 		score = 80
 		quality = 85
@@ -255871,8 +256319,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Lilithrat_Variant : FILE
 		date = "2024-07-25"
 		modified = "2024-07-26"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L144-L179"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L144-L179"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3ce68908468ff85683b081842fa4faa579fbf6f7dc1a7fab5dcf7eac63d90aea"
 		score = 80
 		quality = 85
@@ -255902,8 +256350,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Sockstroy_Strings_Opcodes : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L181-L200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L181-L200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6ab31b285d0dba1745a2d8b172bd02931c6138e2b8e541203b88f111d179549b"
 		score = 80
 		quality = 85
@@ -255927,8 +256375,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Agni : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L202-L217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L202-L217"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "302899b65e5a3a6beabbb46e80e3f0ff246c209206cc3a7f871011d68871d0b9"
 		score = 80
 		quality = 85
@@ -255950,8 +256398,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Golang_Validalpha_Handshake
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L219-L231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L219-L231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1978210d07d3298c0051c9faca16685636e3fb45131b4c2fcb7053a0b3ef84d1"
 		score = 75
 		quality = 85
@@ -255972,8 +256420,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Golang_Validalpha_Tasks
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L233-L248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L233-L248"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0d3fb944888b289d345ffc8dfcc988abd04b8cabd1729a66e8236f95ee6147ee"
 		score = 80
 		quality = 85
@@ -255997,8 +256445,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Golang_Validalpha_Blackstring : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L250-L262"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L250-L262"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "07ea38890e99dd53437a23b7c4002851604b69a83bd7fb8971609226249e5954"
 		score = 90
 		quality = 85
@@ -256019,8 +256467,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_ELF_Backdoor_Fipps : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L292-L308"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L292-L308"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3b57eb6c6b89e93863b9600c4a1384f3e064f236e827ef9ffc37b1e5dcff7d24"
 		score = 80
 		quality = 85
@@ -256044,8 +256492,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Bindshell : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L310-L328"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L310-L328"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "409aa6a27d81e14ea90d90ee02924cb11f5fecef592e6577b084f9ab2dde35fc"
 		score = 70
 		quality = 85
@@ -256071,8 +256519,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Grease2 : FILE
 		date = "2024-07-25"
 		modified = "2024-07-26"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L330-L351"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L330-L351"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "138fc915206e0c2834090ebc0a808913488121d51c17de3dbfadcb4099fbfa2f"
 		score = 80
 		quality = 85
@@ -256096,8 +256544,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Nopineapple_Dtrack_Unpacked : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L353-L368"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L353-L368"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cf5f92a66ba3ff4db61102dcc50b781e8dd14ca7cb1eb70dae8eba2ed0910b66"
 		score = 80
 		quality = 85
@@ -256120,8 +256568,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Dtrack_Unpacked : FILE
 		date = "2024-07-25"
 		modified = "2024-07-26"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L370-L393"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L370-L393"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d8de583fc0de01e6784305d28dbf7cea859a24cf4df1dc59356601bc830e4770"
 		score = 75
 		quality = 85
@@ -256146,8 +256594,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_Andariel_Tigerrat_Crowdsourced_Rule : FILE
 		date = "2024-07-25"
 		modified = "2024-07-26"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L395-L424"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L395-L424"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5d203d8c7e624796571f4597f70be0b8303f21c096640f25018cad29d4abc05b"
 		score = 75
 		quality = 85
@@ -256175,8 +256623,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_WIN_Tiger_RAT_Auto : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L426-L566"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L426-L566"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1deef66efb44c0d17f33508a8b6f0d6253f0308f309e81657f78eb0f87121bf5"
 		score = 75
 		quality = 85
@@ -256212,8 +256660,8 @@ rule SIGNATURE_BASE_MAL_APT_NK_WIN_Dtrack_Auto : FILE
 		date = "2024-07-25"
 		modified = "2025-07-09"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-207a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_andariel_jul24.yar#L568-L708"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_andariel_jul24.yar#L568-L708"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2bd68ee6e5f35a9b80c07120beba3fe1f3ba9a9137ee15bb04bb2740381a9a44"
 		score = 75
 		quality = 85
@@ -256248,8 +256696,8 @@ rule SIGNATURE_BASE_APT_Area1_SSF_Plugx
 		date = "2018-12-19"
 		modified = "2023-12-05"
 		reference = "https://cdn.area1security.com/reports/Area-1-Security-PhishingDiplomacy.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_area1_phishing_diplomacy.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_area1_phishing_diplomacy.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a71f124f0c89c4b020f21d029d0d2997b2bea71526e83bcadffb67acc9cca8f7"
 		score = 75
 		quality = 85
@@ -256284,8 +256732,8 @@ rule SIGNATURE_BASE_APT_Area1_SSF_Googlesend_Strings : FILE
 		date = "2018-12-19"
 		modified = "2023-12-05"
 		reference = "https://cdn.area1security.com/reports/Area-1-Security-PhishingDiplomacy.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_area1_phishing_diplomacy.yar#L29-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_area1_phishing_diplomacy.yar#L29-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3a373ed63494b67883515c133bf5b0af3ab874397c7cb45c8399f12e35212be4"
 		score = 75
 		quality = 85
@@ -256313,8 +256761,8 @@ rule SIGNATURE_BASE_SUSP_Xored_Mozilla_Oct19
 		modified = "2023-11-03"
 		old_rule_name = "SUSP_XORed_Mozilla"
 		reference = "https://gchq.github.io/CyberChef/#recipe=XOR_Brute_Force()"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_xor_hunting.yar#L2-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_xor_hunting.yar#L2-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e1b5c7a0adb4dc65cdf0a653255ac865a0ecebbf1ff08b7fc46d510d5e8aa6c9"
 		score = 60
 		quality = 85
@@ -256339,8 +256787,8 @@ rule SIGNATURE_BASE_SUSP_Xored_MSDOS_Stub_Message : FILE
 		date = "2019-10-28"
 		modified = "2023-10-11"
 		reference = "https://yara.readthedocs.io/en/latest/writingrules.html#xor-strings"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_xor_hunting.yar#L27-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_xor_hunting.yar#L27-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b6d7d7242511d2c26122fe2b880cfe39facb5f68ae45e19c1558163f0427c304"
 		score = 55
 		quality = 85
@@ -256373,8 +256821,8 @@ rule SIGNATURE_BASE_Dubseven_File_Set : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_between-hk-and-burma.yar#L1-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_between-hk-and-burma.yar#L1-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "af98ab901ca97a350aa837779d74208a780b1099e113cfa59bee2eb33690918e"
 		score = 75
 		quality = 85
@@ -256402,8 +256850,8 @@ rule SIGNATURE_BASE_Dubseven_Dropper_Registry_Checks : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_between-hk-and-burma.yar#L31-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_between-hk-and-burma.yar#L31-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "813ff641a4213cf9d56013768e284e7f622a223c6c4f585c3bbbcf69fc03723c"
 		score = 75
 		quality = 85
@@ -256430,8 +256878,8 @@ rule SIGNATURE_BASE_Dubseven_Dropper_Dialog_Remains : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_between-hk-and-burma.yar#L59-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_between-hk-and-burma.yar#L59-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "322ddc1210b6bde393970c61113e6efcb87a3529db386323dfd08973e5d2703e"
 		score = 75
 		quality = 85
@@ -256453,8 +256901,8 @@ rule SIGNATURE_BASE_Maindll_Mutex : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_between-hk-and-burma.yar#L83-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_between-hk-and-burma.yar#L83-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8d3311164104198e02e700c2e9a5293e55d75d63b39c75c4e375b7f35eb5fde4"
 		score = 75
 		quality = 85
@@ -256475,8 +256923,8 @@ rule SIGNATURE_BASE_Slserver_Dialog_Remains : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_between-hk-and-burma.yar#L106-L136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_between-hk-and-burma.yar#L106-L136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5b18f4a6c54b456ae697e9639e8c3041fd4f3141d89850c3e1d3d4e220c3cea3"
 		score = 75
 		quality = 85
@@ -256501,8 +256949,8 @@ rule SIGNATURE_BASE_Slserver_Mutex : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_between-hk-and-burma.yar#L138-L158"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_between-hk-and-burma.yar#L138-L158"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9bf3c6c93e77424463e3fb6f9f4d58e80254866462fe1287293b0a357737da20"
 		score = 75
 		quality = 85
@@ -256523,8 +256971,8 @@ rule SIGNATURE_BASE_Slserver_Command_And_Control : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_between-hk-and-burma.yar#L160-L180"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_between-hk-and-burma.yar#L160-L180"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "48a13d27b7dc9a7f3a65752142b2a291e7c3ee93ef67b36aa4202d065e74d80e"
 		score = 75
 		quality = 85
@@ -256545,8 +256993,8 @@ rule SIGNATURE_BASE_Slserver_Campaign_Code : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_between-hk-and-burma.yar#L182-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_between-hk-and-burma.yar#L182-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fbf53678399b0e14eae6f1bb6594b2aa665f76f10388e492bec2f9101a4dd4b1"
 		score = 75
 		quality = 85
@@ -256567,8 +257015,8 @@ rule SIGNATURE_BASE_Slserver_Unknown_String : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_between-hk-and-burma.yar#L204-L224"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_between-hk-and-burma.yar#L204-L224"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "18d3bb236282c506c161949883722da1cb0af6dd87bf5cb3d4a5b3d90f4a7db0"
 		score = 75
 		quality = 85
@@ -256589,8 +257037,8 @@ rule SIGNATURE_BASE_Gen_Base64_EXE : HIGHVOL FILE
 		date = "2017-04-21"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/general_cloaking.yar#L71-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/general_cloaking.yar#L71-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6fe18ee727a836c0baaac4dbbffdb9f50065f56a4c6eeee7e54792a8a66229de"
 		score = 75
 		quality = 85
@@ -256617,8 +257065,8 @@ rule SIGNATURE_BASE_Binary_Drop_Certutil : FILE
 		date = "2015-07-15"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/9DNn8q"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/general_cloaking.yar#L92-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/general_cloaking.yar#L92-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3e2b62442b5da6ab887e1eb03cdd44932651fa51ce11e87e6fc29015e708d2f3"
 		score = 70
 		quality = 85
@@ -256642,8 +257090,8 @@ rule SIGNATURE_BASE_Stegokatz : FILE
 		date = "2015-09-11"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/jWPBBY"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/general_cloaking.yar#L109-L123"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/general_cloaking.yar#L109-L123"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "091b07220d2a89822aa382edcecf5869d463e375747cc41f52417e66ccf0e2da"
 		score = 70
 		quality = 85
@@ -256666,8 +257114,8 @@ rule SIGNATURE_BASE_Obfuscated_VBS_April17 : FILE
 		date = "2017-04-21"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/general_cloaking.yar#L125-L137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/general_cloaking.yar#L125-L137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "590dca22a4fcbc2bbfb4358c53f7cb6c06824970139cca251c4cf1bd435817b0"
 		score = 75
 		quality = 85
@@ -256689,8 +257137,8 @@ rule SIGNATURE_BASE_Obfuscated_JS_April17 : FILE
 		date = "2017-04-21"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/general_cloaking.yar#L139-L153"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/general_cloaking.yar#L139-L153"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c75bf0ad8dd35fabbaedb54c2630249497edbb215b6ce2b707e32f82e8fb8f56"
 		score = 75
 		quality = 85
@@ -256714,8 +257162,8 @@ rule SIGNATURE_BASE_APT30_Generic_H : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L10-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L10-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e4affe7dc01efc4d6c25aaae4679bc1f8fddd97794e351d30501eaeb8e1d1dea"
 		score = 75
 		quality = 85
@@ -256741,8 +257189,8 @@ rule SIGNATURE_BASE_APT30_Sample_2 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L28-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L28-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0359ffbef6a752ee1a54447b26e272f4a5a35167"
 		logic_hash = "e34dbb90fc868b0619d3d2aa1b6176252836a6ae72e6f52b1eba632054f7c272"
 		score = 75
@@ -256769,8 +257217,8 @@ rule SIGNATURE_BASE_APT30_Sample_3 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L47-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L47-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d0320144e65c9af0052f8dee0419e8deed91b61b"
 		logic_hash = "ee61ec1fdf27fa21bcc235fce0ab8dc74968b39a747648ce828fb4826cf1d234"
 		score = 75
@@ -256797,8 +257245,8 @@ rule SIGNATURE_BASE_APT30_Generic_C : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L66-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L66-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b969565eac3b6f548318aae4edc8d8851f522a6c263bcaf2a466ff0ca9af78a4"
 		score = 75
 		quality = 85
@@ -256830,8 +257278,8 @@ rule SIGNATURE_BASE_APT30_Sample_4 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L90-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L90-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "75367d8b506031df5923c2d8d7f1b9f643a123cd"
 		logic_hash = "ec9542acb583bd5812d561bea70e89e0fcddc1eaef14d3ea5b8ad29711ed17ae"
 		score = 75
@@ -256859,8 +257307,8 @@ rule SIGNATURE_BASE_APT30_Sample_5 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L110-L127"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L110-L127"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1a2dd2a0555dc746333e7c956c58f7c4cdbabd4b"
 		logic_hash = "3738076d97bf19404bad20c2419eae83dd2b65400d5bd135ffe73362c008de9b"
 		score = 75
@@ -256887,8 +257335,8 @@ rule SIGNATURE_BASE_APT30_Sample_6 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L129-L143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L129-L143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "00e69b059ad6b51b76bc476a115325449d10b4c0"
 		logic_hash = "139719139056f575967629f0153e0a05239bc26f61f6d4324cfb6a816518c3df"
 		score = 75
@@ -256912,8 +257360,8 @@ rule SIGNATURE_BASE_APT30_Sample_7 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L145-L163"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L145-L163"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "868d1f4c106a08bd2e5af4f23139f0e0cd798fba"
 		logic_hash = "f7922d795bc92714a9ef4861bc9c4ac9921a73749e3aa1d5f7dbc3c991fe7145"
 		score = 75
@@ -256941,8 +257389,8 @@ rule SIGNATURE_BASE_APT30_Generic_E : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L165-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L165-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5ccf1f1334dc300d13aa8dbc080d2d839815d102958fde2b8709c11f522412fd"
 		score = 75
 		quality = 85
@@ -256970,8 +257418,8 @@ rule SIGNATURE_BASE_APT30_Sample_8 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L185-L201"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L185-L201"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9531e21652143b8b129ab8c023dc05fef2a17cc3"
 		logic_hash = "bff21d517e97d2b13dff2b5ebc9a5b82b8f7635943c89f992b41d269623cd498"
 		score = 75
@@ -256997,8 +257445,8 @@ rule SIGNATURE_BASE_APT30_Generic_B : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L203-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L203-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "527c823607836f138369224b7d8d492d36d9ab7a150e64fd5ebbaf99538d6d53"
 		score = 75
 		quality = 85
@@ -257027,8 +257475,8 @@ rule SIGNATURE_BASE_APT30_Generic_I : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L224-L240"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L224-L240"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e6f0edcbf6e0590c8b4a558142053d5938e86d13d65787f02336dc2a173d5963"
 		score = 75
 		quality = 85
@@ -257054,8 +257502,8 @@ rule SIGNATURE_BASE_APT30_Sample_9 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L242-L263"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L242-L263"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "442bf8690401a2087a340ce4a48151c39101652f"
 		logic_hash = "0c5465bdafcbca02f855a0cba1fbb4c19d8d21b714dbe777b942dcd1a7acb257"
 		score = 75
@@ -257086,8 +257534,8 @@ rule SIGNATURE_BASE_APT30_Sample_10 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L264-L283"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L264-L283"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "eb518cda3c4f4e6938aaaee07f1f7db8ee91c901"
 		logic_hash = "5a6bd8223fbce133bd11b903edfd7f8ff5a436e26a47c048a5ac606ad4a0b564"
 		score = 75
@@ -257116,8 +257564,8 @@ rule SIGNATURE_BASE_APT30_Sample_11 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L285-L312"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L285-L312"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "59066d5d1ee3ad918111ed6fcaf8513537ff49a6"
 		logic_hash = "5e86b53591caa7c783a946205a3d04f91c71294d844e6f6ee88c3bc78e603ea0"
 		score = 75
@@ -257154,8 +257602,8 @@ rule SIGNATURE_BASE_APT30_Sample_12 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L314-L329"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L314-L329"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b02b5720ff0f73f01eb2ba029a58b645c987c4bc"
 		logic_hash = "997c91267f956bd7d2a7edca9817ebc80bbf1eed944b3bc01cc8bb01927deb1e"
 		score = 75
@@ -257180,8 +257628,8 @@ rule SIGNATURE_BASE_APT30_Sample_13 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L331-L349"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L331-L349"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a359f705a833c4a4254443b87645fd579aa94bcf"
 		logic_hash = "cd5285e8b78493b64704cec21c13d0a017d66936aa8356cfea2aa77c6f87b9e7"
 		score = 75
@@ -257209,8 +257657,8 @@ rule SIGNATURE_BASE_APT30_Sample_14 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L351-L367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L351-L367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b0740175d20eab79a5d62cdbe0ee1a89212a8472"
 		logic_hash = "e5f352b1aa643b9508c01bbe921197ebd8992ec94036b869c55970f0177164d3"
 		score = 75
@@ -257236,8 +257684,8 @@ rule SIGNATURE_BASE_APT30_Sample_15 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L369-L387"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L369-L387"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7a8576804a2bbe4e5d05d1718f90b6a4332df027"
 		logic_hash = "5179f39bdcb064f55479ad147a019dd0b3874783c6bad650e84cfd9d0430bb70"
 		score = 75
@@ -257265,8 +257713,8 @@ rule SIGNATURE_BASE_APT30_Sample_16 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L389-L407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L389-L407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "066d06ac08b48d3382d46bbeda6ad411b6d6130e"
 		logic_hash = "59ea90ac0590bd87a48fabf1a3fa7ece31560b980b738a34227937bbf82a1c55"
 		score = 75
@@ -257294,8 +257742,8 @@ rule SIGNATURE_BASE_APT30_Generic_A : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L409-L429"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L409-L429"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c20660a8a55c6c6cb058fb233e0b29e1e4be2683181dbdfb06e17037d0ed8c31"
 		score = 75
 		quality = 85
@@ -257325,8 +257773,8 @@ rule SIGNATURE_BASE_APT30_Sample_17 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L431-L445"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L431-L445"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c3aa52ff1d19e8fc6704777caf7c5bd120056845"
 		logic_hash = "43913151325fbce993dbfec0acf64ca835b12270c47156ae81b0ce4f32c7bde1"
 		score = 75
@@ -257350,8 +257798,8 @@ rule SIGNATURE_BASE_APT30_Sample_18 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L446-L466"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L446-L466"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "355436a16d7a2eba8a284b63bb252a8bb1644751"
 		logic_hash = "d20f1d1b7b43defc36c7b1f99f14ed9e73e770b6f43d0ad92110cf9178b35b15"
 		score = 75
@@ -257381,8 +257829,8 @@ rule SIGNATURE_BASE_APT30_Generic_G : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L468-L489"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L468-L489"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1612b392d6145bfb0c43f8a48d78c75f"
 		hash = "53f1358cbc298da96ec56e9a08851b4b"
 		hash = "c2acc9fc9b0f050ec2103d3ba9cb11c0"
@@ -257413,8 +257861,8 @@ rule SIGNATURE_BASE_APT30_Sample_19 : FILE
 		date = "2015-04-03"
 		modified = "2023-01-06"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L491-L517"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L491-L517"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cfa438449715b61bffa20130df8af778ef011e15"
 		logic_hash = "9127ae31c5b818a2759f9d33c74c8631079539e7fa8e49e5514b016df2624065"
 		score = 75
@@ -257448,8 +257896,8 @@ rule SIGNATURE_BASE_APT30_Generic_E_V2 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L519-L535"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L519-L535"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "eca53a9f6251ddf438508b28d8a483f91b99a3fd"
 		logic_hash = "25a7e5780f56b4f9cfb76494926c446a39a88bef2cda82b31e6de2b85c5edbda"
 		score = 75
@@ -257475,8 +257923,8 @@ rule SIGNATURE_BASE_APT30_Sample_20 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L537-L557"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L537-L557"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b1c37632e604a5d1f430c9351f87eb9e8ea911c0"
 		logic_hash = "f94cbd4b8e7ba302db9ac4ef3617bd68aa0aa1ee3cfc6dfee4621223bbdae3c5"
 		score = 75
@@ -257506,8 +257954,8 @@ rule SIGNATURE_BASE_APT30_Sample_21 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L559-L575"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L559-L575"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d315daa61126616a79a8582145777d8a1565c615"
 		logic_hash = "e3e431bb6915d99b8aa1915419b60ba47372005b9b4994a924746a91bad80310"
 		score = 75
@@ -257533,8 +257981,8 @@ rule SIGNATURE_BASE_APT30_Sample_22 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L577-L595"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L577-L595"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0d17a58c24753e5f8fd5276f62c8c7394d8e1481"
 		logic_hash = "88a45d248eba7b9776e2e7d345d2948e00a94a7e359acb89d1943be55ab342ad"
 		score = 75
@@ -257562,8 +258010,8 @@ rule SIGNATURE_BASE_APT30_Generic_F : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L597-L615"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L597-L615"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4997b52e0cc12a1a0c84cec3565dd9e6b486ccef4eb8791c566c7a534d36e3ff"
 		score = 75
 		quality = 85
@@ -257591,8 +258039,8 @@ rule SIGNATURE_BASE_APT30_Sample_23 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L617-L637"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L617-L637"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9865e24aadb4480bd3c182e50e0e53316546fc01"
 		logic_hash = "64ff048b061431e0834ac40bfccb0d9e8ca60ffb022578ef910e6ffc511be6ed"
 		score = 75
@@ -257622,8 +258070,8 @@ rule SIGNATURE_BASE_APT30_Sample_24 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L639-L658"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L639-L658"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "572caa09f2b600daa941c60db1fc410bef8d1771"
 		logic_hash = "9d550fd0225f1c4e3b16ae53648644d7bb5c80e99e2a1a3d199e51c7219c2e94"
 		score = 75
@@ -257652,8 +258100,8 @@ rule SIGNATURE_BASE_APT30_Sample_25 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L660-L679"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L660-L679"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "44a21c8b3147fabc668fee968b62783aa9d90351"
 		logic_hash = "86945188f888762ae585463df7cfb6e5fed30d0fcfcca4e642aedf07a0193ae7"
 		score = 75
@@ -257682,8 +258130,8 @@ rule SIGNATURE_BASE_APT30_Sample_26 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L681-L700"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L681-L700"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e26588113417bf68cb0c479638c9cd99a48e846d"
 		logic_hash = "b585687c071dc2dddb888906f47b7af6bc7683e902d3afb42364896e800fac5c"
 		score = 75
@@ -257712,8 +258160,8 @@ rule SIGNATURE_BASE_APT30_Generic_D : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L702-L725"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L702-L725"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ff39fc7643441652ec0cdf2f84c7827d326ddb5f01451b3857cfc4015eb01467"
 		score = 75
 		quality = 85
@@ -257746,8 +258194,8 @@ rule SIGNATURE_BASE_APT30_Sample_27 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L727-L746"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L727-L746"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "959573261ca1d7e5ddcd19447475b2139ca24fe1"
 		logic_hash = "5ef0661c5c04f0f0923548509363971011194a16e4308fcfdea5db90e85518a4"
 		score = 75
@@ -257776,8 +258224,8 @@ rule SIGNATURE_BASE_APT30_Sample_28 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L748-L776"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L748-L776"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d246a188ad9ec69948bef6018bab1e7a244c76dcf511c3f9d16024ef7e369ae2"
 		score = 75
 		quality = 85
@@ -257815,8 +258263,8 @@ rule SIGNATURE_BASE_APT30_Sample_29 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L778-L798"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L778-L798"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "44492c53715d7c79895904543843a321491cb23a"
 		logic_hash = "7a59118ba00413961e6fc4d54680373d033a38d698613f853f67137b85c123a7"
 		score = 75
@@ -257846,8 +258294,8 @@ rule SIGNATURE_BASE_APT30_Sample_30 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L800-L817"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L800-L817"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3b684fa40b4f096e99fbf535962c7da5cf0b4528"
 		logic_hash = "5ecfc8d53b768f624c8765f70708bfaae5396d7aa6b0335f7c656f4350649c5d"
 		score = 75
@@ -257874,8 +258322,8 @@ rule SIGNATURE_BASE_APT30_Sample_31 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L819-L836"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L819-L836"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8b4271167655787be1988574446125eae5043aca"
 		logic_hash = "003bfa9774d3e85829cc266d06417b86287986994995adfa7a2bd26c3648c07e"
 		score = 75
@@ -257902,8 +258350,8 @@ rule SIGNATURE_BASE_APT30_Generic_J : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L838-L869"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L838-L869"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7c404689b60fe493ca9b503902173ac04d7bb00488edec9e69006e6d51e20c51"
 		score = 75
 		quality = 85
@@ -257944,8 +258392,8 @@ rule SIGNATURE_BASE_APT30_Microfost : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L871-L885"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L871-L885"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "57169cb4b8ef7a0d7ebd7aa039d1a1efd6eb639e"
 		logic_hash = "1fe5be3a88859fd3d485adfba92cf117afedc739bd0a46c039124919c3b81361"
 		score = 75
@@ -257969,8 +258417,8 @@ rule SIGNATURE_BASE_APT30_Generic_K : FILE
 		date = "2015-04-03"
 		modified = "2023-01-06"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L887-L917"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L887-L917"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "142bc01ad412799a7f9ffed994069fecbd5a2f93"
 		logic_hash = "eed03bb4290eef0ad1cf362a157923aa1fb8faa9305b5aaba3563d0a4e65e1a5"
 		score = 75
@@ -258007,8 +258455,8 @@ rule SIGNATURE_BASE_APT30_Sample_33 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L919-L939"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L919-L939"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "72c568ee2dd75406858c0294ccfcf86ad0e390e4"
 		logic_hash = "295c2d9fcf1c3bab54650fd1d203dfb8c12269945aad8927066ef6f815abea69"
 		score = 75
@@ -258038,8 +258486,8 @@ rule SIGNATURE_BASE_APT30_Sample_34 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L941-L960"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L941-L960"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "216868edbcdd067bd2a9cce4f132d33ba9c0d818"
 		logic_hash = "2406f9613585669f88c389ea9729a089f6aef13fba46d60b713f51cd3a946b5d"
 		score = 75
@@ -258068,8 +258516,8 @@ rule SIGNATURE_BASE_APT30_Sample_35 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L962-L977"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L962-L977"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "df48a7cd6c4a8f78f5847bad3776abc0458499a6"
 		logic_hash = "a70d9471215ddcfe84a39b33f53c4114b205aa2cc95cd93081afe442ee2b8b42"
 		score = 75
@@ -258094,8 +258542,8 @@ rule SIGNATURE_BASE_APT30_Sample_1 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L979-L996"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L979-L996"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8cea83299af8f5ec6c278247e649c9d91d4cf3bc"
 		logic_hash = "5f20b60b8721d62731708630a3443741c956304c553f651572282336995f6d4f"
 		score = 75
@@ -258122,8 +258570,8 @@ rule SIGNATURE_BASE_APT30_Generic_1 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L998-L1031"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L998-L1031"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0a2d4e8583286a3f44b49dc902143ee1ea321d26275c6cbcd54876e94b8cd2a3"
 		score = 75
 		quality = 85
@@ -258166,8 +258614,8 @@ rule SIGNATURE_BASE_APT30_Generic_2 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L1032-L1087"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L1032-L1087"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "56c9e58298c318b6dff2cce0ab896bb7bdd22429e6015b8fe72b8ad2f1f69d30"
 		score = 75
 		quality = 85
@@ -258232,8 +258680,8 @@ rule SIGNATURE_BASE_APT30_Generic_4 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L1110-L1140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L1110-L1140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d6a45baee2741c5ebb05fc3f17974a041cd37f665df1e67934b0928fc75f37c3"
 		score = 75
 		quality = 85
@@ -258273,8 +258721,8 @@ rule SIGNATURE_BASE_APT30_Generic_5 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L1142-L1163"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L1142-L1163"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a9d93d7dbf8c5e97ce77cf3fef4941a01c5b1c6bcee40c6f4ca7117d8aee289e"
 		score = 75
 		quality = 85
@@ -258305,8 +258753,8 @@ rule SIGNATURE_BASE_APT30_Generic_6 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L1165-L1186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L1165-L1186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ff7473e43e11e31fe6ad997009834f661a0120317e479184410456c99f72b613"
 		score = 75
 		quality = 85
@@ -258337,8 +258785,8 @@ rule SIGNATURE_BASE_APT30_Generic_7 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L1188-L1206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L1188-L1206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b5a272cbeb46be9b120acdbe12d795eddc05765777e4157d818c2b91ea7b782b"
 		score = 75
 		quality = 85
@@ -258366,8 +258814,8 @@ rule SIGNATURE_BASE_APT30_Generic_8 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L1207-L1232"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L1207-L1232"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2c240d2a35ce3d621d108d03d4e720ddf86e248047fb4dd7f9724e64020caa7f"
 		score = 75
 		quality = 85
@@ -258402,8 +258850,8 @@ rule SIGNATURE_BASE_APT30_Generic_9 : FILE
 		date = "2015-04-13"
 		modified = "2023-12-05"
 		reference = "https://www2.fireeye.com/rs/fireye/images/rpt-apt30.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt30_backspace.yar#L1234-L1255"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt30_backspace.yar#L1234-L1255"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0b30c2f0bd654371bf3ac4f9d4e700e1544b62a6c0a072d506160c443fc5fe9d"
 		score = 75
 		quality = 85
@@ -258434,8 +258882,8 @@ rule SIGNATURE_BASE_MAL_Kwampirs_Apr18 : KWAMPIRS
 		date = "2018-04-23"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/orangeworm-targets-healthcare-us-europe-asia"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_kwampirs.yar#L1-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_kwampirs.yar#L1-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e9387c46b9e3fff90415c46af270d143bdeb6292f2521d889b8d6ae726a4cf3b"
 		score = 75
 		quality = 85
@@ -258511,8 +258959,8 @@ rule SIGNATURE_BASE_Irongate_APT_Step7Prosim_Gen : FILE
 		date = "2016-06-04"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/Mr6M2J"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irongate.yar#L10-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irongate.yar#L10-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aab41ada32a8186f958baccad08b60ac1ab686f7561d4dd4471a1e88ddd53730"
 		score = 90
 		quality = 85
@@ -258549,8 +258997,8 @@ rule SIGNATURE_BASE_Irongate_Pyinstaller_Update_EXE : FILE
 		date = "2016-06-04"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/Mr6M2J"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irongate.yar#L42-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irongate.yar#L42-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b55e02af900b3510743502bd72d5e14c9235985b5a7b05def0f5c462b28f2216"
 		score = 60
 		quality = 85
@@ -258578,8 +259026,8 @@ rule SIGNATURE_BASE_Nirsoft_Netresview : FILE
 		date = "2016-06-04"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/Mr6M2J"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irongate.yar#L67-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irongate.yar#L67-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "56c3c7a98bcefa609ee604ea0d7d3f4dd237d91a9439eeed66e0d6f3a20dfdd0"
 		score = 40
 		quality = 85
@@ -258604,8 +259052,8 @@ rule SIGNATURE_BASE_Crime_Win32_Dridex_Socks5_Mod
 		date = "2020-04-06"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/VK_Intel/status/1247058432223477760"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_evilcorp_dridex_banker.yar#L8-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_evilcorp_dridex_banker.yar#L8-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5ca09e9c7d94e949e453d1bb69b566c12b253579cbcae700929d4f517df35a0a"
 		score = 75
 		quality = 85
@@ -258628,8 +259076,8 @@ rule SIGNATURE_BASE_Crime_Win32_Hvnc_Banker_Gen
 		date = "2020-04-06"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/VK_Intel/status/1247058432223477760"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_evilcorp_dridex_banker.yar#L22-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_evilcorp_dridex_banker.yar#L22-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b01af685c3826834aadaf4eac1f1d8171db288a2efa7b769d8122421f7af8d7e"
 		score = 75
 		quality = 85
@@ -258647,8 +259095,8 @@ rule SIGNATURE_BASE_Tidepool_Malware : FILE
 		date = "2016-05-24"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/m2CXWR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_tidepool.yar#L8-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_tidepool.yar#L8-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "759920ed7c9320e8412ed0644b28922a545b04f7549f0da6d6c67d6af8a7af3e"
 		score = 75
 		quality = 85
@@ -258681,8 +259129,8 @@ rule SIGNATURE_BASE_Cloudduke_Malware : FILE
 		date = "2015-07-22"
 		modified = "2023-12-05"
 		reference = "https://www.f-secure.com/weblog/archives/00002822.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cloudduke.yar#L10-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cloudduke.yar#L10-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eaa159a99b6518db736adfd555bfcd052c2ae21b2e60a1db80b90459c47c90ab"
 		score = 60
 		quality = 85
@@ -258718,8 +259166,8 @@ rule SIGNATURE_BASE_SFXRAR_Acrotray : FILE
 		date = "2015-07-22"
 		modified = "2023-12-05"
 		reference = "https://www.f-secure.com/weblog/archives/00002822.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cloudduke.yar#L42-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cloudduke.yar#L42-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3b318ab2854eb7614dd1a42d3971a96d1d485d5cce552336ad3a7f39886ba710"
 		score = 70
 		quality = 85
@@ -258747,8 +259195,8 @@ rule SIGNATURE_BASE_SUSP_Qakbot_Uninstaller_Shellcode_Aug23
 		date = "2023-08-30"
 		modified = "2023-12-05"
 		reference = "https://www.justice.gov/usao-cdca/divisions/national-security-division/qakbot-resources"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_qakbot_uninstaller.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_qakbot_uninstaller.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "91d26c50bf29517aa68e709ca3b6f32f4ca390f4c2f48e48cd251bfdd5dbcc71"
 		score = 60
 		quality = 85
@@ -258769,8 +259217,8 @@ rule SIGNATURE_BASE_SUSP_Qakbot_Uninstaller_FBI_Aug23
 		date = "2023-08-31"
 		modified = "2023-12-05"
 		reference = "https://www.justice.gov/usao-cdca/divisions/national-security-division/qakbot-resources"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_qakbot_uninstaller.yar#L16-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_qakbot_uninstaller.yar#L16-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0ce963190502709edec9434e6a64cb9db7c5553113b686afc56a516350d76baa"
 		score = 60
 		quality = 85
@@ -258797,8 +259245,8 @@ rule SIGNATURE_BASE_Poisonivy_Generic_3 : FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_poisonivy_gen3.yar#L2-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_poisonivy_gen3.yar#L2-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e1cbdf740785f97c93a0a7a01ef2614be792afcd"
 		logic_hash = "8116b07c00218a0e9784447f322455ff24ae754770b85db760b1c397e10e5695"
 		score = 75
@@ -258834,8 +259282,8 @@ rule SIGNATURE_BASE_MAL_DNSPIONAGE_Malware_Nov18 : FILE
 		date = "2018-11-30"
 		modified = "2023-01-06"
 		reference = "https://blog.talosintelligence.com/2018/11/dnspionage-campaign-targets-middle-east.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dnspionage.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dnspionage.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c7f148b790c391283ac833236ad7fd3af7af517098adeaf88b8ee8d95df11487"
 		score = 75
 		quality = 85
@@ -258862,8 +259310,8 @@ rule SIGNATURE_BASE_APT_Dnspionage_Karkoff_Malware_Apr19_1 : FILE
 		date = "2019-04-24"
 		modified = "2023-12-05"
 		reference = "https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dnspionage.yar#L23-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dnspionage.yar#L23-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1e8157cec7e70f7c95dffecd1c5a820f29825586a95f2a5c6e4db0a51b1d4708"
 		score = 75
 		quality = 85
@@ -258894,8 +259342,8 @@ rule SIGNATURE_BASE_LOG_Proxynotshell_POC_CVE_2022_41040_Nov22 : CVE_2022_41040
 		date = "2022-11-17"
 		modified = "2023-12-05"
 		reference = "https://github.com/testanull/ProxyNotShell-PoC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vuln_proxynotshell_cve_2022_41040.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vuln_proxynotshell_cve_2022_41040.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7f91502fd9c59180970fc4253134582b44ba318db03ef4eb575257b2f3818d94"
 		score = 70
 		quality = 85
@@ -258920,8 +259368,8 @@ rule SIGNATURE_BASE_MAL_Sednit_Delphidownloader_Apr18_2 : FILE
 		date = "2018-04-24"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sednit_delphidownloader.yar#L11-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sednit_delphidownloader.yar#L11-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "32acbec3405007afce22b0521785439686338d4d3beb02a1d7b9005e49d87221"
 		score = 75
 		quality = 85
@@ -258957,8 +259405,8 @@ rule SIGNATURE_BASE_MAL_Sednit_Delphidownloader_Apr18_3 : FILE
 		date = "2018-04-24"
 		modified = "2023-01-06"
 		reference = "https://www.welivesecurity.com/2018/04/24/sednit-update-analysis-zebrocy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sednit_delphidownloader.yar#L40-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sednit_delphidownloader.yar#L40-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "20446692842ec9481f34dd976f6b309515c33159653f9988a59335d2f04e4138"
 		score = 75
 		quality = 85
@@ -258989,8 +259437,8 @@ rule SIGNATURE_BASE_Hermes2_1 : FILE
 		date = "2017-10-11"
 		modified = "2023-12-05"
 		reference = "https://baesystemsai.blogspot.de/2017/10/taiwan-heist-lazarus-tools.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_hermes_ransom.yar#L1-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_hermes_ransom.yar#L1-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b27881f59c8d8cc529fa80a58709db36"
 		logic_hash = "85a7b3ec89f2bf32e5520a7c5c84661383be71abd8dae3d072d75d5b1118db24"
 		score = 75
@@ -259023,8 +259471,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_1 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L10-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L10-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1e024767797fb146b92d6e8c549597c0cda7c2f8fb961299a3808b9b2e924666"
 		score = 75
 		quality = 85
@@ -259050,8 +259498,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_2 : FILE
 		date = "2017-04-03"
 		modified = "2023-01-06"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L28-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L28-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dff8623c35c83c20fb525209ec9aa5d77b51fa494eb557845a8320c77746c02f"
 		score = 90
 		quality = 85
@@ -259086,8 +259534,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_3 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L59-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L59-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d15b4c277e2c4dfe300f242e4cc9b217981166191a47939ca437c55391874b5d"
 		score = 75
 		quality = 85
@@ -259116,8 +259564,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Dropper_1 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L81-L94"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L81-L94"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ee0caf8a08db9a2a83f10178e2ee890b6b0bc6e699ebb3d01fa94fa48c6dfdee"
 		score = 75
 		quality = 85
@@ -259140,8 +259588,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_4 : FILE
 		date = "2017-04-03"
 		modified = "2023-01-06"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L96-L112"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L96-L112"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7b39531e4af93ab026381a1114efe00fa01fb45860ddb512dbfa436471644e20"
 		score = 75
 		quality = 85
@@ -259166,8 +259614,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_5 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L114-L134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L114-L134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9b91ac8f450843c7c85e8d056218aff671bb0f345d16a7ba3f4180ac008bf318"
 		score = 75
 		quality = 85
@@ -259195,8 +259643,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_6 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L136-L152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L136-L152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f165912001c5e2eb48cef46df12220f7f7a53e908a6af571bb4932c50e355388"
 		score = 75
 		quality = 85
@@ -259222,8 +259670,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_7 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L154-L168"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L154-L168"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "01993e785fb7d5de9ea629d31725e86fa169b70dcde9716a5da0b646ac88864a"
 		score = 75
 		quality = 85
@@ -259247,8 +259695,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_8 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L170-L189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L170-L189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a27b041a1ff0fae3d06d8050fe3207435cb84f421099dc1cad8f8a503e976860"
 		score = 75
 		quality = 85
@@ -259277,8 +259725,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_9 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L191-L205"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L191-L205"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f45159a508ce8ccb5ab57c7347916642f58ab1b6e0a8886ba53e4810ed65c5c1"
 		score = 75
 		quality = 85
@@ -259302,8 +259750,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_10 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L207-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L207-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "538754e6daadd3efa3e77723dce7143fecad28cf94caa1b29a2d45df44b14ee4"
 		score = 75
 		quality = 85
@@ -259328,8 +259776,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Malware_11 : FILE
 		date = "2017-04-03"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L224-L240"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L224-L240"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7935d3aeef0d4c94a00dd44942a1ba97d0c9fce848914ebc9c59d9f8e9f51599"
 		score = 75
 		quality = 85
@@ -259354,8 +259802,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Lockdown : FILE
 		date = "2017-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L251-L265"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L251-L265"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3f24c08817bc94bb4b7d09d51bed62f43952f2c66338f29c4bc8e9000b3ff78a"
 		score = 75
 		quality = 85
@@ -259379,8 +259827,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Windowxarbot : FILE
 		date = "2017-04-07"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L267-L279"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L267-L279"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5d8a9c25032c5371e843f8e80884e43a64c73b1644605b39b2dff11104c3bbcd"
 		score = 75
 		quality = 85
@@ -259402,8 +259850,8 @@ rule SIGNATURE_BASE_Opcloudhopper_Wmidll_Inmemory
 		date = "2017-04-07"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L281-L293"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L281-L293"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6dddda4e519eeaa67eb4c21151cab10553420a23a077751e0fc45fcae0bf6e69"
 		score = 75
 		quality = 85
@@ -259425,8 +259873,8 @@ rule SIGNATURE_BASE_VBS_Wmiexec_Tool_Apr17_1 : FILE
 		date = "2017-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cloudhopper.yar#L295-L318"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cloudhopper.yar#L295-L318"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b0aad1c8dfc07ae3df835ae113bd02abfd706a0646ffcac5dd5691822016d31a"
 		score = 75
 		quality = 85
@@ -259458,8 +259906,8 @@ rule SIGNATURE_BASE_SUSP_RDP_File_Indicators_Oct24_1 : FILE
 		date = "2024-10-25"
 		modified = "2024-12-12"
 		reference = "https://thecyberexpress.com/rogue-rdp-files-used-in-ukraine-cyberattacks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nobellium_rdp_phish.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nobellium_rdp_phish.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "55bd63738c38719ce7aeb874956488b0d3f7167a31d880ee61994b5921bd1458"
 		score = 75
 		quality = 85
@@ -259489,8 +259937,8 @@ rule SIGNATURE_BASE_Win7Elevatev2 : FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "http://www.pretentiousname.com/misc/W7E_Source/Win7Elevate_Inject.cpp.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_uac_elevators.yar#L2-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_uac_elevators.yar#L2-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2f5859388c6074f1a75f0c40387f30ffa50d6b87f20f518fd1af7398c95cd650"
 		score = 60
 		quality = 85
@@ -259529,8 +259977,8 @@ rule SIGNATURE_BASE_UACME_Akagi
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/hfiref0x/UACME"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_uac_elevators.yar#L35-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_uac_elevators.yar#L35-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e10f39837a53dcc6d301d21a69fca965aeca0a07cfc832a9a0142b08d280f955"
 		score = 60
 		quality = 85
@@ -259566,8 +260014,8 @@ rule SIGNATURE_BASE_Uacelevator : FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/MalwareTech/UACElevator"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_uac_elevators.yar#L66-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_uac_elevators.yar#L66-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fd29d5a72d7a85b7e9565ed92b4d7a3884defba6"
 		logic_hash = "8215746b2c84a5500221580969fb2eac8ee11cbb5af4ba5bf2dbd1def65b8745"
 		score = 75
@@ -259599,8 +260047,8 @@ rule SIGNATURE_BASE_S4U : FILE
 		date = "2015-06-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/aurel26/s-4-u-for-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_uac_elevators.yar#L92-L139"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_uac_elevators.yar#L92-L139"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cfc18f3d5306df208461459a8e667d89ce44ed77"
 		logic_hash = "b1882710f2514fb44ff01631636c0a66beef620c8bea644ebe05cd5385a9e494"
 		score = 50
@@ -259650,8 +260098,8 @@ rule SIGNATURE_BASE_UACME_Akagi_2 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/hfiref0x/UACME"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_uac_elevators.yar#L151-L174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_uac_elevators.yar#L151-L174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f79a82d466f51c86a0e6fb89688708c35dbcc7ba8f4543e5fb7565d41dd3faab"
 		score = 80
 		quality = 85
@@ -259682,8 +260130,8 @@ rule SIGNATURE_BASE_MAL_ELF_Reverseshell_Sslshell_Jun23_1 : CVE_2023_2868 FILE
 		date = "2023-06-07"
 		modified = "2023-12-05"
 		reference = "https://www.barracuda.com/company/legal/esg-vulnerability"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_lnx_barracuda_cve_2023_2868.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_lnx_barracuda_cve_2023_2868.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "57e9afb2f6928656242b8257cc3b98ae3b03e38c75ad40b544e3fc6afaea794d"
 		score = 75
 		quality = 85
@@ -259706,8 +260154,8 @@ rule SIGNATURE_BASE_MAL_ELF_SALTWATER_Jun23_1 : CVE_2023_2868 FILE
 		date = "2023-06-07"
 		modified = "2023-12-05"
 		reference = "https://www.barracuda.com/company/legal/esg-vulnerability"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_lnx_barracuda_cve_2023_2868.yar#L21-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_lnx_barracuda_cve_2023_2868.yar#L21-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cb35898c0ee726170da93b4364920ac065f083f9f02db8eb5d293b1ce127cb78"
 		score = 80
 		quality = 85
@@ -259736,8 +260184,8 @@ rule SIGNATURE_BASE_Turla_APT_Srsvc : TURLA FILE
 		date = "2016-06-09"
 		modified = "2023-12-05"
 		reference = "https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "76bd2aacde66114090d1c1767da64728219230964a0bc78a5d830819c46bac3a"
 		score = 75
 		quality = 85
@@ -259766,8 +260214,8 @@ rule SIGNATURE_BASE_Turla_APT_Malware_Gen1 : TURLA FILE
 		date = "2016-06-09"
 		modified = "2023-12-05"
 		reference = "https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla.yar#L33-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla.yar#L33-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3676d01d5e4044fd49292eb7b4376ff90f0a41141f89a19b13c5518b01257be3"
 		score = 75
 		quality = 85
@@ -259813,8 +260261,8 @@ rule SIGNATURE_BASE_RUAG_APT_Malware_Gen2 : FILE
 		date = "2016-06-09"
 		modified = "2023-01-06"
 		reference = "https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla.yar#L73-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla.yar#L73-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "62c65a5c85930dd2a928508401113ffba28bc6a07188d9bf5c68234bea10e1aa"
 		score = 90
 		quality = 85
@@ -259855,8 +260303,8 @@ rule SIGNATURE_BASE_Turla_APT_Malware_Gen3 : TURLA FILE
 		date = "2016-06-09"
 		modified = "2023-12-05"
 		reference = "https://www.govcert.admin.ch/blog/22/technical-report-about-the-ruag-espionage-case"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla.yar#L110-L150"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla.yar#L110-L150"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8c24cf71841efc974c8a4d8eb5662137592c1d454821c9beadc50d83cb19333c"
 		score = 75
 		quality = 85
@@ -259904,8 +260352,8 @@ rule SIGNATURE_BASE_Turla_Mal_Script_Jan18_1 : FILE
 		date = "2018-01-19"
 		modified = "2023-12-05"
 		reference = "https://ghostbin.com/paste/jsph7"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla.yar#L152-L169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla.yar#L152-L169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2386abf8afdf8ed9cfd55cb3dcbb998eb732744c601fd9af701cf64c366a0e62"
 		score = 75
 		quality = 85
@@ -259933,8 +260381,8 @@ rule SIGNATURE_BASE_Turla_Kazuarrat : FILE
 		date = "2018-04-08"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DrunkBinary/status/982969891975319553"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla.yar#L173-L192"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla.yar#L173-L192"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d7f15fe8e33a9e3516eab5c3c5664aeee25d1d153f01b888a50dd2accba432ca"
 		score = 75
 		quality = 85
@@ -259961,8 +260409,8 @@ rule SIGNATURE_BASE_MAL_Turla_Agent_BTZ : FILE
 		date = "2018-04-12"
 		modified = "2023-01-06"
 		reference = "https://www.gdatasoftware.com/blog/2014/11/23937-the-uroburos-case-new-sophisticated-rat-identified"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla.yar#L195-L226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla.yar#L195-L226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3a091d29ef5981b9ab9c0e4114fef9de70acbcbc8ea8518183a567459e1086fa"
 		score = 90
 		quality = 85
@@ -259997,8 +260445,8 @@ rule SIGNATURE_BASE_MAL_Turla_Sample_May18_1 : FILE
 		date = "2018-05-03"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/omri9741/status/991942007701598208"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla.yar#L228-L250"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla.yar#L228-L250"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f5bb26bc787acb89fe5a337121aabc0cd15ed3fd5cbe64ef4e7031e04dc14fb1"
 		score = 75
 		quality = 85
@@ -260030,8 +260478,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Turla_Apr20_1 : FILE
 		date = "2020-04-05"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/Int2e_/status/1246115636331319309"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla.yar#L252-L272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla.yar#L252-L272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d463f5a151bb0c3440d719b4c7c0d1ca34de1e0bed7fb9167ecf396607abd3ff"
 		score = 75
 		quality = 85
@@ -260059,8 +260507,8 @@ rule SIGNATURE_BASE_APT_MAL_Tinyturla_Sep21_1 : FILE
 		date = "2021-09-21"
 		modified = "2023-12-05"
 		reference = "https://blog.talosintelligence.com/2021/09/tinyturla.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla.yar#L275-L295"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla.yar#L275-L295"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ede598374bc4a8a870aa29498be4200b4a3d7b289dfcb680fb3f91108d212bca"
 		score = 75
 		quality = 85
@@ -260090,8 +260538,8 @@ rule SIGNATURE_BASE_Powershell_Susp_Parameter_Combo : HIGHVOL FILE
 		date = "2017-03-12"
 		modified = "2022-09-15"
 		reference = "https://goo.gl/uAic1X"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_invocation.yar#L2-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_invocation.yar#L2-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d56d97b4f0506430f21ccb029524111c404c03f8cef25710b96c6c0915fdcf22"
 		score = 60
 		quality = 31
@@ -260160,8 +260608,8 @@ rule SIGNATURE_BASE_OSX_Backdoor_Bella : FILE
 		date = "2018-02-23"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/JohnLaTwC/status/911998777182924801"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_osx_backdoor_bella.yar#L2-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_osx_backdoor_bella.yar#L2-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4288a81779a492b5b02bad6e90b2fa6212fa5f8ee87cc5ec9286ab523fc02446 cec7be2126d388707907b4f9d681121fd1e3ca9f828c029b02340ab1331a5524 e1cf136be50c4486ae8f5e408af80b90229f3027511b4beed69495a042af95be"
 		logic_hash = "c2fa72072decd850698fbaaa9c2a6687cdf64e6bac068ff52a97963053db4339"
 		score = 75
@@ -260196,8 +260644,8 @@ rule SIGNATURE_BASE_WEBSHELL_Csharp_Hash_String_Oct22 : FILE
 		date = "2022-10-27"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshell_csharp.yar#L2-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshell_csharp.yar#L2-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "29c187ad46d3059dc25d5f0958e0e8789fb2a51b9daaf90ea27f001b1a9a603c"
 		logic_hash = "28a07f3dd17fc469388867fa82a0e21abeee9c4e114af245b684535e4e194891"
 		score = 60
@@ -260226,8 +260674,8 @@ rule SIGNATURE_BASE_Poseidongroup_Malware : FILE
 		date = "2016-02-09"
 		modified = "2023-01-27"
 		reference = "https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_poseidon_group.yar#L8-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_poseidon_group.yar#L8-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "315d540f2d2cb7b55e1a069cef8dd2eeceabcea4a428b33cf520a0f23d3819ea"
 		score = 85
 		quality = 85
@@ -260273,8 +260721,8 @@ rule SIGNATURE_BASE_Poseidongroup_Maldoc_1 : FILE
 		date = "2016-02-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_poseidon_group.yar#L50-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_poseidon_group.yar#L50-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0983526d7f0640e5765ded6be6c9e64869172a02c20023f8a006396ff358999b"
 		logic_hash = "0d8c255f56bb33b6a720c98727127c07a2d77245b18da381706a40339bebd20b"
 		score = 80
@@ -260297,8 +260745,8 @@ rule SIGNATURE_BASE_Poseidongroup_Maldoc_2 : FILE
 		date = "2016-02-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_poseidon_group.yar#L66-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_poseidon_group.yar#L66-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2c35077a4980336a2c50cade322861dc02f92f7617115420eebe7c882c2f620b"
 		score = 70
 		quality = 85
@@ -260330,8 +260778,8 @@ rule SIGNATURE_BASE_Derusbi_Kernel : FILE
 		date = "2015-12-09"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_derusbi.yar#L9-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_derusbi.yar#L9-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d5a0ce0b0116c3a84d52c22369dbf3cb9cf3ad8f8a05cea5565ba9bb99255fab"
 		score = 75
 		quality = 85
@@ -260354,8 +260802,8 @@ rule SIGNATURE_BASE_Derusbi_Linux : FILE
 		date = "2015-12-09"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_derusbi.yar#L24-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_derusbi.yar#L24-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "68d5af17b33d1aa0388516e5d2a1ad29c22dc04451e232dfbdf1ef0714baeb10"
 		score = 75
 		quality = 85
@@ -260380,8 +260828,8 @@ rule SIGNATURE_BASE_Derusbi_Kernel_Driver_WD_UDFS : FILE
 		date = "2015-12-15"
 		modified = "2023-12-05"
 		reference = "http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_derusbi.yar#L48-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_derusbi.yar#L48-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bea8dafbef01ca8cf747a1f24804c0fb7868db09ce8091ff93c9c5d67d95ca3e"
 		score = 80
 		quality = 85
@@ -260417,8 +260865,8 @@ rule SIGNATURE_BASE_Derusbi_Code_Signing_Cert : FILE
 		date = "2015-12-15"
 		modified = "2023-12-05"
 		reference = "http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_derusbi.yar#L81-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_derusbi.yar#L81-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dae976a4896a4f6b6a1b415582db84f3da5aac03bf4079f75e11c790dcf23900"
 		score = 60
 		quality = 85
@@ -260442,8 +260890,8 @@ rule SIGNATURE_BASE_XOR_4Byte_Key : FILE
 		date = "2015-12-15"
 		modified = "2023-12-05"
 		reference = "http://blog.airbuscybersecurity.com/post/2015/11/Newcomers-in-the-Derusbi-family"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_derusbi.yar#L98-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_derusbi.yar#L98-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "61cbdac3fd9a486d85261234698f33aa04d505b32dfec731de6fc61d103bf609"
 		score = 60
 		quality = 85
@@ -260465,8 +260913,8 @@ rule SIGNATURE_BASE_Derusbi_Backdoor_Mar17_1 : FILE
 		date = "2017-03-03"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_derusbi.yar#L123-L143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_derusbi.yar#L123-L143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "068a8d5c7378c6cf9d0369374550cd34b54e9f913aa7512a6beb46395fc15b19"
 		score = 75
 		quality = 85
@@ -260496,8 +260944,8 @@ rule SIGNATURE_BASE_HKTL_Venom_LIB_Dec22 : FILE
 		date = "2022-12-17"
 		modified = "2023-12-05"
 		reference = "https://github.com/Idov31/Venom"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_hktl_venom_lib.yar#L2-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_hktl_venom_lib.yar#L2-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa143946479a45b272d507c3aa2b17026bfdcbb4abefd833f95ff78537568ec1"
 		score = 75
 		quality = 85
@@ -260528,8 +260976,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_Mal_HTA : CVE_2017_8759 FILE
 		date = "2017-09-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Voulnet/CVE-2017-8759-Exploit-sample"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2017_8759.yar#L11-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2017_8759.yar#L11-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f98578104e411fcf75a46f8a0bc3e561c94d0ca4ad7c1aae2595d03a29efd74e"
 		score = 75
 		quality = 85
@@ -260552,8 +261000,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_Mal_Doc : CVE_2017_8759 FILE
 		date = "2017-09-14"
 		modified = "2023-11-21"
 		reference = "https://github.com/Voulnet/CVE-2017-8759-Exploit-sample"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2017_8759.yar#L26-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2017_8759.yar#L26-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0c81feebef463fee41661ca951a39ee789db5d36acc8262ddb391609d8680108"
 		score = 75
 		quality = 85
@@ -260580,8 +261028,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_SOAP_Via_JS : FILE
 		date = "2017-09-14"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/buffaloverflow/status/907728364278087680"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2017_8759.yar#L47-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2017_8759.yar#L47-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3c170479283fe859b9ecfba4834396aaf78b375472250a4b188bc913f69c97fd"
 		score = 60
 		quality = 81
@@ -260604,8 +261052,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_SOAP_Excel : CVE_2017_8759 FILE
 		date = "2017-09-15"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/buffaloverflow/status/908455053345869825"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2017_8759.yar#L63-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2017_8759.yar#L63-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "adea595b251796e93cdc54cc59198d88a68e28d42899c90721f63f6813df24fe"
 		score = 60
 		quality = 83
@@ -260627,11 +261075,11 @@ rule SIGNATURE_BASE_CVE_2017_8759_SOAP_Txt : CVE_2017_8759 FILE
 		date = "2017-09-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Voulnet/CVE-2017-8759-Exploit-sample"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2017_8759.yar#L78-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2017_8759.yar#L78-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "184179006ed2ac2ad76e09c53196805fcb1b7380dab1d5740b4469a89d6b0b32"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "CVE-2017-8759, FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		hash1 = "840ad14e29144be06722aff4cc04b377364eeed0a82b49cc30712823838e2444"
@@ -260652,8 +261100,8 @@ rule SIGNATURE_BASE_CVE_2017_8759_WSDL_In_RTF : CVE_2017_8759 FILE
 		date = "2017-09-15"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/xdxdxdxdoa/status/908665278199996416"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2017_8759.yar#L94-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2017_8759.yar#L94-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "47adc7adfc55239792aef818648546adb1627e74690de0d811100cc49aab8c2f"
 		score = 75
 		quality = 85
@@ -260679,8 +261127,8 @@ rule SIGNATURE_BASE_Powerkatz_DLL_Generic : FILE
 		date = "2016-02-05"
 		modified = "2023-12-05"
 		reference = "PowerKatz Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powerkatz.yar#L9-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powerkatz.yar#L9-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "979cdb42b54a26960b3173d5ea6abcc5fa61bef57f98b09e55eb4c75f1040a40"
 		score = 80
 		quality = 85
@@ -260711,8 +261159,8 @@ rule SIGNATURE_BASE_Powershell_Case_Anomaly : FILE
 		date = "2017-08-11"
 		modified = "2022-06-12"
 		reference = "https://twitter.com/danielhbohannon/status/905096106924761088"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_case_anomalies.yar#L11-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_case_anomalies.yar#L11-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cbef94b899a2d22930ee0e8b3eac03c505db629d19a62ddd8f56482403dfa595"
 		score = 70
 		quality = 77
@@ -260754,8 +261202,8 @@ rule SIGNATURE_BASE_Wscriptshell_Case_Anomaly : FILE
 		date = "2017-09-11"
 		modified = "2022-06-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_case_anomalies.yar#L62-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_case_anomalies.yar#L62-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5c64e124186ae2eb974639627287fb27fe27eb2855342703e4a27a9c0fd62a91"
 		score = 60
 		quality = 83
@@ -260782,8 +261230,8 @@ rule SIGNATURE_BASE_No_Powershell : FILE
 		date = "2016-05-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/Ben0xA/nps"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_nopowershell.yar#L8-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_nopowershell.yar#L8-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9fba467cfbf8cad0c8e6cf1e1c7eacd8b0be869ebe6c5180f50f5cdefa8b5bb5"
 		score = 80
 		quality = 85
@@ -260807,8 +261255,8 @@ rule SIGNATURE_BASE_Malware_QA_Not_Copy : FILE
 		date = "2016-08-29"
 		modified = "2023-12-05"
 		reference = "VT Research QA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_malware_set_qa.yar#L13-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_malware_set_qa.yar#L13-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4001d71101a9c6d4134e7ed4b9b03d34ada62241a668970e21a60d7a23dd7b86"
 		score = 80
 		quality = 85
@@ -260839,8 +261287,8 @@ rule SIGNATURE_BASE_Malware_QA_Update : FILE
 		date = "2016-08-29"
 		modified = "2023-12-05"
 		reference = "VT Research QA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_malware_set_qa.yar#L39-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_malware_set_qa.yar#L39-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "97e0fec7bb4ebf326b449cc0d65eb9f024b33e1d2e54c6d3893164b66c024b2a"
 		score = 80
 		quality = 85
@@ -260877,8 +261325,8 @@ rule SIGNATURE_BASE_Malware_QA_Tls : FILE
 		date = "2016-08-29"
 		modified = "2023-12-05"
 		reference = "VT Research QA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_malware_set_qa.yar#L71-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_malware_set_qa.yar#L71-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "20c849d8c60acd77a28244c7ebcbb2f96b233e74af6c52112a0c828e1de2ed84"
 		score = 80
 		quality = 85
@@ -260903,8 +261351,8 @@ rule SIGNATURE_BASE_Malware_QA_Get_The_Fucking_IP : FILE
 		date = "2016-08-29"
 		modified = "2023-12-05"
 		reference = "VT Research QA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_malware_set_qa.yar#L89-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_malware_set_qa.yar#L89-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ab6a60142ef0e7a6e079a1b62da0b962dc3b59584b785516e93c74669574a81b"
 		score = 80
 		quality = 85
@@ -260931,8 +261379,8 @@ rule SIGNATURE_BASE_Malware_QA_Vqgk : FILE
 		date = "2016-08-29"
 		modified = "2022-12-21"
 		reference = "VT Research QA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_malware_set_qa.yar#L109-L137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_malware_set_qa.yar#L109-L137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "19b7099cdb8a984f1ba6cf88024db398a81ac4f4bf3c16cac40c5ee0e5b465fd"
 		score = 80
 		quality = 85
@@ -260967,8 +261415,8 @@ rule SIGNATURE_BASE_Malware_QA_1177 : FILE
 		date = "2016-08-29"
 		modified = "2023-12-05"
 		reference = "VT Research QA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_malware_set_qa.yar#L139-L161"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_malware_set_qa.yar#L139-L161"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0fa8e6c048bcc51553e8078a71416013696dd937c1508cd636873eab56c3797f"
 		score = 80
 		quality = 81
@@ -260997,11 +261445,11 @@ rule SIGNATURE_BASE_SUSP_Themebleed_Theme_Sep23 : FILE
 		date = "2023-09-13"
 		modified = "2023-12-05"
 		reference = "https://github.com/gabe-k/themebleed"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2023_38146.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2023_38146.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "577003741f07aeffafd2b0b22913de44ea4f5ed264f4104ee013104355f65311"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -261021,8 +261469,8 @@ rule SIGNATURE_BASE_FIN7_Dropper_Aug17 : FILE
 		date = "2017-08-04"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7_backdoor.yar#L12-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7_backdoor.yar#L12-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "610b7288e08d36858de88abac3a86dcb6ebba1c019e17fb716f5c26aa964903b"
 		score = 75
 		quality = 60
@@ -261051,8 +261499,8 @@ rule SIGNATURE_BASE_FIN7_Backdoor_Aug17 : FILE
 		date = "2017-08-04"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/fin7carbanak-threat-actor-unleashes-bateleur-jscript-backdoor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7_backdoor.yar#L34-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7_backdoor.yar#L34-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "76818317c543c1464898463741ddaf8c6368d0f5004c088a323c4323db49060c"
 		score = 75
 		quality = 85
@@ -261091,8 +261539,8 @@ rule SIGNATURE_BASE_PLEAD_Downloader_Jun18_1 : FILE
 		date = "2018-06-16"
 		modified = "2023-12-05"
 		reference = "https://blog.jpcert.or.jp/2018/06/plead-downloader-used-by-blacktech.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_plead_downloader.yar#L1-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_plead_downloader.yar#L1-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "82fa4629aeb67a657af8b40527414e59d1c45a7c4e3c68398d3472c080c9487b"
 		score = 75
 		quality = 85
@@ -261119,8 +261567,8 @@ rule SIGNATURE_BASE_Rocketkitten_Keylogger : FILE
 		date = "2015-09-01"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/SjQhlp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_rocketkitten_keylogger.yar#L8-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_rocketkitten_keylogger.yar#L8-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c8523a50075c6ee9675d37d870da55d9e6193bbc770f6b916e700ab9aad438cc"
 		score = 75
 		quality = 85
@@ -261152,8 +261600,8 @@ rule SIGNATURE_BASE_MAL_Emotet_JS_Dropper_Oct19_1 : FILE
 		date = "2019-10-03"
 		modified = "2023-12-05"
 		reference = "https://app.any.run/tasks/aaa75105-dc85-48ca-9732-085b2ceeb6eb/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_emotet.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_emotet.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "563077f3bc8ee18a887eecb9f0591c693e5543a9875eebad2186745154af1ade"
 		score = 75
 		quality = 85
@@ -261178,8 +261626,8 @@ rule SIGNATURE_BASE_MAL_Emotet_Jan20_1 : FILE
 		date = "2020-01-29"
 		modified = "2023-12-05"
 		reference = "https://app.any.run/tasks/5e81638e-df2e-4a5b-9e45-b07c38d53929/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_emotet.yar#L20-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_emotet.yar#L20-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "23ffcdde3eae7637e5b47a0f940cbebafccfd4c3f222b882e73d7d02447b83c3"
 		score = 75
 		quality = 85
@@ -261203,8 +261651,8 @@ rule SIGNATURE_BASE_MAL_Emotet_BKA_Quarantine_Apr21
 		date = "2021-03-23"
 		modified = "2023-12-05"
 		reference = "https://www.bka.de/DE/IhreSicherheit/RichtigesVerhalten/StraftatenImInternet/FAQ/FAQ_node.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_emotet.yar#L39-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_emotet.yar#L39-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cc75be5f641e21446a41bf9cc855330a612847e7e3a3be935577d33195f40d05"
 		score = 75
 		quality = 85
@@ -261228,8 +261676,8 @@ rule SIGNATURE_BASE_MAL_Emotet_BKA_Cleanup_Apr21 : FILE
 		date = "2021-03-23"
 		modified = "2023-12-05"
 		reference = "https://www.bka.de/DE/IhreSicherheit/RichtigesVerhalten/StraftatenImInternet/FAQ/FAQ_node.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_emotet.yar#L54-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_emotet.yar#L54-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "533adaed96d015ea2dcd54d5aaf9e71b5b70430ed5733a98618925cf978a6515"
 		score = 75
 		quality = 85
@@ -261253,8 +261701,8 @@ rule SIGNATURE_BASE_Destructive_Ransomware_Gen1 : FILE
 		date = "2018-02-12"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2018/02/olympic-destroyer.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_olympic_destroyer.yar#L13-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_olympic_destroyer.yar#L13-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1f7a41c5a7e812e0e26b346cc6465290b17aff31620cbcf6e01c569d8eea2dbd"
 		score = 75
 		quality = 85
@@ -261280,8 +261728,8 @@ rule SIGNATURE_BASE_Olympicdestroyer_Gen2 : FILE
 		date = "2018-02-12"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2018/02/olympic-destroyer.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_olympic_destroyer.yar#L30-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_olympic_destroyer.yar#L30-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1bcf0e95d9de62271a09f6ac64ce65debc91e541e1fccfe5c31661466c00bd5e"
 		score = 75
 		quality = 85
@@ -261314,8 +261762,8 @@ rule SIGNATURE_BASE_APT_UNC4841_ESG_Barracuda_CVE_2023_2868_Forensic_Artifacts_J
 		date = "2023-06-15"
 		modified = "2023-06-16"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_barracuda_esg_unc4841_jun23.yar#L2-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_barracuda_esg_unc4841_jun23.yar#L2-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa7cac1e0f6cb6fa3ac271c1fff0039ff182b6859920b4eca25541457654acde"
 		score = 75
 		quality = 85
@@ -261347,8 +261795,8 @@ rule SIGNATURE_BASE_APT_MAL_UNC4841_SEASPY_Jun23_1 : CVE_2023_2868 FILE
 		date = "2023-06-16"
 		modified = "2023-12-05"
 		reference = "https://blog.talosintelligence.com/alchimist-offensive-framework/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_barracuda_esg_unc4841_jun23.yar#L30-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_barracuda_esg_unc4841_jun23.yar#L30-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c1dcb841fb872f0d5e661bfd90fca3075f5efc95b1f9dfff72fa318ed131e9d1"
 		score = 85
 		quality = 85
@@ -261378,8 +261826,8 @@ rule SIGNATURE_BASE_APT_MAL_UNC4841_SEASPY_LUA_Jun23_1 : FILE
 		date = "2023-06-16"
 		modified = "2023-12-05"
 		reference = "https://blog.talosintelligence.com/alchimist-offensive-framework/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_barracuda_esg_unc4841_jun23.yar#L57-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_barracuda_esg_unc4841_jun23.yar#L57-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f78823a4ba9e025ba4833a2d5234c7baba33c1167c0247f13b8b2baa430aa4e5"
 		score = 90
 		quality = 85
@@ -261404,8 +261852,8 @@ rule SIGNATURE_BASE_APT_HKTL_Proxy_Tool_Jun23_1 : FILE
 		date = "2023-06-16"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_barracuda_esg_unc4841_jun23.yar#L76-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_barracuda_esg_unc4841_jun23.yar#L76-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7e2152e1aa74e1842519e2eecd2acd3ef8eb8d517f3c0ef9f05c983616f223c3"
 		score = 75
 		quality = 85
@@ -261430,8 +261878,8 @@ rule SIGNATURE_BASE_SUSP_Fscan_Port_Scanner_Output_Jun23 : SCRIPT FILE
 		date = "2023-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_barracuda_esg_unc4841_jun23.yar#L103-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_barracuda_esg_unc4841_jun23.yar#L103-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "49b5055c96d7b7446ee5ae8667a5aa3645f0f98d8b5f2bffcd6ef3b20bc64e05"
 		score = 70
 		quality = 85
@@ -261454,8 +261902,8 @@ rule SIGNATURE_BASE_SUSP_PY_Shell_Spawn_Jun23_1 : SCRIPT
 		date = "2023-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_barracuda_esg_unc4841_jun23.yar#L119-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_barracuda_esg_unc4841_jun23.yar#L119-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "63e94447930d5a00399de753076facbfb2bf18dd8c815f01aaefd14678aea034"
 		score = 70
 		quality = 85
@@ -261476,8 +261924,8 @@ rule SIGNATURE_BASE_APT_MAL_Hunting_LUA_SEASIDE_1 : FILE
 		date = "2023-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_barracuda_esg_unc4841_jun23.yar#L136-L152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_barracuda_esg_unc4841_jun23.yar#L136-L152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cd2813f0260d63ad5adf0446253c2172"
 		logic_hash = "82b61325a78bf8ab09d426cfadceb614a256dfcafb2e1f75595de63593ed2574"
 		score = 70
@@ -261502,8 +261950,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Hunting_Linux_WHIRLPOOL_1 : FILE
 		date = "2023-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_barracuda_esg_unc4841_jun23.yar#L154-L173"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_barracuda_esg_unc4841_jun23.yar#L154-L173"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "177add288b289d43236d2dba33e65956"
 		logic_hash = "d03c0e292b9b97bbf76585fc74208e4263d753807b8e4a445be80d41264d5432"
 		score = 70
@@ -261531,8 +261979,8 @@ rule SIGNATURE_BASE_APT_MAL_LUA_Hunting_SKIPJACK_1
 		date = "2023-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_barracuda_esg_unc4841_jun23.yar#L175-L193"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_barracuda_esg_unc4841_jun23.yar#L175-L193"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e4e86c273a2b67a605f5d4686783e0cc"
 		logic_hash = "8890cd9ab8190f12997e0653e43c89816df03c7bd41842e5ad21b1986819843e"
 		score = 70
@@ -261559,8 +262007,8 @@ rule SIGNATURE_BASE_APT_MAL_LUA_Hunting_Lua_SKIPJACK_2
 		date = "2023-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_barracuda_esg_unc4841_jun23.yar#L195-L212"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_barracuda_esg_unc4841_jun23.yar#L195-L212"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "87847445f9524671022d70f2a812728f"
 		logic_hash = "093e8857c410bd30a076f87ef63d7e1e66f50e3dce75b4add67161782386ee24"
 		score = 70
@@ -261586,8 +262034,8 @@ rule SIGNATURE_BASE_APT_MAL_LUA_Hunting_Lua_SEASPRAY_1
 		date = "2023-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_barracuda_esg_unc4841_jun23.yar#L213-L228"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_barracuda_esg_unc4841_jun23.yar#L213-L228"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "35cf6faf442d325961935f660e2ab5a0"
 		logic_hash = "856bfb47557b60f69aa1141477d6ce446ea13ebbe899022d7996ceef08bdefbb"
 		score = 70
@@ -261611,8 +262059,8 @@ rule SIGNATURE_BASE_MAL_WIN_Ralordv1_Apr25 : FILE
 		date = "2025-04-01"
 		modified = "2025-04-18"
 		reference = "https://ish.com.br/wp-content/uploads/2025/04/RALord-Novo-grupo-de-Ransomware-as-a-Service-1.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_ralordv1_win_ap25.yar#L1-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_ralordv1_win_ap25.yar#L1-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "be15f62d14d1cbe2aecce8396f4c6289"
 		logic_hash = "75d20cca5eb48109bbb3b0ab0ce2efb4f2d89bc1984df8c4fddf1f859d069750"
 		score = 80
@@ -261645,8 +262093,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Rel : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_putterpanda.yar#L1-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_putterpanda.yar#L1-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5367e183df155e3133d916f7080ef973f7741d34"
 		logic_hash = "f2ffab73993c578f47e17babc2e65301b3720e438b33e57f2af31b7183bfd20f"
 		score = 70
@@ -261680,8 +262128,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Rel_2 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_putterpanda.yar#L30-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_putterpanda.yar#L30-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f97e01ee04970d1fc4d988a9e9f0f223ef2a6381"
 		logic_hash = "60a48288cb106135728fb676ecad2b9be5254d5dc5094da158ea9dc07704c9ab"
 		score = 70
@@ -261719,8 +262167,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_PSAPI : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_putterpanda.yar#L61-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_putterpanda.yar#L61-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f93a7945a33145bb6c106a51f08d8f44eab1cdf5"
 		logic_hash = "b73f1db2ca8a3164562314ebd9903c864eb2690c95731959df0e99656544ed40"
 		score = 70
@@ -261747,8 +262195,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_WUAUCLT
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_putterpanda.yar#L81-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_putterpanda.yar#L81-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fd5ca5a2d444865fa8320337467313e4026b9f78"
 		logic_hash = "49cae3b727d6b2673dc9a6497d59c9abdd78d486e1eaf6f036f6eb1aef9a8fcb"
 		score = 70
@@ -261782,8 +262230,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Gen1 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_putterpanda.yar#L110-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_putterpanda.yar#L110-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8054195f212017fb17953728a7df34645d81c93fee75300e44f467c6aa5efaff"
 		score = 75
 		quality = 85
@@ -261814,8 +262262,8 @@ rule SIGNATURE_BASE_Malware_Msupdater_String_In_EXE : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_putterpanda.yar#L133-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_putterpanda.yar#L133-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b1a2043b7658af4d4c9395fa77fde18ccaf549bb"
 		logic_hash = "2b7a43aee6dbac1bfa7d9e0331cb078394ae78a1ec44c1a4a70a63b38595abe0"
 		score = 50
@@ -261845,8 +262293,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Msupdater_3 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_putterpanda.yar#L158-L175"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_putterpanda.yar#L158-L175"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "464149ff23f9c7f4ab2f5cadb76a4f41f969bed0"
 		logic_hash = "09e7da7f2bfbae9252502ea1ea61b612c1af2e4c70508b34e685b46429d4613c"
 		score = 70
@@ -261872,8 +262320,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Msupdater_1 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_putterpanda.yar#L177-L200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_putterpanda.yar#L177-L200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b55072b67543f58c096571c841a560c53d72f01a"
 		logic_hash = "038be28609df0187cbbce0d16fee7c902b742458f1201ff3c0d5fde19acd2c56"
 		score = 70
@@ -261903,8 +262351,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Msupdater_2 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_putterpanda.yar#L202-L236"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_putterpanda.yar#L202-L236"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "365b5537e3495f8ecfabe2597399b1f1226879b1"
 		logic_hash = "47d75e589d47a39d5a9c9e0047a143074d3d74b5541adf8cb3be968da732a96d"
 		score = 70
@@ -261947,8 +262395,8 @@ rule SIGNATURE_BASE_APT_Malware_Putterpanda_Gen4 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_putterpanda.yar#L238-L276"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_putterpanda.yar#L238-L276"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7d450935febe5d6db14be1e7694db1d7b9e8fcacf013920e89c7b25659254310"
 		score = 70
 		quality = 85
@@ -261989,8 +262437,8 @@ rule SIGNATURE_BASE_APT_CN_Twistedpanda_Loader : FILE
 		date = "2022-04-14"
 		modified = "2025-07-01"
 		reference = "https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_twisted_panda.yar#L1-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_twisted_panda.yar#L1-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b7f4f31a26b5f968b1d5c82d9165b4d45d75336993b113dda54fd37f628639ee"
 		score = 80
 		quality = 85
@@ -262016,8 +262464,8 @@ rule SIGNATURE_BASE_APT_CN_Twistedpanda_SPINNER_1 : FILE
 		date = "2022-04-14"
 		modified = "2025-07-01"
 		reference = "https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_twisted_panda.yar#L46-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_twisted_panda.yar#L46-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e7abe4b3f4225596131882a9175f9ac2e45ba00557950772a8e4d1eaeab97d05"
 		score = 80
 		quality = 85
@@ -262043,8 +262491,8 @@ rule SIGNATURE_BASE_APT_CN_Twistedpanda_SPINNER_2 : FILE
 		date = "2022-04-14"
 		modified = "2025-07-01"
 		reference = "https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_twisted_panda.yar#L82-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_twisted_panda.yar#L82-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d1e34903e58fb76671a076acbb9f26e10d511c8f00be90b4901d61b73b90a9a7"
 		score = 80
 		quality = 85
@@ -262072,8 +262520,8 @@ rule SIGNATURE_BASE_APT_CN_Twistedpanda_64Bit_Loader : FILE
 		date = "2022-04-14"
 		modified = "2025-07-01"
 		reference = "https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_twisted_panda.yar#L120-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_twisted_panda.yar#L120-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "644547f9fa6ca3f34ea32e06896f341e0c92f5c57dee3c478aed0cdf87b2f3de"
 		score = 80
 		quality = 85
@@ -262097,8 +262545,8 @@ rule SIGNATURE_BASE_APT_CN_Twistedpanda_Droppers : FILE
 		date = "2022-04-14"
 		modified = "2025-07-01"
 		reference = "https://research.checkpoint.com/2022/twisted-panda-chinese-apt-espionage-operation-against-russians-state-owned-defense-institutes/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_twisted_panda.yar#L157-L194"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_twisted_panda.yar#L157-L194"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "820b4796511dcf98cdc8017a39cc2c65e44d8d9a20f55803aa1ddd36f649c83a"
 		score = 80
 		quality = 85
@@ -262127,8 +262575,8 @@ rule SIGNATURE_BASE_Hawkeye_Keylogger_Feb18_1 : FILE
 		date = "2018-02-12"
 		modified = "2023-01-06"
 		reference = "https://app.any.run/tasks/ae2521dd-61aa-4bc7-b0d8-8c85ddcbfcc9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_hawkeye.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_hawkeye.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "39037ccb90b747c098fbf5a504aee4a6a716901ff5841ae328ea40d06cc3fcfd"
 		score = 90
 		quality = 85
@@ -262152,8 +262600,8 @@ rule SIGNATURE_BASE_MAL_Hawkeye_Keylogger_Gen_Dec18
 		date = "2018-12-10"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/James_inthe_box/status/1072116224652324870"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_hawkeye.yar#L20-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_hawkeye.yar#L20-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b850f02849030d9912b7571e33e969427ac8f721d2f288ae3ac3e971c4ee4263"
 		score = 75
 		quality = 85
@@ -262177,8 +262625,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Wmiexec : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L32-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L32-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1ac78768ae230aa00f392f7a7886589b14814e9c7379528d2ecd218852086ee4"
 		score = 75
 		quality = 85
@@ -262203,8 +262651,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Sniffer : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L49-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L49-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "77f4a7cdfced27ea342fe0fe6debebb720b7494b3f352465ab2fd92f2b7178ab"
 		score = 75
 		quality = 85
@@ -262228,8 +262676,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Mmcexec : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L65-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L65-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1aee75155ed3d868f576d7d650f0791ac54e351851f7bfb65390b4ae5c4c83b9"
 		score = 75
 		quality = 85
@@ -262253,8 +262701,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Ifmap : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L81-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L81-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bbe875e03434c040da914e81ec5ef691ba8fd02607631e118d958819d0e94ff5"
 		score = 75
 		quality = 85
@@ -262278,8 +262726,8 @@ rule SIGNATURE_BASE_Karmasmb : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L97-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L97-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "94322dda799bcb25caeb7f9e526bcc14c6dfd9247080b4bb79dcd7b340fcb36c"
 		score = 75
 		quality = 85
@@ -262302,8 +262750,8 @@ rule SIGNATURE_BASE_Samrdump : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L112-L126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L112-L126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6bc0a4d9f9bd0d72e7f2ce4b0f8608296e6f2db14fd3a1740e0eebfe35629018"
 		score = 75
 		quality = 85
@@ -262327,8 +262775,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Rpcdump : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L128-L142"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L128-L142"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cf0a64391ef0a5d3f87996fb3e4f152a3ff4938356b96f840aa3f4f4f30aaa97"
 		score = 75
 		quality = 85
@@ -262352,8 +262800,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Secretsdump : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L144-L158"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L144-L158"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "462748d60764c6fbaeede48b5a98cb68f61cf695f976bf6db94cb497be48fcb2"
 		score = 75
 		quality = 85
@@ -262377,8 +262825,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Esentutl : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L160-L174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L160-L174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e972ad610df65309f4e5996ad0b537670b944f43b810fda5a890ea995193a97a"
 		score = 75
 		quality = 85
@@ -262402,8 +262850,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Opdump : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L176-L190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L176-L190"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "18b772e19fd61d77f3a671ee097e0f032738a73a360f4cfe79df4eb6377e12b1"
 		score = 75
 		quality = 85
@@ -262427,8 +262875,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Sniff : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L192-L206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L192-L206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b317e23d1f76cec4d5b14cb95d463ec410551052b30f1d2d5f52a441104108c0"
 		score = 75
 		quality = 85
@@ -262452,8 +262900,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Smbexec : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L208-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L208-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0f424dd5cc525ef0bd9671c4c1b8da0a1ff9eb79056cc081c1ebe7c9bf75fee6"
 		score = 75
 		quality = 85
@@ -262477,8 +262925,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Goldenpac : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L224-L239"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L224-L239"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0c764083a699204819f9ff6e2664a50d467447d0fff040ef32a8e28cc678b3cd"
 		score = 75
 		quality = 85
@@ -262503,8 +262951,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Netview : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L241-L256"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L241-L256"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e0beb6235838b4e8a1312ba53c539c6c3d732ba13a0190c654dcf7ec4389e364"
 		score = 75
 		quality = 85
@@ -262529,8 +262977,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Smbtorture : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L258-L272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L258-L272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "63cbd6511c5498b39fa5efadb8fe0caeeaa8d4c2afe534a0169ea38f205a9cba"
 		score = 75
 		quality = 85
@@ -262554,8 +263002,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Mimikatz : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L274-L289"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L274-L289"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0dce4086887877aa77063dfa3c69d7a17cfa0815c4ca417144d3bbb6ebe68650"
 		score = 75
 		quality = 85
@@ -262580,8 +263028,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Smbrelayx : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L291-L307"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L291-L307"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2afcede9d9f5af102c68e705f29242bc3a56485e79c0acfc347a4ea7f823dfda"
 		score = 75
 		quality = 85
@@ -262607,8 +263055,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Wmipersist : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L309-L323"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L309-L323"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "df0dfaed264e0acc57f74e40addcaf52f6d8e832524eb638b682a358c81da83f"
 		score = 75
 		quality = 85
@@ -262632,8 +263080,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Lookupsid : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L325-L339"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L325-L339"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "629ddd49377017d6ea2aac9665b21dfdf9a50c917bf915ea892faafd841bf817"
 		score = 75
 		quality = 85
@@ -262657,8 +263105,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Wmiquery : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L341-L355"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L341-L355"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa237b5c1b4881804c33152a1ce9f3a571b506178fde455a8dd9f92af68c5610"
 		score = 75
 		quality = 85
@@ -262682,8 +263130,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Atexec : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L357-L373"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L357-L373"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e9537a67e17fb980505aead84b15c7dc8a2f3f1e9a4088edd8b313f1b7a9675d"
 		score = 75
 		quality = 85
@@ -262709,8 +263157,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Psexec : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L375-L390"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L375-L390"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "922b2adec9c73d36343c0182f72f5a325c93c051a22e3f80236f942287d0738b"
 		score = 75
 		quality = 85
@@ -262735,8 +263183,8 @@ rule SIGNATURE_BASE_Impacket_Tools_Generic_1 : FILE
 		date = "2017-04-07"
 		modified = "2025-03-29"
 		reference = "https://github.com/maaaaz/impacket-examples-windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L392-L427"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L392-L427"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a66953ca6a99a7880d757a754bb3010aa394de73292975a3741ec5cf1f20385d"
 		score = 75
 		quality = 85
@@ -262781,8 +263229,8 @@ rule SIGNATURE_BASE_Impacket_Lateral_Movement : FILE
 		date = "2018-03-22"
 		modified = "2025-03-29"
 		reference = "https://github.com/CoreSecurity/impacket"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_impacket_tools.yar#L429-L447"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_impacket_tools.yar#L429-L447"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6628c27474d5235d5b510a55215762980a5b526b353b740344cb669e8e023e3c"
 		score = 60
 		quality = 85
@@ -262809,8 +263257,8 @@ rule SIGNATURE_BASE_SUSP_Maldoc_Excelmacro : FILE
 		date = "2020-11-03"
 		modified = "2023-12-05"
 		reference = "YARA Exchange - Undisclosed Macro Builder"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_macro_builders.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_macro_builders.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c5d0655eaf2ca36c828675f9673a1d4284ef8719fd9ec1d354ee3284d1fb0a0c"
 		score = 65
 		quality = 85
@@ -262835,8 +263283,8 @@ rule SIGNATURE_BASE_WEBSHELL_APT_PHP_DEWMODE_UNC2546_Feb21_1 : FILE
 		date = "2021-02-22"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unc2546_dewmode.yar#L2-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unc2546_dewmode.yar#L2-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "86ce185f6350eb7485bce5bd31d91085fed25aa8ce78813e1c3c3dffbaae58ff"
 		score = 75
 		quality = 60
@@ -262866,8 +263314,8 @@ rule SIGNATURE_BASE_MAL_LNX_Redmenshen_Bpfdoor_May23_1 : FILE
 		date = "2023-05-11"
 		modified = "2023-12-05"
 		reference = "https://www.deepinstinct.com/blog/bpfdoor-malware-evolves-stealthy-sniffing-backdoor-ups-its-game"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_lnx_implant_may22.yar#L3-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_lnx_implant_may22.yar#L3-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c58971a43443800256e791b4f9fe7c3221518b0050e5f2964b6c843ddb4549ac"
 		score = 80
 		quality = 85
@@ -262897,8 +263345,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Redmenshen_Bpfdoor_Controller_May22_1 : FILE
 		date = "2022-05-05"
 		modified = "2023-12-05"
 		reference = "https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_lnx_implant_may22.yar#L45-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_lnx_implant_may22.yar#L45-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8de10beea4ef2e059b16d38fb015d6f091cc517b6f0c06b6ef6868518349994d"
 		score = 90
 		quality = 85
@@ -262936,8 +263384,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Redmenshen_Bpfdoor_Controller_May22_2 : FILE
 		date = "2022-05-07"
 		modified = "2023-12-05"
 		reference = "https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_lnx_implant_may22.yar#L78-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_lnx_implant_may22.yar#L78-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7525c675dbba6eb480f1d28fc6db05bd9907725c291e64ee6dc2453fd42892a0"
 		score = 85
 		quality = 85
@@ -262966,8 +263414,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Redmenshen_Bpfdoor_Controller_May22_3 : FILE
 		date = "2022-05-08"
 		modified = "2023-12-05"
 		reference = "https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_lnx_implant_may22.yar#L102-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_lnx_implant_may22.yar#L102-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "afec0bfeddf5c5c2abc1a3173f636c385437e5d7c0b68665f6274011113a6a9c"
 		score = 85
 		quality = 85
@@ -262992,8 +263440,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Redmenshen_Bpfdoor_Controller_Generic_May22_1 :
 		date = "2022-05-09"
 		modified = "2023-12-05"
 		reference = "https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_lnx_implant_may22.yar#L121-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_lnx_implant_may22.yar#L121-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "57ae5f7dc1d202fe66d6626ef2bf2278b92bec0310449ce049bdaeaec5657c77"
 		score = 90
 		quality = 85
@@ -263036,8 +263484,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Lorenz_May21_1 : FILE
 		date = "2021-05-04"
 		modified = "2023-12-05"
 		reference = "Internal Research - DACH TE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_ransom_lorenz.yar#L1-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_ransom_lorenz.yar#L1-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aec940deb2c3bc099a50a2e8f014ae425d306d331078d9ac2abc2ec7b8bf572e"
 		score = 75
 		quality = 85
@@ -263067,8 +263515,8 @@ rule SIGNATURE_BASE_Andromeda_Malbot_Jun_1A : FILE
 		date = "2017-06-30"
 		modified = "2022-12-21"
 		reference = "http://blog.trendmicro.com/trendlabs-security-intelligence/information-stealer-found-hitting-israeli-hospitals/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_andromeda_jun17.yar#L12-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_andromeda_jun17.yar#L12-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5958608ad5527628c4b6cbe08badbff39a50dcdb6cf603f6fbb5fa32ef61c0c7"
 		score = 75
 		quality = 85
@@ -263103,8 +263551,8 @@ rule SIGNATURE_BASE_KHRAT_Malware : FILE
 		date = "2017-08-31"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_khrat.yar#L13-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_khrat.yar#L13-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cfc1a9fb4dbec4deb70616ab7c4cce3cf56429f61fd36f78245621527d011e20"
 		score = 75
 		quality = 85
@@ -263124,8 +263572,8 @@ rule SIGNATURE_BASE_MAL_KHRAT_Script
 		date = "2017-08-31"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_khrat.yar#L26-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_khrat.yar#L26-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c27a89028794b50b95850d90ee29b56606e6b58b862a26e287077e7f7be7f096"
 		score = 75
 		quality = 85
@@ -263150,8 +263598,8 @@ rule SIGNATURE_BASE_MAL_KHRAT_Scritplet : FILE
 		date = "2017-08-31"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/08/unit42-updated-khrat-malware-used-in-cambodia-attacks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_khrat.yar#L43-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_khrat.yar#L43-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cbbabd8e2f17827d96aeef4ea362f133cf3fcc31716c517b86a05a010ff62510"
 		score = 75
 		quality = 85
@@ -263179,8 +263627,8 @@ rule SIGNATURE_BASE_Kriskynote_Mar17_1 : FILE
 		date = "2017-03-03"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_kriskynote.yar#L11-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_kriskynote.yar#L11-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cc4861f3a612cbaba6abf8ded76972941c879f04b59c29756bf0ba8083bf93ab"
 		score = 75
 		quality = 85
@@ -263207,8 +263655,8 @@ rule SIGNATURE_BASE_Kriskynote_Mar17_2 : FILE
 		date = "2017-03-03"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_kriskynote.yar#L32-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_kriskynote.yar#L32-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4a1a7c1c75cc64df32d2f055538c5ad15418802733046471520c372a616f1e11"
 		score = 75
 		quality = 85
@@ -263232,8 +263680,8 @@ rule SIGNATURE_BASE_Kriskynote_Mar17_3 : FILE
 		date = "2017-03-03"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_kriskynote.yar#L48-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_kriskynote.yar#L48-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fda8a7944cdd12cadb1c902664909a8164835f660e6fa56209bc51164a90e77c"
 		score = 75
 		quality = 85
@@ -263259,8 +263707,8 @@ rule SIGNATURE_BASE_NTLM_Dump_Output
 		date = "2015-10-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/generic_dumps.yar#L17-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/generic_dumps.yar#L17-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "154de926d27d38b38a4ed2c14b9122213fd1deb4115ef3bb77366db0818c7572"
 		score = 75
 		quality = 85
@@ -263283,8 +263731,8 @@ rule SIGNATURE_BASE_Gsecdump_Password_Dump_File : FILE
 		date = "2018-03-06"
 		modified = "2023-12-05"
 		reference = "https://t.co/OLIj1yVJ4m"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/generic_dumps.yar#L32-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/generic_dumps.yar#L32-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "483ad5217cbc065bd2f791c473b9a2455fddc4e0123268a8d37c64d92dd78c43"
 		score = 65
 		quality = 85
@@ -263306,8 +263754,8 @@ rule SIGNATURE_BASE_SUSP_ZIP_Ntdsdit : T1003_003 FILE
 		date = "2020-08-10"
 		modified = "2023-12-05"
 		reference = "https://pentestlab.blog/2018/07/04/dumping-domain-password-hashes/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/generic_dumps.yar#L47-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/generic_dumps.yar#L47-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "371e30f50d96c884bd55ffc10d049d0ada881304746564a99dec0e8efad87602"
 		score = 50
 		quality = 85
@@ -263328,8 +263776,8 @@ rule SIGNATURE_BASE_APT_Backdoor_SUNBURST_1
 		date = "2020-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_solarwinds_sunburst.yar#L6-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_solarwinds_sunburst.yar#L6-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1fc006dead2fd540717e00e468bf30f37bdb1d061a805e33683e4a77db7f9156"
 		score = 85
 		quality = 77
@@ -263358,8 +263806,8 @@ rule SIGNATURE_BASE_APT_Backdoor_SUNBURST_2
 		date = "2020-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_solarwinds_sunburst.yar#L28-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_solarwinds_sunburst.yar#L28-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2bf0697b110bca88f712cbccaf0d2ba614d6093d6d9595659aefe088848d3826"
 		score = 85
 		quality = 83
@@ -263419,8 +263867,8 @@ rule SIGNATURE_BASE_APT_Webshell_SUPERNOVA_1 : FILE
 		date = "2020-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_solarwinds_sunburst.yar#L80-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_solarwinds_sunburst.yar#L80-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8471e6b3675e7e9ccfe5b81ab4c599668f2de528f3b179a675f50aa1fd7814b2"
 		score = 85
 		quality = 81
@@ -263447,8 +263895,8 @@ rule SIGNATURE_BASE_APT_Webshell_SUPERNOVA_2 : FILE
 		date = "2020-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_solarwinds_sunburst.yar#L100-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_solarwinds_sunburst.yar#L100-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "96e344bd2ba3ee07784852db3e9935352762c2fa7b6be88f00cac10a90706ffc"
 		score = 85
 		quality = 83
@@ -263474,11 +263922,11 @@ rule SIGNATURE_BASE_APT_Hacktool_PS1_COSMICGALE_1
 		date = "2020-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_solarwinds_sunburst.yar#L119-L140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_solarwinds_sunburst.yar#L119-L140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c7b4d3c29d57b8db8d21e3a436c83617bc3fe14e66ccc1500b33a3774f09ee12"
 		score = 85
-		quality = 40
+		quality = 65
 		tags = ""
 
 	strings:
@@ -263504,8 +263952,8 @@ rule SIGNATURE_BASE_APT_Dropper_Raw64_TEARDROP_1
 		date = "2020-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_solarwinds_sunburst.yar#L141-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_solarwinds_sunburst.yar#L141-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6ab5197e7a1a123055b361a2ef79f8a77a7935606fccc8f163ea5914c94cd14d"
 		score = 85
 		quality = 85
@@ -263528,8 +263976,8 @@ rule SIGNATURE_BASE_APT_Dropper_Win64_TEARDROP_1 : FILE
 		date = "2020-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_solarwinds_sunburst.yar#L157-L174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_solarwinds_sunburst.yar#L157-L174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a1fa9b9c700601d10cb77ec714b972f04308de615dfc519f680fc956227cc11d"
 		score = 70
 		quality = 85
@@ -263554,8 +264002,8 @@ rule SIGNATURE_BASE_HKTL_Reverse_Connect_TCP_PTY_Shell : FILE
 		date = "2019-10-19"
 		modified = "2023-12-05"
 		reference = "https://github.com/infodox/python-pty-shells/blob/master/tcp_pty_backconnect.py"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_python_pty_shell.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_python_pty_shell.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6b92077f9ff775ae3f8166f47a32aaa872fcbf7fcefc3789e5411388aac5403a"
 		score = 75
 		quality = 85
@@ -263580,8 +264028,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Gen1 : FILE
 		date = "2016-10-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QMRZ8K"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig.yar#L12-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig.yar#L12-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "17dbf53ba6e27b230e3357963162a1805c6460cdadce8bba68953a97f699e1b7"
 		score = 75
 		quality = 85
@@ -263637,8 +264085,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Mal1 : FILE
 		date = "2016-10-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QMRZ8K"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig.yar#L69-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig.yar#L69-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b5fc4329bb639765890c49907860883b96d278381b83307c906f624e6645dedd"
 		score = 75
 		quality = 85
@@ -263665,8 +264113,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Gen2 : FILE
 		date = "2016-10-12"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/QMRZ8K"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig.yar#L88-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig.yar#L88-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "861ae1696aaa89c81d04214e67d77d98ae85bd7f64ae2979fbe932dc696fd32c"
 		score = 75
 		quality = 85
@@ -263697,8 +264145,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Gen3 : FILE
 		date = "2016-10-12"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/QMRZ8K"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig.yar#L112-L129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig.yar#L112-L129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ccc110b04ea3ee9a19ff23babbc759b4ec6114f8b5eb4f42bc5f70f8abde8a53"
 		score = 75
 		quality = 85
@@ -263724,8 +264172,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Mal2 : FILE
 		date = "2016-10-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QMRZ8K"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig.yar#L131-L149"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig.yar#L131-L149"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b1de7dc3c205c78825f52ea30608b10bafa2c486db53693aa90aa07138fb1a87"
 		score = 75
 		quality = 85
@@ -263753,8 +264201,8 @@ rule SIGNATURE_BASE_Oilrig_Campaign_Reconnaissance : FILE
 		date = "2016-10-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QMRZ8K"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig.yar#L151-L166"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig.yar#L151-L166"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "04c9f482c0c4abc1bf316459dc3085154defadb0fd5fe74ff274d8b3ee807b7f"
 		score = 75
 		quality = 85
@@ -263779,8 +264227,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Campaign_Mal3 : FILE
 		date = "2016-10-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QMRZ8K"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig.yar#L168-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig.yar#L168-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "62a6f6c4e574a3c577f0b1fdd85eaa3e775a7ae0e457c59a6b6f741ad895e510"
 		score = 75
 		quality = 85
@@ -263806,8 +264254,8 @@ rule SIGNATURE_BASE_Oilrig_Malware_Nov17_13 : FILE
 		date = "2017-11-22"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ClearskySec/status/933280188733018113"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig.yar#L185-L206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig.yar#L185-L206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eab15229f084681b27cec7ed959ef4cd1193a0b38aaed4341dcd6761e2505804"
 		score = 75
 		quality = 85
@@ -263833,8 +264281,8 @@ rule SIGNATURE_BASE_Oilrig_Intelsecuritymanager_Macro : FILE
 		date = "2018-01-19"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig.yar#L208-L233"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig.yar#L208-L233"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "35e540b87bb7425b601fad76f0ff33c60a4d91579fc50f5902d708d06fa755f6"
 		score = 75
 		quality = 85
@@ -263868,8 +264316,8 @@ rule SIGNATURE_BASE_Oilrig_Intelsecuritymanager : FILE
 		date = "2018-01-19"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig.yar#L235-L255"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig.yar#L235-L255"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "97debd5e74730e22133f29c89a0cf049862459c24d1b46634a973908040db3a7"
 		score = 75
 		quality = 85
@@ -263899,8 +264347,8 @@ rule SIGNATURE_BASE_APT_APT34_PS_Malware_Apr19_1
 		date = "2019-04-17"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/0xffff0800/status/1118406371165126656"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig.yar#L267-L283"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig.yar#L267-L283"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "afe203fdfcc9dcafb170bee972d45e66e5483a777112a00fa30516dfe81bbf88"
 		score = 75
 		quality = 85
@@ -263925,8 +264373,8 @@ rule SIGNATURE_BASE_APT_APT34_PS_Malware_Apr19_2
 		date = "2019-04-17"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/0xffff0800/status/1118406371165126656"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig.yar#L285-L304"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig.yar#L285-L304"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "57c8f02ebfb05f739fc4791a88be4a981ce7b89e2bd283669f85aae1a5c14d02"
 		score = 75
 		quality = 85
@@ -263954,8 +264402,8 @@ rule SIGNATURE_BASE_APT_APT34_PS_Malware_Apr19_3
 		date = "2019-04-17"
 		modified = "2023-01-06"
 		reference = "https://twitter.com/0xffff0800/status/1118406371165126656"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig.yar#L306-L326"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig.yar#L306-L326"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "77ba71a59d6026c4b393bc66af586066e11b0c496367a38d847396a23b3dffbe"
 		score = 75
 		quality = 85
@@ -263984,8 +264432,8 @@ rule SIGNATURE_BASE_Snaketurla_Malware_May17_1 : FILE
 		date = "2017-05-04"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/QaOh4V"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_snaketurla_osx.yar#L11-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_snaketurla_osx.yar#L11-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "12b18c9e03f1a471541de2fb3ecc6b90a13910ca299a9b7d2bad9dd11f881506"
 		score = 75
 		quality = 85
@@ -264008,8 +264456,8 @@ rule SIGNATURE_BASE_Snaketurla_Malware_May17_2 : FILE
 		date = "2017-05-04"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QaOh4V"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_snaketurla_osx.yar#L27-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_snaketurla_osx.yar#L27-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "35bd8650afbc515ecd1cef393fd75f9b77a1e31111612227f0f4557fe8b312a7"
 		score = 75
 		quality = 85
@@ -264034,8 +264482,8 @@ rule SIGNATURE_BASE_Snaketurla_Malware_May17_4 : FILE
 		date = "2017-05-04"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QaOh4V"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_snaketurla_osx.yar#L44-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_snaketurla_osx.yar#L44-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7b6aac2313ea7dae572114e92ad0b5437c5be2542853de3b184bef780faee68b"
 		score = 75
 		quality = 85
@@ -264058,8 +264506,8 @@ rule SIGNATURE_BASE_Snaketurla_Installd_SH : FILE
 		date = "2017-05-04"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QaOh4V"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_snaketurla_osx.yar#L59-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_snaketurla_osx.yar#L59-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5b16107434951ddb212996909d53dfbcdae74ed13df6690ce3f6c74258ab4670"
 		score = 75
 		quality = 85
@@ -264082,8 +264530,8 @@ rule SIGNATURE_BASE_Snaketurla_Install_SH : FILE
 		date = "2017-05-04"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/QaOh4V"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_snaketurla_osx.yar#L74-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_snaketurla_osx.yar#L74-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "019d20ca6632759cf01962d336c22831edc64b6927d8b27d026b76eb118fce02"
 		score = 75
 		quality = 85
@@ -264106,8 +264554,8 @@ rule SIGNATURE_BASE_Industroyer_Malware_1 : FILE
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/x81cSy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_industroyer.yar#L12-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_industroyer.yar#L12-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "276b7abdf43b62c3943a8dc362e1c68b23cc505d288e4395a6ac3cb4795371f2"
 		score = 75
 		quality = 85
@@ -264141,8 +264589,8 @@ rule SIGNATURE_BASE_Industroyer_Malware_2 : FILE
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/x81cSy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_industroyer.yar#L39-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_industroyer.yar#L39-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cda3e21c130acd76785905364416b3e8803e866dd93529da57ec980e7af081b7"
 		score = 75
 		quality = 83
@@ -264188,8 +264636,8 @@ rule SIGNATURE_BASE_Industroyer_Portscan_3 : FILE
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/x81cSy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_industroyer.yar#L79-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_industroyer.yar#L79-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "539a420989c178b3fa26e313d23e9f9c6804aa6dbd2d94f463ae924d46ac2851"
 		score = 75
 		quality = 85
@@ -264219,8 +264667,8 @@ rule SIGNATURE_BASE_Industroyer_Portscan_3_Output
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/x81cSy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_industroyer.yar#L102-L115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_industroyer.yar#L102-L115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6a2fc7b66b1e93f523e08e12ba420d261bae198918bb09eac1a7cdecc04a6737"
 		score = 75
 		quality = 85
@@ -264243,8 +264691,8 @@ rule SIGNATURE_BASE_Industroyer_Malware_4 : FILE
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/x81cSy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_industroyer.yar#L117-L134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_industroyer.yar#L117-L134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cb850445eaf3e1a6c9a9d6c453ed0f6729a95a671a01ce8fbaddf15599e4f2ba"
 		score = 75
 		quality = 85
@@ -264269,8 +264717,8 @@ rule SIGNATURE_BASE_Industroyer_Malware_5 : FILE
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/x81cSy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_industroyer.yar#L136-L158"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_industroyer.yar#L136-L158"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9dfd3cfc724f0dfe090b1bcbf03b9ebd0d01b3d781f833a8ca6ba1451a63d5ad"
 		score = 75
 		quality = 85
@@ -264301,8 +264749,8 @@ rule SIGNATURE_BASE_Invoke_Psimage : FILE
 		date = "2017-12-16"
 		modified = "2023-12-05"
 		reference = "https://github.com/peewpw/Invoke-PSImage"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_invoke_psimage.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_invoke_psimage.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ce4bc73fcba3b82e4d11203aa2c3f0b2f85c6eb9e1784ad76a7b20500b4053f8"
 		score = 75
 		quality = 85
@@ -264336,8 +264784,8 @@ rule SIGNATURE_BASE_Line_Dancer
 		date = "2024-04-24"
 		modified = "2024-04-29"
 		reference = "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/line/ncsc-tip-line-dancer.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cisco_asa_line_dancer_apr24.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cisco_asa_line_dancer_apr24.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "179e58274a792bc4a16787d251f5ad25de1271084323e62e153fa6d461e3c07e"
 		score = 75
 		quality = 85
@@ -264360,8 +264808,8 @@ rule SIGNATURE_BASE_APT_RANCOR_JS_Malware : FILE
 		date = "2018-06-26"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_rancor.yar#L13-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_rancor.yar#L13-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0d1e86d4395d4f84518750b5d58d15ed79b79570fbe50010d5d790b4c2511bb2"
 		score = 75
 		quality = 85
@@ -264386,8 +264834,8 @@ rule SIGNATURE_BASE_APT_RANCOR_PLAINTEE_Variant : FILE
 		date = "2018-06-26"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_rancor.yar#L30-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_rancor.yar#L30-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d22aa91d0f66dbb85b79c0f121f0508135bf817929d81f3ff0b3fdf223ba53ec"
 		score = 75
 		quality = 85
@@ -264417,8 +264865,8 @@ rule SIGNATURE_BASE_APT_RANCOR_PLAINTEE_Malware_Exports : FILE
 		date = "2018-06-26"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_rancor.yar#L51-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_rancor.yar#L51-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aa55452d4639dbaec760277908906c4ff9e8b66a60b1bcdc157ce23bd5d596db"
 		score = 75
 		quality = 85
@@ -264439,8 +264887,8 @@ rule SIGNATURE_BASE_APT_RANCOR_DDKONG_Malware_Exports : FILE
 		date = "2018-06-26"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/06/unit42-rancor-targeted-attacks-south-east-asia-using-plaintee-ddkong-malware-families/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_rancor.yar#L64-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_rancor.yar#L64-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2d11d46530c22b323c504344448d91fd43c0eecd29cf29aa4da7b2c797d27ff9"
 		score = 75
 		quality = 85
@@ -264460,8 +264908,8 @@ rule SIGNATURE_BASE_Mal_Babbleloader_Win_Jan24 : FILE
 		date = "2025-01-27"
 		modified = "2025-03-20"
 		reference = "https://0x0d4y.blog/babbleloader-technical-malware-analysis/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_babbleloader_win_jan24.yar#L1-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_babbleloader_win_jan24.yar#L1-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fa3d03c319a7597712eeff1338dabf92"
 		logic_hash = "d4f7915146b1f3fe50febc231247e14323e9d68a94b2b9c8149a5727c06162ca"
 		score = 100
@@ -264490,8 +264938,8 @@ rule SIGNATURE_BASE_Winpayloads_Powershell : FILE
 		date = "2017-07-11"
 		modified = "2023-12-05"
 		reference = "https://github.com/nccgroup/Winpayloads"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_winpayloads.yar#L12-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_winpayloads.yar#L12-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e9e75f7190327f08c5e204977c6714c93951a6db0ddf000c8b37db37131b9def"
 		score = 75
 		quality = 85
@@ -264517,8 +264965,8 @@ rule SIGNATURE_BASE_Winpayloads_Payload : FILE
 		date = "2017-07-11"
 		modified = "2023-12-05"
 		reference = "https://github.com/nccgroup/Winpayloads"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_winpayloads.yar#L30-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_winpayloads.yar#L30-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8a22eeafa320bcf0d41de402223d3ad51d8625ffaa68fe24be864ffcf72a64a2"
 		score = 75
 		quality = 85
@@ -264548,8 +264996,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Local_URL : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176184798248919044"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_url_persitence.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_url_persitence.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e95e5e97760d9b565184c588fdafe8408cdab61959aee5221485df53ef5f51d6"
 		score = 50
 		quality = 85
@@ -264572,12 +265020,12 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_SMB_URL : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176184798248919044"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_url_persitence.yar#L21-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_url_persitence.yar#L21-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e0bef7497fcb284edb0c65b59d511830"
 		logic_hash = "4903c8f4bb08e799f6787ad29cf7688f354f97a065bcd24c58d3ccd3778a6a15"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -264597,8 +265045,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Iconremote_Smborlocal : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ItsReallyNick/status/1176241449148588032"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_url_persitence.yar#L61-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_url_persitence.yar#L61-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8c49908c7f52ebcd512ff2dc8c40392767769130b9d39abb9d5fc9e130edb65c"
 		score = 50
 		quality = 85
@@ -264621,11 +265069,11 @@ rule SIGNATURE_BASE_Methodology_Shortcut_Hotkey : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176184798248919044"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_url_persitence.yar#L80-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_url_persitence.yar#L80-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a48f7c1125218ee89f58f1517e81150038a5d71889d847e7690b13c818b32fb5"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -264645,8 +265093,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Baseurlsyntax : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176184798248919044"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_url_persitence.yar#L99-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_url_persitence.yar#L99-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4aa29bedb5689fe16c067f5ea933e56804085712c7469b138d8b658a30a7eb67"
 		score = 50
 		quality = 85
@@ -264670,11 +265118,11 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Iconnotfromexeordllorico : F
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ItsReallyNick/status/1176229087196696577"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_url_persitence.yar#L161-L179"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_url_persitence.yar#L161-L179"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "957fe9f24d08033cf6e29d7e202e04bfb579577d3850a99e97da6b70924ae88e"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -264695,11 +265143,11 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Evasion : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DissectMalware/status/1176736510856634368"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_url_persitence.yar#L181-L198"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_url_persitence.yar#L181-L198"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c4fafae6af3ed5cc2e83e30427107d1c42cc4bc86d5c6a60e26953a11847029f"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -264719,11 +265167,11 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Lolcommand : FILE
 		date = "2019-09-27"
 		modified = "2021-02-14"
 		reference = "https://twitter.com/ItsReallyNick/status/1176601500069576704"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_url_persitence.yar#L201-L219"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_url_persitence.yar#L201-L219"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4ac9a555e61303a173443de2a189536c8ea0fc32ee73c589dd104275c7967c57"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -264743,11 +265191,11 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Webdav : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176243536754282497"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_url_persitence.yar#L222-L239"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_url_persitence.yar#L222-L239"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4fec084392140245eeb25bb512f3a4631ec6be08c197ec130a907fc118161197"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -264767,11 +265215,11 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Scripturl : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176184798248919044"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_url_persitence.yar#L241-L259"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_url_persitence.yar#L241-L259"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ece0013dbc9836fa800f99a10ab46c1eb081e1c04fe45fe17be26ffac1d464e9"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -264791,8 +265239,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Workingdirremote_HTTP : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176184798248919044"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_url_persitence.yar#L261-L278"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_url_persitence.yar#L261-L278"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c7c23c1253bf089519dec5f141f486425c6804640d9bffac9ce4c986ce25d323"
 		score = 50
 		quality = 85
@@ -264815,8 +265263,8 @@ rule SIGNATURE_BASE_Methodology_Suspicious_Shortcut_Workingdirremote_SMB : FILE
 		date = "2019-09-27"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1176184798248919044"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_url_persitence.yar#L280-L297"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_url_persitence.yar#L280-L297"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5d9caa64ac730d34a2dcfb3368f8302849275b6ee16fe31f20978d72382b0d73"
 		score = 50
 		quality = 85
@@ -264839,8 +265287,8 @@ rule SIGNATURE_BASE_Royalroad_Code_Pattern1 : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_royalroad.yar#L25-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_royalroad.yar#L25-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ebd507d95c454562fa0b364072120b35b1bf8dd2be129a419d893f6708ab9cca"
 		score = 80
 		quality = 85
@@ -264862,8 +265310,8 @@ rule SIGNATURE_BASE_Royalroad_Code_Pattern2 : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_royalroad.yar#L42-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_royalroad.yar#L42-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e252868042e5150d99de2c2f4642f3d91d764d5a062f3a8de9ab316e299e00ac"
 		score = 80
 		quality = 85
@@ -264885,8 +265333,8 @@ rule SIGNATURE_BASE_Royalroad_Code_Pattern3 : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_royalroad.yar#L59-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_royalroad.yar#L59-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3b5d9872eb86d1a220e5b70c560e7054bee8b2bc1fa2a75781d87616674e2927"
 		score = 80
 		quality = 85
@@ -264908,8 +265356,8 @@ rule SIGNATURE_BASE_Royalroad_Code_Pattern4Ab : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_royalroad.yar#L77-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_royalroad.yar#L77-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dd9468b3208a27b6f3b56037013f06c4d2adbd201a12df141bc980ad595a75c0"
 		score = 80
 		quality = 85
@@ -264931,8 +265379,8 @@ rule SIGNATURE_BASE_Royalroad_Code_Pattern4Ce : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_royalroad.yar#L94-L109"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_royalroad.yar#L94-L109"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7033c5874b406341a68f761b45fd6a9b73a9875c80b14d52a7c2240202c8fb40"
 		score = 80
 		quality = 85
@@ -264954,8 +265402,8 @@ rule SIGNATURE_BASE_Royalroad_Code_Pattern4D : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_royalroad.yar#L113-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_royalroad.yar#L113-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9b531063d2a5ae36ae4e708a749dcf2cdc4c85fc43769a8525049e6facfca674"
 		score = 80
 		quality = 85
@@ -264977,8 +265425,8 @@ rule SIGNATURE_BASE_Royalroad_RTF : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_royalroad.yar#L133-L148"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_royalroad.yar#L133-L148"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "20031fe6d6a0b2fad43f7e04bb82321c2ea75193f23194edead7ca530af8ac55"
 		score = 80
 		quality = 85
@@ -265000,8 +265448,8 @@ rule SIGNATURE_BASE_Royalroad_RTF_V7 : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_royalroad.yar#L150-L166"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_royalroad.yar#L150-L166"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "da043123cf72e19295634720196d78bef3af89f44cba795dbbcee4c0f5c8159a"
 		score = 60
 		quality = 85
@@ -265024,8 +265472,8 @@ rule SIGNATURE_BASE_Royalroad_Encode_In_RTF : FILE
 		date = "2020-01-15"
 		modified = "2023-12-05"
 		reference = "https://jsac.jpcert.or.jp/archive/2020/pdf/JSAC2020_8_koike-nakajima_jp.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_royalroad.yar#L168-L189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_royalroad.yar#L168-L189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "00a703a0d7b3a74ec9bfc8ad0e570ee04b3cb6b7f2c062cc2886b41f6fbea49d"
 		score = 60
 		quality = 85
@@ -265055,8 +265503,8 @@ rule SIGNATURE_BASE_SUSP_Fake_AMSI_DLL_Jun23_1 : FILE
 		date = "2023-06-07"
 		modified = "2023-06-12"
 		reference = "https://twitter.com/eversinc33/status/1666121784192581633?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_fake_amsi_dll.yar#L3-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_fake_amsi_dll.yar#L3-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ec3db233ab22144bc65614b45bb894a7ea5a4fd40ccb603e6e52cc1b9ff8805b"
 		score = 65
 		quality = 85
@@ -265083,8 +265531,8 @@ rule SIGNATURE_BASE_Glassrat
 		date = "2015-11-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_glassRAT.yar#L8-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_glassRAT.yar#L8-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "939d2cb11ff414641f68b2913fe8d24458e1fd7ba450b8781072bb10da3ad039"
 		score = 75
 		quality = 85
@@ -265115,8 +265563,8 @@ rule SIGNATURE_BASE_Glassrat_Generic : FILE
 		date = "2015-11-23"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/peering-into-glassrat/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_glassRAT.yar#L45-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_glassRAT.yar#L45-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fdd309c403e53bfa80340c1334f90fd5ef5f4618737b19069a07f7aa63aeb23d"
 		score = 80
 		quality = 85
@@ -265152,8 +265600,8 @@ rule SIGNATURE_BASE_Cobaltstrike_Resources_Beacon_Dll_V3_8_1
 		date = "2022-11-18"
 		modified = "2023-12-05"
 		reference = "https://cloud.google.com/blog/products/identity-security/making-cobalt-strike-harder-for-threat-actors-to-abuse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_gcti_cobaltstrike.yar#L1020-L1061"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_gcti_cobaltstrike.yar#L1020-L1061"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "67b6557f614af118a4c409c992c0d9a0cc800025f77861ecf1f3bbc7c293d603"
 		logic_hash = "cde078a6ae7d0d835900e85498cf5ae20663ba8d5d3f912810e157261561e16a"
 		score = 75
@@ -265180,8 +265628,8 @@ rule SIGNATURE_BASE_CVE_2015_1674_CNGSYS : CVE_2015_1674 FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "http://www.binvul.com/viewthread.php?tid=508"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2015_1674.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2015_1674.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "af4eb2a275f6bbc2bfeef656642ede9ce04fad36"
 		logic_hash = "d751ef739a6fb8b0871f92cb4aba21544f444944710407c723f0452dc3b85522"
 		score = 75
@@ -265208,8 +265656,8 @@ rule SIGNATURE_BASE_Plugx_J16_Gen : FILE
 		date = "2016-06-08"
 		modified = "2023-12-05"
 		reference = "VT Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_win_plugx.yar#L10-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_win_plugx.yar#L10-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3e988243663264b2647e098e36b83dd675141fa9765c9bd47c30f29bf176cd8f"
 		score = 75
 		quality = 85
@@ -265248,8 +265696,8 @@ rule SIGNATURE_BASE_Plugx_J16_Gen2 : FILE
 		date = "2016-06-08"
 		modified = "2023-12-05"
 		reference = "VT Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_win_plugx.yar#L42-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_win_plugx.yar#L42-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8fbe90cbff5d408d26b0a5ace6833a0e3100d11ff544184d9ccc2f39ee806de9"
 		score = 75
 		quality = 85
@@ -265279,8 +265727,8 @@ rule SIGNATURE_BASE_APT_CN_MAL_Reddelta_Shellcode_Loader_Oct20_1 : FILE
 		date = "2020-10-14"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/JAMESWT_MHT/status/1316387482708119556"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_reddelta.yar#L2-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_reddelta.yar#L2-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1f2406563b863b8ccd0fd8d8d33c576c4b82dabb55a1e4fa8291859323389834"
 		score = 75
 		quality = 85
@@ -265313,8 +265761,8 @@ rule SIGNATURE_BASE_APT_CN_MAL_Reddelta_Shellcode_Loader_Oct20_2 : FILE
 		date = "2020-10-14"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/JAMESWT_MHT/status/1316387482708119556"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_reddelta.yar#L31-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_reddelta.yar#L31-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "179265c0b2175bc3d2d581a69e50e9b8b9cc918a6fdc7bcef42fb163c49b077a"
 		score = 75
 		quality = 85
@@ -265346,8 +265794,8 @@ rule SIGNATURE_BASE_APT_CN_MAL_Reddelta_Shellcode_Loader_Oct20_3 : FILE
 		date = "2020-10-14"
 		modified = "2022-12-21"
 		reference = "https://twitter.com/JAMESWT_MHT/status/1316387482708119556"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_reddelta.yar#L59-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_reddelta.yar#L59-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "64402f6265f23abf7d6a711aa888c89386c1a754f12286b0efe5fd5d81f15b01"
 		score = 75
 		quality = 85
@@ -265373,8 +265821,8 @@ rule SIGNATURE_BASE_Lokibot_Dropper_Scancopypdf_Feb18 : FILE
 		date = "2018-02-14"
 		modified = "2023-12-05"
 		reference = "https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_loki_bot.yar#L11-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_loki_bot.yar#L11-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b9f10a09d91c10731e34dc88f87104693cdc794ddc3c63ee382f976d0a75f30f"
 		score = 75
 		quality = 85
@@ -265401,8 +265849,8 @@ rule SIGNATURE_BASE_Lokibot_Dropper_Packed_R11_Feb18 : FILE
 		date = "2018-02-14"
 		modified = "2023-12-05"
 		reference = "https://app.any.run/tasks/401df4d9-098b-4fd0-86e0-7a52ce6ddbf5"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_loki_bot.yar#L33-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_loki_bot.yar#L33-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9ca39cac8dcbbbe1697ef96bde60c522bb9cc190c208483220aa96bc672f325a"
 		score = 75
 		quality = 85
@@ -265426,8 +265874,8 @@ rule SIGNATURE_BASE_MAL_Nitol_Malware_Jan19_1 : FILE
 		date = "2019-01-14"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/shotgunner101/status/1084602413691166721"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_mal_nitol.yar#L4-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_mal_nitol.yar#L4-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4607496beb37500637c1e5509b42c0fe6f9e79548c85603819dc966fa2cc2be0"
 		score = 75
 		quality = 85
@@ -265457,8 +265905,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Fakefilemaker : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/DamonMohammadbagher/FakeFileMaker"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L3-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L3-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "27d402835f31b6383c837e90248ae5c6d22f4c267d52625ebfbcc2ee5099ccad"
 		score = 75
 		quality = 85
@@ -265481,8 +265929,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Wmipersistence : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/mdsecactivebreach/WMIPersistence"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L18-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L18-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f8f5e1b6d9b9e8e2f76a7e02385142bbeb755d1b1e41e501f4f74fcaba0a7dad"
 		score = 75
 		quality = 85
@@ -265505,8 +265953,8 @@ rule SIGNATURE_BASE_HKTL_NET_Adcollector_Sep22_1 : FILE
 		date = "2022-09-15"
 		modified = "2024-12-10"
 		reference = "https://github.com/dev-2null/ADCollector"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L55-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L55-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "66d5363e885378c442e7532f69d4c36618d7a0f5dbe67490631d1ed5078d3fba"
 		score = 75
 		quality = 85
@@ -265534,8 +265982,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Maliciousclickoncegenerator : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/Mr-Un1k0d3r/MaliciousClickOnceGenerator"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L77-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L77-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "91e5878d49ad9af5420d4e29afaa600337fb8051951598a997cd74d72c884206"
 		score = 75
 		quality = 85
@@ -265558,8 +266006,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Directinjectorpoc : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/badBounty/directInjectorPOC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L92-L105"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L92-L105"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ffdc5694668af6c82b493403373d2e2e915e45bca8d58ec1ab41c5a8bd28d781"
 		score = 75
 		quality = 85
@@ -265582,8 +266030,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Asstrongasfuck : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/Charterino/AsStrongAsFuck"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L107-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L107-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4765f2099bf8fa8ebccd8cdcc561354f4aeba28c2473fd8556f1ef1d5d28dadd"
 		score = 75
 		quality = 85
@@ -265606,8 +266054,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Magentoscanner : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/soufianetahiri/MagentoScanner"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L122-L135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L122-L135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "245dce3be07c8e84dfcd2cdb2d9f24406a9b11b437e74969f1472a6ee149fd9c"
 		score = 75
 		quality = 85
@@ -265630,8 +266078,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Revengerat_Stub_Cssharp : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/NYAN-x-CAT/RevengeRAT-Stub-CSsharp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L137-L150"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L137-L150"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a3bd1f8e52e6ed468b6a4fea83456ca813b69e2d676dfab687bbea5a746fed3c"
 		score = 75
 		quality = 85
@@ -265654,8 +266102,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharpyshell : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/antonioCoco/SharPyShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L152-L165"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L152-L165"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "89d0010c08349f8982c7f5aa5f7855702556ce10f9f3b5b18b61349c5233e001"
 		score = 75
 		quality = 85
@@ -265678,8 +266126,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Ghostloader : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/TheWover/GhostLoader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L167-L180"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L167-L180"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "91527b4b35f2bb1aeee236647c5169c67f2b9cfb867f2b6d486bd8d8b7455d4b"
 		score = 75
 		quality = 85
@@ -265702,8 +266150,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Dotnetinject : FILE
 		date = "2021-01-22"
 		modified = "2022-06-28"
 		reference = "https://github.com/dtrizna/DotNetInject"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L182-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L182-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "07ba4ba23372dbc2618dcea89ef643cd68371ace1116bfeb939b0f9adfc425bb"
 		score = 75
 		quality = 85
@@ -265728,8 +266176,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Atpminidump : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/b4rtik/ATPMiniDump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L204-L217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L204-L217"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7498ed5d11b9c3646ebd2d1330a239c43e9c5b270b1778871c2821a2fefb5137"
 		score = 75
 		quality = 85
@@ -265752,8 +266200,8 @@ rule SIGNATURE_BASE_SUSP_NET_NAME_Confuserex : FILE
 		date = "2021-01-22"
 		modified = "2021-01-25"
 		reference = "https://github.com/yck1509/ConfuserEx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L219-L234"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L219-L234"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "beecb7b66830a033e2048da246d320c1ffc5015b280b34fb61aee87c8a42fff3"
 		score = 40
 		quality = 85
@@ -265776,8 +266224,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharpbuster : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/passthehashbrowns/SharpBuster"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L236-L249"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L236-L249"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cdc19e03f75f34e6349937c0bff313298fc9310f361eec7af022c450d083ad96"
 		score = 75
 		quality = 85
@@ -265800,8 +266248,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Amsibypass : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/0xB455/AmsiBypass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L251-L269"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L251-L269"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8fa4ba512b34a898c4564a8eac254b6a786d195b"
 		logic_hash = "f93b1014c7e26462fbbd3cd572cfa21a09c5da915a9a51d3e58a46a2b9b7cfe4"
 		score = 75
@@ -265826,8 +266274,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Recon_AD : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/outflanknl/Recon-AD"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L271-L284"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L271-L284"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7bfafb2d3e85bb584bd02cb92457d22b07626f71d071c44a4aefbb5748045446"
 		score = 75
 		quality = 85
@@ -265850,8 +266298,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharpwatchdogs : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/RITRedteam/SharpWatchdogs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L286-L299"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L286-L299"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3b9410d7e502a5fd55e534d8fe79710d48cf65a0e9859bdd0fea6c8d32311df0"
 		score = 75
 		quality = 85
@@ -265874,8 +266322,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharpcat : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/Cn33liz/SharpCat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L301-L314"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L301-L314"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b9e5946f8df1649e71abf014aa6579edbbc93a12ddcc56f8d85d97ae087c8711"
 		score = 75
 		quality = 85
@@ -265898,8 +266346,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_K8Tools : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/k8gege/K8tools"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L316-L329"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L316-L329"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "370cab83917bbc76f7f3a1b7793773ddf139879880e55efe59c72a07b34120f1"
 		score = 75
 		quality = 85
@@ -265922,8 +266370,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Httpsbeaconshell : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/limbenjamin/HTTPSBeaconShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L331-L344"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L331-L344"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6a0d7e1f796ae6cefa297978c743916a08b2406c37fa2c1f3f697a17cb032517"
 		score = 75
 		quality = 85
@@ -265946,8 +266394,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Ghostpack_Compiledbinaries : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/r3motecontrol/Ghostpack-CompiledBinaries"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L346-L359"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L346-L359"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a8e90f07b7d1ec309e51e3606169a05c4bb2b2aa7e31ca26b21f927d648c13cd"
 		score = 75
 		quality = 85
@@ -265970,8 +266418,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Metasploit_Sharp : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/VolatileMindsLLC/metasploit-sharp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L361-L374"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L361-L374"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7a1c4e077e197a5cdca8cb12713abb3fa86a3f6ea8e8f2f632c9c8e42d829acc"
 		score = 75
 		quality = 85
@@ -265994,8 +266442,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Trevorc2 : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/trustedsec/trevorc2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L376-L389"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L376-L389"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c1d56ef865e6619d9d0deff90b154c63cc3036a8521d3952819e45f51fca9fea"
 		score = 75
 		quality = 85
@@ -266018,8 +266466,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Nativepayload_DNS2 : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/DamonMohammadbagher/NativePayload_DNS2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L391-L404"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L391-L404"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "765e6117f69fb58e5e71544badc8135b2ec641a74cc0489a7c79308ca2837bd7"
 		score = 75
 		quality = 85
@@ -266042,8 +266490,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Aggressiveproxy : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/EncodeGroup/AggressiveProxy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L406-L419"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L406-L419"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "702b0cc858cb1687962ac403a730e5f778bf51fc91627c50103e4299f4a3ca5f"
 		score = 75
 		quality = 85
@@ -266066,8 +266514,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Msbuildapicaller : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/rvrsh3ll/MSBuildAPICaller"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L421-L434"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L421-L434"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3c1f33c759e6331c562dbf76ce7e34ee82d10070e331d0967143d9d7fad077fc"
 		score = 75
 		quality = 85
@@ -266090,8 +266538,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Graykeylogger : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/DarkSecDevelopers/GrayKeylogger"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L436-L449"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L436-L449"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b8e12c5ddf0d50d0b3681594c8bc3410a24dab00035a5959e20d20045dacbbbd"
 		score = 75
 		quality = 85
@@ -266114,8 +266562,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Weevely3 : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/epinna/weevely3"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L451-L464"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L451-L464"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c57c6ba5276679a2d32e9b0ebb61059c5bed1ba45f9792ecef3d5c7244f38f24"
 		score = 75
 		quality = 85
@@ -266138,8 +266586,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Fudgec2 : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/Ziconius/FudgeC2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L466-L479"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L466-L479"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "89f3bf4b81a901e813c3021422c362d7e075dec7fd76240be121f677039f1994"
 		score = 75
 		quality = 85
@@ -266162,8 +266610,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Nativepayload_Reverse_Tcp : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/DamonMohammadbagher/NativePayload_Reverse_tcp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L481-L494"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L481-L494"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "055ee105cd46e54b4f49dd92975ecc08a6184fa8508585ee528d19de34914758"
 		score = 75
 		quality = 85
@@ -266186,8 +266634,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharphose : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/ustayready/SharpHose"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L496-L509"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L496-L509"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e3af2a156c2451f7ed2fe3e888fdf2ae080298f7eff56801ddc0c612f04902ee"
 		score = 75
 		quality = 85
@@ -266210,8 +266658,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_RAT_Njrat_0_7D_Modded_Source_Code : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/AliBawazeEer/RAT-NjRat-0.7d-modded-source-code"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L511-L524"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L511-L524"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f437195348452242adc8b55d6d517a17764c53188fa2de5cd15848fd23827381"
 		score = 75
 		quality = 85
@@ -266234,8 +266682,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Rdpthief : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/0x09AL/RdpThief"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L526-L539"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L526-L539"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8e472c8265d517e512eada819627d56ff449fae4d80054946e9ea96f74004f05"
 		score = 75
 		quality = 85
@@ -266258,8 +266706,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Runascs : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/antonioCoco/RunasCs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L541-L554"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L541-L554"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9fd22a3e92222134c101693b944a2ad53055f9cfafe99823fd6f412981f5afa3"
 		score = 75
 		quality = 85
@@ -266282,8 +266730,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Nativepayload_IP6DNS : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/DamonMohammadbagher/NativePayload_IP6DNS"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L556-L569"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L556-L569"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "509c396b97524335735107644460eebed3146b2bc5f8dedb909c9754b2121f5f"
 		score = 75
 		quality = 85
@@ -266306,8 +266754,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Nativepayload_ARP : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/DamonMohammadbagher/NativePayload_ARP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L571-L584"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L571-L584"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e8cecfe09f1cb80eb693eb293dfb8c1bc3885a96dfa045b2391216c5f6f6f983"
 		score = 75
 		quality = 85
@@ -266330,8 +266778,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_C2Bridge : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/cobbr/C2Bridge"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L586-L599"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L586-L599"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d5f6d6e9d475bf2d8a49d7550bf3b718539753f3494b58462094bfc0a37b813a"
 		score = 75
 		quality = 85
@@ -266354,8 +266802,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Infrastructure_Assessment : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/NyaMeeEain/Infrastructure-Assessment"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L601-L614"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L601-L614"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7b2f1481c2880b5b3ee158f2a526ab7fc5e587bbf3847ebe9ddf447742109a78"
 		score = 75
 		quality = 85
@@ -266378,8 +266826,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Shellcodetester : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/tophertimzen/shellcodeTester"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L616-L629"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L616-L629"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3101b62428eba5e36572a190bd3a11f59cf9cca10aec3cfe3000028f1b1f0a3f"
 		score = 50
 		quality = 85
@@ -266402,8 +266850,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Gray_Hat_Csharp_Code : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/brandonprry/gray_hat_csharp_code"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L631-L644"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L631-L644"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4520528cd6b1832c97fa79442f9d448d54bad4e6944984fa6e71f34246259e28"
 		score = 75
 		quality = 85
@@ -266426,8 +266874,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Nativepayload_Reverseshell : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/DamonMohammadbagher/NativePayload_ReverseShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L646-L659"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L646-L659"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "79ebde95674d76e58938b06a97cb6c65e6ac0606398fc9c30d90e517bbdd62a8"
 		score = 75
 		quality = 85
@@ -266450,8 +266898,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Dotnetavbypass : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/mandreko/DotNetAVBypass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L661-L674"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L661-L674"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "574a5f1bc1873321042e932ddfd53853e8e06dff3b25f2ad41e6b8aaf150a8b2"
 		score = 75
 		quality = 85
@@ -266474,8 +266922,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Hexyrunner : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/bao7uo/HexyRunner"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L676-L689"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L676-L689"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c55be1fe285358378a98fd1027650dd20dd8cd0aad4dc062df7a0d4538c78c3b"
 		score = 75
 		quality = 85
@@ -266498,8 +266946,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Sharpoffensiveshell : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/darkr4y/SharpOffensiveShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L691-L704"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L691-L704"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "36bcae7817eed375e48822a49e6875295ea1037217231a7f9ae88a9b8af95530"
 		score = 75
 		quality = 85
@@ -266522,8 +266970,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Reconness : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/reconness/reconness"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L706-L719"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L706-L719"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9cb7a3522bada1c724999058ec4ddfde09b22166f8fb3ba184dfe6bec276cfc5"
 		score = 75
 		quality = 85
@@ -266546,8 +266994,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Tvasion : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/loadenmb/tvasion"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L721-L734"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L721-L734"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b6262f751cbb85e702d89e7c5b4efdc8eaf3085101cd7685218ab1e8a2599385"
 		score = 75
 		quality = 85
@@ -266570,8 +267018,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Ibombshell : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/Telefonica/ibombshell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L736-L749"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L736-L749"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "30de65328e2e2230eca3a30490e20c2c6d8ac9bdc835ee15d44300a00b801921"
 		score = 75
 		quality = 85
@@ -266594,8 +267042,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Remoteprocessinjection : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/Mr-Un1k0d3r/RemoteProcessInjection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L751-L764"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L751-L764"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "87d803c361462877f5ebba2a70f611c95b8684fe9f9f747ccf9643fc4e97d9df"
 		score = 75
 		quality = 85
@@ -266618,8 +267066,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_CACTUSTORCH : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/mdsecactivebreach/CACTUSTORCH"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L766-L779"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L766-L779"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "51a125a44b5d1e73509bcd29865b26f44a5ee53f6907ee9abffa3eef1bbbdea8"
 		score = 75
 		quality = 85
@@ -266642,8 +267090,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Pandasniper : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/QAX-A-Team/PandaSniper"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L781-L794"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L781-L794"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c5a32f22a429777186d88f3fcfa79ad4d971e86ebd6117df74aae19728c6addd"
 		score = 75
 		quality = 85
@@ -266666,8 +267114,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Xbapappwhitelistbypasspoc : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/jpginc/xbapAppWhitelistBypassPOC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L796-L809"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L796-L809"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3c79b70d3a72084dff391ba297518c4fe748d35b794278c4edf2d1faa4bd216e"
 		score = 75
 		quality = 85
@@ -266690,8 +267138,8 @@ rule SIGNATURE_BASE_HKTL_NET_NAME_Stagestrike : FILE
 		date = "2021-01-22"
 		modified = "2024-12-10"
 		reference = "https://github.com/RedXRanger/StageStrike"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_names.yar#L811-L824"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_names.yar#L811-L824"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "99abc2fee732f27ea94c8ce244dc1742ed01a7753adedd7e80226d1e1c8dee4a"
 		score = 75
 		quality = 85
@@ -266714,8 +267162,8 @@ rule SIGNATURE_BASE_MAL_DOC_Zloader_Oct20_1 : FILE
 		date = "2020-10-10"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/JohnLaTwC/status/1314602421977452544"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_zloader_maldocs.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_zloader_maldocs.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6f546a860361d3caff99c282465dbbd1880460c7491a1b5ad065c1b5d91e5d49"
 		score = 75
 		quality = 85
@@ -266743,8 +267191,8 @@ rule SIGNATURE_BASE_VULN_PHP_Hack_Backdoored_Zlib_Zerodium_Mar21_1 : FILE
 		date = "2021-03-29"
 		modified = "2023-12-05"
 		reference = "https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vul_php_zlib_backdoor.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vul_php_zlib_backdoor.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "74bfd9e12cb7671cde953d361a2adeb9388edd9b2aab0f9ce04dce0d433561dc"
 		score = 75
 		quality = 85
@@ -266766,8 +267214,8 @@ rule SIGNATURE_BASE_MAL_Passwordstate_Moserware_Backdoor_Apr21_1 : FILE
 		date = "2021-04-25"
 		modified = "2023-12-05"
 		reference = "https://thehackernews.com/2021/04/passwordstate-password-manager-update.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_passwordstate_backdoor.yar#L1-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_passwordstate_backdoor.yar#L1-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "46bf5b7f4f75997535742021d1d5c2129daae0b3836c08383058e5e5b8e27d93"
 		score = 75
 		quality = 85
@@ -266796,8 +267244,8 @@ rule SIGNATURE_BASE_Generic_Dropper : FILE
 		date = "2018-03-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/JAHZVL"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_dropper_pdb.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_dropper_pdb.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e4ef83796d232edf34a6339e00db486612a88ff2d054f1afcd524def2e53b3b7"
 		score = 75
 		quality = 85
@@ -266822,8 +267270,8 @@ rule SIGNATURE_BASE_MAL_Crime_Win32_Rat_Parallax_Shell_Bin : FILE
 		date = "2020-05-05"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/VK_Intel/status/1257714191902937088"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_rat_parallax.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_rat_parallax.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6b8c71cc19ca6f066d27a4e58d9ec347ac51d245308f2c41adf2386242581610"
 		score = 75
 		quality = 85
@@ -266847,8 +267295,8 @@ rule SIGNATURE_BASE_EXPL_Cleo_Exploitation_Log_Indicators_Dec24 : SCRIPT
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cleo_dec24.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cleo_dec24.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a7e6713a08d7cce00cffba8daa12b251ccc12dc8d5a5f38d568bd5054e3783a2"
 		score = 75
 		quality = 85
@@ -266871,8 +267319,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Cleo_Exploitation_Log_Indicators_Dec24_1 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cleo_dec24.yar#L18-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cleo_dec24.yar#L18-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "481ddd570d0292036b421223ce0f839ece86cc1a97aa226a8b9fbd1d63905d1b"
 		score = 75
 		quality = 83
@@ -266912,8 +267360,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Cleo_Exploitation_Log_Indicators_Dec24_2 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cleo_dec24.yar#L54-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cleo_dec24.yar#L54-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8debaf2c85ea63501b7a3c2ff8af7a8484f4d6097e073645d808cbd50ef1511a"
 		score = 70
 		quality = 85
@@ -266953,8 +267401,8 @@ rule SIGNATURE_BASE_EXPL_Cleo_Exploitation_XML_Indicators_Dec24 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cleo_dec24.yar#L91-L109"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cleo_dec24.yar#L91-L109"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "21c11c3e0c0ffea89e24b9c002b6112a46b4dc7c2c4f1f5dc9803758a68efc36"
 		score = 70
 		quality = 85
@@ -266977,8 +267425,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Cleo_Exploitation_XML_Indicators_Dec24_1 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cleo_dec24.yar#L112-L146"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cleo_dec24.yar#L112-L146"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c9be15aec57fdde62815ee04daa5616940ab7949784d382a4825dce9f1e28568"
 		score = 70
 		quality = 83
@@ -267018,8 +267466,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Cleo_Exploitation_XML_Indicators_Dec24_2 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cleo_dec24.yar#L148-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cleo_dec24.yar#L148-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "60e53c8d99fde8c48bff67408605aa69c3c1fe3040ba4f9d2080980df970aa93"
 		score = 70
 		quality = 85
@@ -267059,8 +267507,8 @@ rule SIGNATURE_BASE_EXPL_Cleo_Exploitation_PS1_Indicators_Dec24 : SCRIPT
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cleo_dec24.yar#L185-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cleo_dec24.yar#L185-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "87dcd0aa3c16d8948514b1d8589d38c6cc73bf7e6262f4517659cead16fedd3d"
 		score = 75
 		quality = 85
@@ -267085,8 +267533,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_JAR_Indicators_Dec24 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cleo_dec24.yar#L204-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cleo_dec24.yar#L204-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8b87e7000ab5d9759f55660a085bf0f3dddb46ad1ea411cbbabce1000105ee9e"
 		score = 70
 		quality = 85
@@ -267111,8 +267559,8 @@ rule SIGNATURE_BASE_EXPL_Cleo_Exploitation_JAVA_Payloads_Dec24_1_1 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cleo_dec24.yar#L224-L245"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cleo_dec24.yar#L224-L245"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "85600e9310e502b3b2135f2f3cf698ae54fe362047cdf9d378dcc107e0c2fa18"
 		score = 75
 		quality = 85
@@ -267138,8 +267586,8 @@ rule SIGNATURE_BASE_EXPL_Cleo_Exploitation_JAVA_Payloads_Dec24_2 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cleo_dec24.yar#L247-L265"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cleo_dec24.yar#L247-L265"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2bb5eace09b832bf3ce296484f473c9c56f97b881ea17838408be6000cc6fcb1"
 		score = 75
 		quality = 85
@@ -267164,8 +267612,8 @@ rule SIGNATURE_BASE_EXPL_Cleo_Exploitation_JAVA_Payloads_Dec24_3 : FILE
 		date = "2024-12-10"
 		modified = "2024-12-12"
 		reference = "https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cleo_dec24.yar#L267-L286"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cleo_dec24.yar#L267-L286"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "64a6194110d4eb359cc3f15137cf752d598f2f0a52ac181fcaa358bf40072f54"
 		score = 75
 		quality = 85
@@ -267191,8 +267639,8 @@ rule SIGNATURE_BASE_APT_RU_APT27_Hyperbro_Vftrace_Loader_Jan22_1 : FILE
 		date = "2022-01-14"
 		modified = "2023-12-05"
 		reference = "https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2022-01-bfv-cyber-brief.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt27_hyperbro.yar#L3-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt27_hyperbro.yar#L3-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d8785ea937891636bea5ed8128de44fa6084a1a48800c1586739c5ca9e4c43bd"
 		score = 75
 		quality = 85
@@ -267216,8 +267664,8 @@ rule SIGNATURE_BASE_APT_CN_APT27_Compromised_Certficate_Jan22_1
 		date = "2022-01-29"
 		modified = "2023-12-05"
 		reference = "https://www.verfassungsschutz.de/SharedDocs/publikationen/DE/cyberabwehr/2022-01-bfv-cyber-brief.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt27_hyperbro.yar#L21-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt27_hyperbro.yar#L21-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "94a40d55936fc341eaba5e1accc8bfe3a401114298e7a3cc4d5c64af36eadf9e"
 		score = 80
 		quality = 85
@@ -267235,8 +267683,8 @@ rule SIGNATURE_BASE_Hvs_APT27_Hyperbro_Decrypted_Stage2 : FILE
 		date = "2022-02-07"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/en/threat-intelligence-report-emissary-panda-apt27"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt27_hyperbro.yar#L35-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt27_hyperbro.yar#L35-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6eb56c4a92e89977e536ccc3c70170062aca072c6981b40aeea184ea2ca461a6"
 		score = 75
 		quality = 85
@@ -267264,8 +267712,8 @@ rule SIGNATURE_BASE_Hvs_APT27_Hyperbro_Stage3 : FILE
 		date = "2022-02-07"
 		modified = "2023-01-07"
 		reference = "https://www.hvs-consulting.de/en/threat-intelligence-report-emissary-panda-apt27"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt27_hyperbro.yar#L59-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt27_hyperbro.yar#L59-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "49c1e70d63d93244b4b44525f2b30c05512b5f3a30d6d7c43c9366a95c84e79b"
 		score = 50
 		quality = 85
@@ -267296,8 +267744,8 @@ rule SIGNATURE_BASE_Hvs_APT27_Hyperbro_Stage3_C2
 		date = "2022-02-07"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/en/threat-intelligence-report-emissary-panda-apt27"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt27_hyperbro.yar#L86-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt27_hyperbro.yar#L86-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "676df1eaa782c6b876df138a0ddddc3c63e277b84d4414b044314ee219674420"
 		score = 50
 		quality = 81
@@ -267320,8 +267768,8 @@ rule SIGNATURE_BASE_Hvs_APT27_Hyperbro_Stage3_Persistence
 		date = "2022-02-07"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/en/threat-intelligence-report-emissary-panda-apt27"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt27_hyperbro.yar#L103-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt27_hyperbro.yar#L103-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "db4b7be2bafe29b5e7c81a90e17a660cf73cff1c2e8edd04a9421daba09e3e0e"
 		score = 75
 		quality = 85
@@ -267344,8 +267792,8 @@ rule SIGNATURE_BASE_Hvs_APT27_Hyperbro_Encrypted_Stage2 : FILE
 		date = "2022-02-07"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/en/threat-intelligence-report-emissary-panda-apt27"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt27_hyperbro.yar#L120-L389"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt27_hyperbro.yar#L120-L389"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c3b07bdb19730fc9c8cca8aa7581a32eb80e3dbc5c4d366fbb2f9966081c1a21"
 		score = 75
 		quality = 60
@@ -267622,8 +268070,8 @@ rule SIGNATURE_BASE_APT_APT28_Cannon_Trojan_Nov18_1 : FILE
 		date = "2018-11-20"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/11/unit42-sofacy-continues-global-attacks-wheels-new-cannon-trojan/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_cannon.yar#L2-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_cannon.yar#L2-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "de8c7bf80fe6209d00955c375b769a3aca138759335abb11f5086f85a4a9c367"
 		score = 75
 		quality = 85
@@ -267662,8 +268110,8 @@ rule SIGNATURE_BASE_VULN_PHP_Hack_Backdoored_Phpass_May21 : FILE
 		date = "2022-05-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/s0md3v/status/1529005758540808192"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vul_backdoor_antitheftweb.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vul_backdoor_antitheftweb.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d9669dadc698c6fa63d61857f9ada16a9303aa8bf4139bec75104f2e9f00a36a"
 		score = 75
 		quality = 85
@@ -267684,8 +268132,8 @@ rule SIGNATURE_BASE_VULN_Python_Hack_Backdoored_Ctx_May21 : FILE
 		date = "2022-05-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/s0md3v/status/1529005758540808192"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vul_backdoor_antitheftweb.yar#L16-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vul_backdoor_antitheftweb.yar#L16-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f8047eb4e0420e4ec01fb038acdc4abdcc3aa4dada5ce072d20f78acac942079"
 		score = 75
 		quality = 85
@@ -267700,6 +268148,44 @@ rule SIGNATURE_BASE_VULN_Python_Hack_Backdoored_Ctx_May21 : FILE
 	condition:
 		filesize < 10KB and $x1
 }
+
+rule SIGNATURE_BASE_MAL_CRIME_RAT_WIN_PE_Godrat_Aug25 : GODRAT RAT WINDOWS GH0ST_RAT GETGOD FILE
+{
+	meta:
+		description = "Detects GodRAT malware targeting Windows systems"
+		author = "Arda Buyukkaya"
+		id = "94cb826c-81f9-5254-ad23-71efc21f403d"
+		date = "2025-08-23"
+		modified = "2025-09-09"
+		reference = "https://securelist.com/godrat/117119/"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_crime_win_pe_godrat_aug25.yar#L4-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
+		hash = "154e800ed1719dbdcb188c00d5822444717c2a89017f2d12b8511eeeda0c2f41"
+		logic_hash = "eda3175277bbf9f6408f5d2dd25d6780552aad4104fe62bb92125c734f9fdd98"
+		score = 75
+		quality = 83
+		tags = "GODRAT, RAT, WINDOWS, GH0ST RAT, GETGOD, FILE"
+		family = "GodRAT"
+		victims = "Financial services"
+
+	strings:
+		$winrt_txt = "C++/WinRT version" ascii wide nocase
+		$api_blob = {
+         4E 74 43 72 65 61 74 65 53 65 63 74 69 6F 6E 00                          // NtCreateSection
+         4E 74 4D 61 70 56 69 65 77 4F 66 53 65 63 74 69 6F 6E 00 00              // NtMapViewOfSection
+         4E 74 55 6E 6D 61 70 56 69 65 77 4F 66 53 65 63 74 69 6F 6E 00 00 00 00  // NtUnmapViewOfSection
+      }
+		$ld_movups = { 0F 10 05 ?? ?? ?? ?? }
+		$ld_movq = { F3 0F 7E 05 ?? ?? ?? ?? }
+		$st_movups = { 0F 11 85 ?? ?? ?? ?? }
+		$st_movq = { 66 0F D6 85 ?? ?? ?? ?? }
+		$scan_loop = { 8A 01 41 84 C0 75 F9 }
+		$cmp_len_770 = { 81 FF 70 07 00 00 0F 82 ?? ?? ?? ?? }
+		$cmp_len_76C = { 81 FF 6C 07 00 00 0F 82 ?? ?? ?? ?? }
+
+	condition:
+		pe.is_pe and filesize <= 10MB and ( ( $winrt_txt and ( pe.imphash ( ) == "0f4b0270c84616ce594b6a84c47a7717" ) ) or ( ( $ld_movups or $ld_movq ) and ( ( #st_movups >= 2 ) or ( #st_movq >= 2 ) or ( #st_movups >= 1 and #st_movq >= 1 ) ) and $scan_loop and $api_blob and ( $cmp_len_770 or $cmp_len_76C ) ) or pe.imphash ( ) == "ee5ea868d8233000216e7b29bc8cb4e2" )
+}
 rule SIGNATURE_BASE_SUSP_Microsoft_7Z_SFX_Combo : FILE
 {
 	meta:
@@ -267709,8 +268195,8 @@ rule SIGNATURE_BASE_SUSP_Microsoft_7Z_SFX_Combo : FILE
 		date = "2018-09-16"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_sfx_with_microsoft_copyright.yar#L1-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_sfx_with_microsoft_copyright.yar#L1-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f48887e0c1031d180e25f2d1b9e016d434f594aef283ab3af8418e86496d2eac"
 		score = 65
 		quality = 85
@@ -267741,8 +268227,8 @@ rule SIGNATURE_BASE_SUSP_Microsoft_RAR_SFX_Combo : FILE
 		date = "2018-09-16"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_sfx_with_microsoft_copyright.yar#L27-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_sfx_with_microsoft_copyright.yar#L27-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a0f29fcf86139a6f95b4ab0095154bd26b555f1576b5a2e263c1939bc30e3431"
 		score = 65
 		quality = 85
@@ -267773,8 +268259,8 @@ rule SIGNATURE_BASE_SUSP_RAR_Single_Doc_File : FILE
 		date = "2020-07-11"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_hunting_susp_rar.yar#L3-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_hunting_susp_rar.yar#L3-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bfc8c60c86e65e041976dac9d15c486ad99da930849bd697c869eec0a2626c38"
 		score = 40
 		quality = 85
@@ -267786,44 +268272,6 @@ rule SIGNATURE_BASE_SUSP_RAR_Single_Doc_File : FILE
 	condition:
 		uint16( 0 ) == 0x6152 and filesize < 4000KB and $s1 at ( uint16( 5 ) + uint16( uint16( 5 ) + 5 ) + uint16( uint16( 5 ) + uint16( uint16( 5 ) + 5 ) + 5 ) - 9 ) and ( uint16( 5 ) + uint16( uint16( 5 ) + 5 ) + uint16( uint16( 5 ) + uint16( uint16( 5 ) + 5 ) + 5 ) + uint32( uint16( 5 ) + uint16( uint16( 5 ) + 5 ) + 7 ) > filesize -8 )
 }
-
-rule SIGNATURE_BASE_MAL_CRIME_RAT_WIN_PE_Godrat_Aug23 : GODRAT RAT WINDOWS GH0ST_RAT GETGOD FILE
-{
-	meta:
-		description = "Detects GodRAT malware targeting Windows systems"
-		author = "Arda Buyukkaya"
-		id = "94cb826c-81f9-5254-ad23-71efc21f403d"
-		date = "2025-08-23"
-		modified = "2025-08-27"
-		reference = "https://securelist.com/godrat/117119/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/MAL_CRIME_RAT_WIN_PE_GodRat_Aug25.yar#L4-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
-		hash = "154e800ed1719dbdcb188c00d5822444717c2a89017f2d12b8511eeeda0c2f41"
-		logic_hash = "eda3175277bbf9f6408f5d2dd25d6780552aad4104fe62bb92125c734f9fdd98"
-		score = 75
-		quality = 83
-		tags = "GODRAT, RAT, WINDOWS, GH0ST RAT, GETGOD, FILE"
-		family = "GodRAT"
-		victims = "Financial services"
-
-	strings:
-		$winrt_txt = "C++/WinRT version" ascii wide nocase
-		$api_blob = {
-            4E 74 43 72 65 61 74 65 53 65 63 74 69 6F 6E 00              // NtCreateSection
-            4E 74 4D 61 70 56 69 65 77 4F 66 53 65 63 74 69 6F 6E 00 00  // NtMapViewOfSection
-            4E 74 55 6E 6D 61 70 56 69 65 77 4F 66 53 65 63 74 69 6F 6E 00 00 00 00  // NtUnmapViewOfSection
-        }
-		$ld_movups = { 0F 10 05 ?? ?? ?? ?? }
-		$ld_movq = { F3 0F 7E 05 ?? ?? ?? ?? }
-		$st_movups = { 0F 11 85 ?? ?? ?? ?? }
-		$st_movq = { 66 0F D6 85 ?? ?? ?? ?? }
-		$scan_loop = { 8A 01 41 84 C0 75 F9 }
-		$cmp_len_770 = { 81 FF 70 07 00 00 0F 82 ?? ?? ?? ?? }
-		$cmp_len_76C = { 81 FF 6C 07 00 00 0F 82 ?? ?? ?? ?? }
-
-	condition:
-		pe.is_pe and filesize <= 10MB and ( ( $winrt_txt and ( pe.imphash ( ) == "0f4b0270c84616ce594b6a84c47a7717" ) ) or ( ( $ld_movups or $ld_movq ) and ( ( #st_movups >= 2 ) or ( #st_movq >= 2 ) or ( #st_movups >= 1 and #st_movq >= 1 ) ) and $scan_loop and $api_blob and ( $cmp_len_770 or $cmp_len_76C ) ) or pe.imphash ( ) == "ee5ea868d8233000216e7b29bc8cb4e2" )
-}
 rule SIGNATURE_BASE_Woolengoldfish_Sample_1
 {
 	meta:
@@ -267833,8 +268281,8 @@ rule SIGNATURE_BASE_Woolengoldfish_Sample_1
 		date = "2015-03-25"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/NpJpVZ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_woolengoldfish.yar#L13-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_woolengoldfish.yar#L13-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7ad0eb113bc575363a058f4bf21dbab8c8f7073a"
 		logic_hash = "9490715a2fc7d3c742771a8211bcfb4c0a0bafba4d5de8eee5825fdabaded6af"
 		score = 60
@@ -267858,8 +268306,8 @@ rule SIGNATURE_BASE_Woolengoldfish_Generic_1
 		date = "2015-03-25"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/NpJpVZ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_woolengoldfish.yar#L30-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_woolengoldfish.yar#L30-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "79879be4f49c8830573eb4a9f958ef9060413ea8b5dd3f8f3d5816e146d3a0b7"
 		score = 90
 		quality = 85
@@ -267896,8 +268344,8 @@ rule SIGNATURE_BASE_Woolengoldfish_Generic_2
 		date = "2015-03-25"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/NpJpVZ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_woolengoldfish.yar#L62-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_woolengoldfish.yar#L62-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "25d2ea25543b0a6330e443333f1ac7a59874631c8ee7faeb4ea6d94c62c255fc"
 		score = 90
 		quality = 85
@@ -267923,8 +268371,8 @@ rule SIGNATURE_BASE_Woolengoldfish_Generic_3
 		date = "2015-03-25"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/NpJpVZ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_woolengoldfish.yar#L81-L111"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_woolengoldfish.yar#L81-L111"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ac51c25ad6ef6668238fef1de50517d48e6509f57cd6dd723595777ae16d8a6c"
 		score = 90
 		quality = 83
@@ -267961,8 +268409,8 @@ rule SIGNATURE_BASE_SUSP_ELF_LNX_UPX_Compressed_File : FILE
 		date = "2018-12-12"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_elf_file_anomalies.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_elf_file_anomalies.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0d310de1ab68bd6da9ae057c7edea0d6b24d408f85ec40c2306f1ac8a2bc2f55"
 		score = 40
 		quality = 85
@@ -267987,8 +268435,8 @@ rule SIGNATURE_BASE_Foudre_Backdoor_1 : FILE
 		date = "2017-08-01"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/Nbqbt6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_foudre.yar#L13-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_foudre.yar#L13-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e42959162017ddf6da1d0b2950096e93e0e98c3e5f88ae28fc48e82ef98ca87b"
 		score = 75
 		quality = 85
@@ -268014,8 +268462,8 @@ rule SIGNATURE_BASE_Foudre_Backdoor_Dropper_1 : FILE
 		date = "2017-08-01"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/Nbqbt6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_foudre.yar#L31-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_foudre.yar#L31-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "77ae856e74ceb04e73c26154d7b4cf98ed0e1d8b9ac6ed78775becbff2473e13"
 		score = 75
 		quality = 85
@@ -268044,8 +268492,8 @@ rule SIGNATURE_BASE_Foudre_Backdoor_Component_1 : FILE
 		date = "2017-08-01"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/Nbqbt6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_foudre.yar#L53-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_foudre.yar#L53-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2eb267ab93c297101aef0cfcca78d0299ca7baa96b983a5f2ff547394cbac82d"
 		score = 75
 		quality = 85
@@ -268071,8 +268519,8 @@ rule SIGNATURE_BASE_Foudre_Backdoor_SFX : FILE
 		date = "2017-08-01"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/Nbqbt6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_foudre.yar#L77-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_foudre.yar#L77-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dd5492f5314cb87fdb7c8b29bdf31e1fcd8541ed47b20f309538437d9c6ac600"
 		score = 75
 		quality = 85
@@ -268098,8 +268546,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Pipe_Backdoor : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron.yara#L4-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron.yara#L4-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "72f6c6fa65f15e4bab18a0f9d5b5b2f571b21d70c7ff306020784ce604a2e0a5"
 		score = 75
 		quality = 85
@@ -268126,8 +268574,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Encrypted_LSA : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron.yara#L23-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron.yara#L23-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aaeee77b596e304836e23241fdc602d0ffed3379b386724210859c84033ac2b5"
 		score = 75
 		quality = 60
@@ -268156,8 +268604,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Encrypted_SSPI : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron.yara#L49-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron.yara#L49-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "99d7444ffc45076e97ac3f5c9909ae26a927bbdcfef274d12d162c59e8113d65"
 		score = 75
 		quality = 60
@@ -268176,8 +268624,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Mytrampoline : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron.yara#L65-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron.yara#L65-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0bd98815fbf6e82cf477e4f4f98360a4c132b2b21e2e5991f6c10903bd4df52b"
 		score = 75
 		quality = 85
@@ -268204,8 +268652,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Encrypted_Container : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron.yara#L85-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron.yara#L85-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9b36f2f1161fd2ff856db520efca8648892656b7a2587dce1a7445af4fbba013"
 		score = 75
 		quality = 60
@@ -268228,8 +268676,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Encryption : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron.yara#L105-L123"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron.yara#L105-L123"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ae3a681b0cf9ed93d25fa35982daab48c460ba9737eb643ba28a972ea3a7b401"
 		score = 75
 		quality = 85
@@ -268253,8 +268701,8 @@ rule SIGNATURE_BASE_Apt_Projectsauron_Generic_Pipe_Backdoor : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron.yara#L125-L144"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron.yara#L125-L144"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ec8a311ec1bd98532c278f72c77e58edb5890db940046dfcd14adf1495e9de1e"
 		score = 75
 		quality = 83
@@ -268280,8 +268728,8 @@ rule SIGNATURE_BASE_B374K_Back_Connect : FILE
 		date = "2016-08-18"
 		modified = "2023-12-05"
 		reference = "Internal Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_b374k_extra.yar#L8-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_b374k_extra.yar#L8-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dd89aefb6c1add44bfe2a706cd161a16f36a649f910ace16b641a7836525aa73"
 		score = 80
 		quality = 85
@@ -268306,8 +268754,8 @@ rule SIGNATURE_BASE_MAL_Envrial_Jan18_1 : FILE
 		date = "2018-01-21"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/malwrhunterteam/status/953313514629853184"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_envrial.yar#L11-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_envrial.yar#L11-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f047bedaac4dd934657b282a2587c55f3087a7cceb1a80becf14e7db3c365e8b"
 		score = 75
 		quality = 85
@@ -268340,8 +268788,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_INC_Aug24 : FILE
 		date = "2024-08-08"
 		modified = "2024-12-12"
 		reference = "https://twitter.com/rivitna2/status/1701739812733014313"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_inc_ransomware.yar#L1-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_inc_ransomware.yar#L1-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "335b92027c551d074015b830d137cf2fdee81d792cd7360f2499c83cc895fbbb"
 		score = 80
 		quality = 85
@@ -268372,8 +268820,8 @@ rule SIGNATURE_BASE_SUSP_Doc_Windowsinstaller_Call_Feb22_1 : FILE
 		date = "2022-02-26"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/threatinsight/status/1497355737844133895"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_maldoc.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_maldoc.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "279182487ab7d35264adfbd0d122ee7634cd92ae1711de78ec7f20928df34f49"
 		score = 65
 		quality = 85
@@ -268398,8 +268846,8 @@ rule SIGNATURE_BASE_SUSP_NVIDIA_LAPSUS_Leak_Compromised_Cert_Mar22_1 : FILE
 		date = "2022-03-03"
 		modified = "2022-03-04"
 		reference = "https://twitter.com/cyb3rops/status/1499514240008437762"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_nvidia_leaked_cert.yar#L4-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_nvidia_leaked_cert.yar#L4-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e7e9e58ec1e3922471ad3ffd4ad9fbb3ac4b3c3841c35d1cd8886607f3cf1ab9"
 		score = 70
 		quality = 85
@@ -268418,8 +268866,8 @@ rule SIGNATURE_BASE_Rehashed_RAT_1 : FILE
 		date = "2017-09-08"
 		modified = "2023-12-05"
 		reference = "https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_rehashed_rat.yar#L13-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_rehashed_rat.yar#L13-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "06a98e87d931bdea697a2cf3de604f03654f9aa2b3f2346e78ba92e492c0fc7c"
 		score = 75
 		quality = 85
@@ -268450,8 +268898,8 @@ rule SIGNATURE_BASE_Rehashed_RAT_2 : FILE
 		date = "2017-09-08"
 		modified = "2023-12-05"
 		reference = "https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_rehashed_rat.yar#L41-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_rehashed_rat.yar#L41-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "96c4582981792eb5f8180c06a5fe824fd439cfa0ede294eccff3afa7d318a6e9"
 		score = 75
 		quality = 85
@@ -268480,8 +268928,8 @@ rule SIGNATURE_BASE_Rehashed_RAT_3 : FILE
 		date = "2017-09-08"
 		modified = "2022-12-21"
 		reference = "https://blog.fortinet.com/2017/09/05/rehashed-rat-used-in-apt-campaign-against-vietnamese-organizations"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_rehashed_rat.yar#L69-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_rehashed_rat.yar#L69-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "46f21f11959f863c85a1cfac74a28ba86d5b9789fea5a428168d157c13cce022"
 		score = 75
 		quality = 85
@@ -268507,8 +268955,8 @@ rule SIGNATURE_BASE_MAL_Malware_Imphash_Mar23_1 : HIGHVOL FILE
 		date = "2023-03-20"
 		modified = "2023-03-22"
 		reference = "https://yaraify.abuse.ch/statistics/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_imphash_detection.yar#L4-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_imphash_detection.yar#L4-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "167dde6bd578cbfcc587d5853e7fc2904cda10e737ca74b31df52ba24db6e7bc"
 		hash = "0a25a78c6b9df52e55455f5d52bcb3816460001cae3307b05e76ac70193b0636"
 		hash = "d87a35decd0b81382e0c98f83c7f4bf25a2b25baac90c9dcff5b5a147e33bcc8"
@@ -268575,8 +269023,8 @@ rule SIGNATURE_BASE_HKTL_Imphashes_Aug22_1 : FILE
 		date = "2022-08-17"
 		modified = "2023-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_imphash_detection.yar#L93-L192"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_imphash_detection.yar#L93-L192"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e76701b889138f9635cfe3a2f08710db3a6f0a3c3a15faa705ff0904d0566a1f"
 		score = 80
 		quality = 85
@@ -268595,8 +269043,8 @@ rule SIGNATURE_BASE_SUSP_Imphash_Mar23_2 : HIGHVOL FILE
 		date = "2023-03-23"
 		modified = "2023-11-25"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_imphash_detection.yar#L194-L295"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_imphash_detection.yar#L194-L295"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "12bf2795f4a140adbaa0af6ad4b2508d398d8ba69e9dadb155f800b10f7458c4"
 		hash = "14ec56489fbcc3c7f1ef9a4d4a80ff302a5e233cdc4429a29c635a88fb1278d6"
 		hash = "13731912823d6ce01c28a8d7d7f961505f461620bb35adbb409d4954ba1f4b8e"
@@ -268646,8 +269094,8 @@ rule SIGNATURE_BASE_SUSP_Imphash_Mar23_3 : FILE
 		date = "2023-03-23"
 		modified = "2025-08-15"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_imphash_detection.yar#L297-L329"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_imphash_detection.yar#L297-L329"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b5296cf0eb22fba6e2f68d0c9de9ef7845f330f7c611a0d60007aa87e270c62a"
 		hash = "5a5a5f71c2270cea036cd408cde99f4ebf5e04a751c558650f5cb23279babe6d"
 		hash = "481b0d9759bfd209251eccb1848048ebbe7bd2c87c5914a894a5bffc0d1d67ff"
@@ -268676,8 +269124,8 @@ rule SIGNATURE_BASE_RAT_AAR
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/AAR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a206b3f5cf6cc870135bc267b5baab8333422dc917efce6c66ee907690592d09"
 		score = 75
 		quality = 85
@@ -268705,8 +269153,8 @@ rule SIGNATURE_BASE_RAT_Adzok
 		date = "2015-01-05"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Adzok"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L24-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L24-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ee3291a4396ba6cb3c5e22229de4f5e45714b29bfeac1c56bde6d038a9d25458"
 		score = 75
 		quality = 85
@@ -268737,8 +269185,8 @@ rule SIGNATURE_BASE_RAT_Ap0Calypse
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Ap0calypse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L50-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L50-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1ce90a5b1b3f643d4e530d6e00741f5d5918d3199cfbc4126cf8421a9e42023e"
 		score = 75
 		quality = 85
@@ -268766,8 +269214,8 @@ rule SIGNATURE_BASE_RAT_Arcom
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Arcom"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L72-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L72-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dbccd9885ba0ec5741e3c74908d2e76b15836bc75373c100f344abf9bdf3a0b4"
 		score = 75
 		quality = 85
@@ -268795,8 +269243,8 @@ rule SIGNATURE_BASE_RAT_Bandook
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/bandook"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L95-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L95-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fe658e0990f0d456b1a8f5acea62a3b80bdd4a9bc0eedfe2e1092ea60b4fca2e"
 		score = 75
 		quality = 85
@@ -268828,8 +269276,8 @@ rule SIGNATURE_BASE_RAT_Blacknix
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/BlackNix"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L122-L142"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L122-L142"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "de8787fd35e6313c061b8759361698b1acd54b215d226839a8702b1a5d189ccb"
 		score = 75
 		quality = 85
@@ -268856,8 +269304,8 @@ rule SIGNATURE_BASE_RAT_Blackshades : BLACKSHADES
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://blog.cylance.com/a-study-in-bots-blackshades-net"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L144-L161"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L144-L161"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "23f8d52cf92b594f9302d549cf54f37dc0a01b5686da74b72120a8072435abfe"
 		score = 75
 		quality = 85
@@ -268881,8 +269329,8 @@ rule SIGNATURE_BASE_RAT_Bluebanana
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/BlueBanana"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L163-L184"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L163-L184"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0d84bb63d56d876c8b2e7c8c8afeaba839fee41d2d38f16ac9a13e802008179e"
 		score = 75
 		quality = 85
@@ -268910,8 +269358,8 @@ rule SIGNATURE_BASE_RAT_Bozok
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Bozok"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L186-L206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L186-L206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9a2fcd11573654f0c91c0c0dec8938ca8319a23953a5043135cb0032562f9f53"
 		score = 75
 		quality = 75
@@ -268938,8 +269386,8 @@ rule SIGNATURE_BASE_RAT_Clientmesh : TORCT
 		date = "2014-01-06"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/ClientMesh"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L208-L228"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L208-L228"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "671da9586110726b1646d4365ccaa87982ec7c86b7d4d80b99dbb444496b936c"
 		score = 75
 		quality = 85
@@ -268966,8 +269414,8 @@ rule SIGNATURE_BASE_RAT_Cybergate
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/CyberGate"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L230-L254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L230-L254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6b3861ae5e6bd6478e9d8024b0e67a3ac1dbf31083b77477364c55b51d0ed9b5"
 		score = 75
 		quality = 85
@@ -268997,8 +269445,8 @@ rule SIGNATURE_BASE_RAT_Darkcomet
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/DarkComet"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L256-L282"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L256-L282"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "db139f754f89affc706e090a41bfcd30cf49f9d4e16ade89993ee170f92cf68b"
 		score = 75
 		quality = 85
@@ -269029,8 +269477,8 @@ rule SIGNATURE_BASE_RAT_Darkrat
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/DarkRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L284-L306"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L284-L306"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dccb473a3cf4478dd1dbf8b35ad564f59740676ecde90266a0dc15cbad89bfe7"
 		score = 75
 		quality = 85
@@ -269059,8 +269507,8 @@ rule SIGNATURE_BASE_RAT_Greame
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Greame"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L308-L331"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L308-L331"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4a1ce5f5847bdc01d286c1d9cd1e16ba2fd6b5bc56e6094cb1492882708e8e59"
 		score = 75
 		quality = 85
@@ -269090,8 +269538,8 @@ rule SIGNATURE_BASE_RAT_Hawkeye
 		date = "2015-01-06"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/HawkEye"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L333-L357"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L333-L357"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "db3a0fe5774f0d137e092a4eb9672a4518d0ef943a1a4619cb646a9ac9f74ee0"
 		score = 75
 		quality = 85
@@ -269122,8 +269570,8 @@ rule SIGNATURE_BASE_RAT_Imminent
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Imminent"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L359-L389"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L359-L389"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aebae753c119950b0b3f315c7279866caf15f4d482c0a47912c90885adcf6db2"
 		score = 75
 		quality = 85
@@ -269159,8 +269607,8 @@ rule SIGNATURE_BASE_RAT_Infinity
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Infinity"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L391-L414"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L391-L414"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c1f5381755af6cfbb10a4769757cdeffb9651bddc76bc4c8e9765ed44bf37fe6"
 		score = 75
 		quality = 85
@@ -269190,8 +269638,8 @@ rule SIGNATURE_BASE_RAT_Lostdoor
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/LostDoor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L440-L465"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L440-L465"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7ffa6f5cbeacca5a1e750e35d8296658d4e280078a61f94fd5f2d4b7c800bb44"
 		score = 75
 		quality = 85
@@ -269223,8 +269671,8 @@ rule SIGNATURE_BASE_RAT_Luminositylink
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/LuminosityLink"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L467-L493"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L467-L493"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5e70e3e0885d098f1ac2bcc324cd8ad2682fbfc395f189cabc4a4f97a0109682"
 		score = 75
 		quality = 60
@@ -269257,8 +269705,8 @@ rule SIGNATURE_BASE_RAT_Luxnet
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/LuxNet"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L495-L516"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L495-L516"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "55d872e2e30f6d55a6f91750bbb52675042e4673d712a4f2417af43b0f2c4fb9"
 		score = 75
 		quality = 85
@@ -269286,8 +269734,8 @@ rule SIGNATURE_BASE_RAT_Netwire
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/NetWire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L547-L569"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L547-L569"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6a4e757262c02dfe46ac28940b53a5695df2d242ccd4c16b42fbfdcf96072e91"
 		score = 75
 		quality = 60
@@ -269316,8 +269764,8 @@ rule SIGNATURE_BASE_RAT_Pandora
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Pandora"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L571-L599"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L571-L599"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d33598d0699bfb7e996047318099302c2c326e45d993a259c2bc145acf8cf54b"
 		score = 75
 		quality = 85
@@ -269352,8 +269800,8 @@ rule SIGNATURE_BASE_RAT_Paradox
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Paradox"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L601-L623"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L601-L623"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fef41262b78a497c65c7548c58d78ba8912725b28606fd9e99d1dbc19bdf7393"
 		score = 75
 		quality = 85
@@ -269382,8 +269830,8 @@ rule SIGNATURE_BASE_RAT_Plasma
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Plasma"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L625-L649"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L625-L649"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e73348d379c483a7917cf765a457739aed6940f180272fa8d0c0dd1eb8e5f562"
 		score = 75
 		quality = 85
@@ -269414,8 +269862,8 @@ rule SIGNATURE_BASE_RAT_Poisonivy
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/PoisonIvy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L651-L672"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L651-L672"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "874e0dfb22a03abc0f7fdc7209ff13b55dfa5dcc17db944903ca37a549eb331d"
 		score = 75
 		quality = 85
@@ -269443,8 +269891,8 @@ rule SIGNATURE_BASE_RAT_Predatorpain
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/PredatorPain"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L674-L702"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L674-L702"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "917234f83f891ad00bd83908c244818f517ea89cf7d8c81cfc3618b8386c1804"
 		score = 75
 		quality = 85
@@ -269479,8 +269927,8 @@ rule SIGNATURE_BASE_RAT_Punisher
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Punisher"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L704-L726"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L704-L726"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9347b8053393c3537693273c44a2a2f095928b8bc0cdcf9365a6f060d66efeb5"
 		score = 75
 		quality = 60
@@ -269509,8 +269957,8 @@ rule SIGNATURE_BASE_RAT_Pythorat
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/PythoRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L728-L751"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L728-L751"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8edcfb8f234ff225537d19343c75788ec2a25940e80042751eea3280a967e166"
 		score = 75
 		quality = 85
@@ -269540,8 +269988,8 @@ rule SIGNATURE_BASE_RAT_Qrat
 		date = "2015-01-08"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L753-L773"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L753-L773"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6d404153ca64b547885e4e4581205f5fc20faf86e8ab18002c5deedca2487225"
 		score = 75
 		quality = 85
@@ -269568,8 +270016,8 @@ rule SIGNATURE_BASE_RAT_Sakula : FILE
 		date = "2015-10-13"
 		modified = "2023-12-05"
 		reference = "http://blog.airbuscybersecurity.com/public/YFR/sakula_v1x.yara"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L775-L817"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L775-L817"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ec4e16deb6f4a671ee665c81568e87dc9a1023328e1be242eae015c1e04cfcef"
 		score = 75
 		quality = 85
@@ -269610,8 +270058,8 @@ rule SIGNATURE_BASE_RAT_Shadowtech : FILE
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/ShadowTech"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L819-L839"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L819-L839"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8ab024ae5ca62de30daf4392db5241220fcdb9b419bad555a996729aed9fa45d"
 		score = 75
 		quality = 83
@@ -269640,8 +270088,8 @@ rule SIGNATURE_BASE_RAT_Smallnet
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/SmallNet"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L841-L861"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L841-L861"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "17a6be371ce0c616cfea0b42a30e6d9118376912002d59790b133c73fd5436a3"
 		score = 75
 		quality = 85
@@ -269668,8 +270116,8 @@ rule SIGNATURE_BASE_RAT_Spygate
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/SpyGate"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L863-L890"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L863-L890"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5b891212f3a669c6066cfddef418faafd75c92bb2f1e8e1f48403422a73bc9fa"
 		score = 75
 		quality = 83
@@ -269703,8 +270151,8 @@ rule SIGNATURE_BASE_RAT_Sub7Nation
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Sub7Nation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L892-L913"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L892-L913"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bd6c423cd5cb5a86b20e5e65ab460904548b8814c92ac65e497757bb79a27681"
 		score = 75
 		quality = 85
@@ -269732,8 +270180,8 @@ rule SIGNATURE_BASE_RAT_Vertex
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Vertex"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L915-L938"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L915-L938"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c9fb0dedd97240ad29924865118ba34f5d79dbefbb13729d96d41336ec4de39e"
 		score = 75
 		quality = 85
@@ -269763,8 +270211,8 @@ rule SIGNATURE_BASE_RAT_Virusrat
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/VirusRat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L940-L967"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L940-L967"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8540296fe1341a793377494cec9ba6ee0313203bee9997f0da0b692959727c59"
 		score = 75
 		quality = 85
@@ -269798,8 +270246,8 @@ rule SIGNATURE_BASE_RAT_Xtreme
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/Xtreme"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L969-L990"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L969-L990"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4dec8de6609f8229444291a78e920ac48b9b5751dd0cad7c95bc6529d6f8c16c"
 		score = 75
 		quality = 85
@@ -269827,8 +270275,8 @@ rule SIGNATURE_BASE_RAT_Adwind
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/adWind"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L992-L1011"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L992-L1011"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "11167b927fa06324950753c6ec8f28058f2aa66fb4ecdf66a21de11a8db190b8"
 		score = 75
 		quality = 85
@@ -269854,8 +270302,8 @@ rule SIGNATURE_BASE_RAT_Njrat
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/njRat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L1013-L1036"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L1013-L1036"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "47e8cc71caaefd70a170eb8fc845cb7ddb8df04b90163fe35f1ccb9a3f614c57"
 		score = 75
 		quality = 85
@@ -269884,8 +270332,8 @@ rule SIGNATURE_BASE_RAT_Unrecom
 		date = "2014-01-04"
 		modified = "2023-12-05"
 		reference = "http://malwareconfig.com/stats/unrecom"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L1038-L1058"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L1038-L1058"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "15ab9ee2f3fd825e91813a185bc5c7d7e790de39cd3e88c375b801d1412a08f4"
 		score = 75
 		quality = 85
@@ -269912,8 +270360,8 @@ rule SIGNATURE_BASE_MAL_JRAT_Oct18_1 : FILE
 		date = "2018-10-11"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rats_malwareconfig.yar#L1060-L1072"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rats_malwareconfig.yar#L1060-L1072"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7c652f3943ae7639633b82663f639adb7dea1bae9e617a14710fb6e448cfdbee"
 		score = 75
 		quality = 85
@@ -269935,8 +270383,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_Customlokitools : FILE
 		date = "2017-03-15"
 		modified = "2017-03-22"
 		reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_moonlightmaze.yar#L11-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_moonlightmaze.yar#L11-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "14cce7e641d308c3a177a8abb5457019"
 		hash = "a3164d2bbc45fb1eef5fde7eb8b245ea"
 		hash = "dabee9a7ea0ddaf900ef1e3e166ffe8a"
@@ -269973,8 +270421,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_Customsniffer
 		date = "2017-03-15"
 		modified = "2023-12-05"
 		reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_moonlightmaze.yar#L50-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_moonlightmaze.yar#L50-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7b86f40e861705d59f5206c482e1f2a5"
 		hash = "927426b558888ad680829bd34b0ad0e7"
 		logic_hash = "5ccf9035adc16393db4b3d461f7a20f86f538275d7806280a15508c15d9c805c"
@@ -270004,8 +270452,8 @@ rule SIGNATURE_BASE_Loki2Crypto
 		date = "2017-03-21"
 		modified = "2023-12-05"
 		reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_moonlightmaze.yar#L82-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_moonlightmaze.yar#L82-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "19fbd8cbfb12482e8020a887d6427315"
 		hash = "ea06b213d5924de65407e8931b1e4326"
 		hash = "14ecd5e6fc8e501037b54ca263896a11"
@@ -270032,8 +270480,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_De_Tool
 		date = "2017-03-27"
 		modified = "2017-03-27"
 		reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_moonlightmaze.yar#L111-L137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_moonlightmaze.yar#L111-L137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4bc7ed168fb78f0dc688ee2be20c9703"
 		hash = "8b56e8552a74133da4bc5939b5f74243"
 		logic_hash = "f658e1aa2ddb84fe3c1de7c7c00f2148d232cf2b3381c298420abfc382c02986"
@@ -270059,8 +270507,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_Cle_Tool
 		date = "2017-03-27"
 		modified = "2017-03-27"
 		reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_moonlightmaze.yar#L140-L167"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_moonlightmaze.yar#L140-L167"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "647d7b711f7b4434145ea30d0ef207b0"
 		logic_hash = "a4bbd7be617b944a656fa58ca9ec6384f624c95250de6b8a6ba63e7c3387484c"
 		score = 75
@@ -270088,8 +270536,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_Xk_Keylogger
 		date = "2017-03-27"
 		modified = "2017-03-27"
 		reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_moonlightmaze.yar#L170-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_moonlightmaze.yar#L170-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b2acdef9c8e545f4ab217f529a7e4a3e74723b27ec89896f98639fd40792bcc8"
 		score = 75
 		quality = 35
@@ -270122,8 +270570,8 @@ rule SIGNATURE_BASE_Apt_RU_Moonlightmaze_Encrypted_Keylog : FILE
 		date = "2017-03-27"
 		modified = "2017-03-27"
 		reference = "https://en.wikipedia.org/wiki/Moonlight_Maze"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_moonlightmaze.yar#L204-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_moonlightmaze.yar#L204-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "593f6f2148ddb52e2beee72a48135cd83f126edfdb263b471432d17273e536db"
 		score = 75
 		quality = 85
@@ -270145,8 +270593,8 @@ rule SIGNATURE_BASE_Hiddencobra_BANKSHOT_Gen : FILE
 		date = "2017-12-26"
 		modified = "2022-06-10"
 		reference = "https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hiddencobra_bankshot.yar#L11-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hiddencobra_bankshot.yar#L11-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "db4d396736ab42942f1a11a819419410e388b011e8992ad187c2f484d637c99c"
 		score = 75
 		quality = 83
@@ -270200,8 +270648,8 @@ rule SIGNATURE_BASE_Unauthorized_Proxy_Server_RAT
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/HIDDEN-COBRA-North-Korean-Malicious-Cyber-Activity"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hiddencobra_bankshot.yar#L67-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hiddencobra_bankshot.yar#L67-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7ede26272ddcb25dca2b44ff08b232f358078872f6cf76491b0fd8d65772c60d"
 		score = 75
 		quality = 85
@@ -270237,8 +270685,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Auct_Dez16_Strings : FILE
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L11-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L11-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3c632d90c5b26b840b267647faf453f85496b78c900910ad22896698c553c949"
 		score = 60
 		quality = 60
@@ -270305,8 +270753,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Violetspirit
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L73-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L73-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "01a45feb5c9f9cfe8834306993c53b1e53d79b89b07106ffec0c81cdebb8b71c"
 		score = 75
 		quality = 85
@@ -270329,8 +270777,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Gr_Gr
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L88-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L88-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "facce45a335d7ca799d68fc26ee2bf5682cec0914502482189cd6aa496cba489"
 		score = 75
 		quality = 85
@@ -270353,8 +270801,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Yellowspirit
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L103-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L103-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "698b23cc4cc6f319ddef7a93cf7ddc83ffae1d2c2b0a9545011b51e381f8cd0c"
 		score = 75
 		quality = 85
@@ -270378,8 +270826,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Eleganteagle_Opscript_1_0_0
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L119-L132"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L119-L132"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3df5ba1a497ffe5306ed7966f25f69c30a5191e935c5638869a62b3cb2324f70"
 		score = 75
 		quality = 85
@@ -270402,8 +270850,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Opscript
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L134-L147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L134-L147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "23dd6d537a8639bd84ede141cca577dc91328bd293f96f865c7dedd9ef693ee3"
 		score = 75
 		quality = 85
@@ -270426,8 +270874,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Shentysdelight
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L149-L162"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L149-L162"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1acfb6aea7e208b7fd52325258219c162482deb4fa7ee87ddc4de0774e3e74f4"
 		score = 75
 		quality = 85
@@ -270450,8 +270898,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Epichero
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L164-L178"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L164-L178"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "36dc38f2dd630f22b87e8d9130de7d40ee3cdba45597b2b667a1a9536d990aad"
 		score = 75
 		quality = 85
@@ -270475,8 +270923,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L180-L193"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L180-L193"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8135c07b8c217e81f7618d58c9c3da6585cdb9b8f7afab85bb6556c5b846ba64"
 		score = 75
 		quality = 85
@@ -270499,8 +270947,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Dubmoat
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L195-L209"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L195-L209"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "368c0a6a1db0003e3a2e4ec5e42a5b5563ea1c2cb89db1751226891e1f7181d8"
 		score = 75
 		quality = 85
@@ -270524,8 +270972,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Strifeworld
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L211-L225"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L211-L225"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2b113b042fd62109ee3ee39515fbd22f3898abf320d75f1288ea88e40b3444c0"
 		score = 75
 		quality = 85
@@ -270549,8 +270997,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Pork
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L227-L242"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L227-L242"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c3f9f90f83f3672b101e52f36012c485c29840cf0b2ced00087fb27725fd1545"
 		score = 75
 		quality = 85
@@ -270575,8 +271023,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Ebbisland
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L244-L258"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L244-L258"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0a45ea3cd6aeea9299ef67ae82c9f4bf929a961695e7cce344aa1737fa4c07b0"
 		score = 75
 		quality = 85
@@ -270600,8 +271048,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Stoicsurgeon
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L260-L273"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L260-L273"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "322599ba7d5536b7f0856980a6caab86de66c02da75bf55e97bf129d08c43031"
 		score = 75
 		quality = 85
@@ -270624,8 +271072,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Elgingamble
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L275-L288"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L275-L288"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2f4dd668c59244e92ebfe0e2fc2859b2376cf1dd6fc6522e8f452787aa96365f"
 		score = 75
 		quality = 85
@@ -270648,8 +271096,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_README_Cup
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L290-L304"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L290-L304"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bd05a23ce29be88c1a459358c984e1317cf56d21e5b378624af644fb2b41931d"
 		score = 75
 		quality = 85
@@ -270673,8 +271121,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Nopen_Oneshot
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L306-L319"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L306-L319"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "19aa32aafaaccc6697bbaff642d996554eccf2261d23071cfb8599ea0eea628b"
 		score = 75
 		quality = 85
@@ -270697,8 +271145,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Earlyshovel
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L321-L334"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L321-L334"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "396810b439ac53f393ad37a8acbd7236f8325730c75c1a6339e4c6343ecade7a"
 		score = 75
 		quality = 85
@@ -270721,8 +271169,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_User_Tool_Envisioncollision
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L336-L352"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L336-L352"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "36b2a20ef3a6540a686d7f52c8c885842fd84ba7c7daa74c21e241e25826030e"
 		score = 75
 		quality = 85
@@ -270748,8 +271196,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Gen_Readme1
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L356-L372"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L356-L372"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "171d3df191e5c9ae4a4afc3a878cc25548238046b8c4c52dbb9ca4431aae45b0"
 		score = 75
 		quality = 85
@@ -270775,8 +271223,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Gen_Readme2
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L374-L389"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L374-L389"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eb68c415d64d1db3d4bb0f4ad994bd050cb2287e4dc7b3ac57549f818a7914d8"
 		score = 75
 		quality = 85
@@ -270801,8 +271249,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Gen_Readme3
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L391-L411"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L391-L411"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "968ec80f26750ac734ad9e296b5afb35867f6c53de1e88f7c8af78daeac24b61"
 		score = 75
 		quality = 85
@@ -270832,8 +271280,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbroker_Gen_Readme4
 		date = "2016-12-17"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message6/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_dec16.yar#L413-L429"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_dec16.yar#L413-L429"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c19c77d7e7e26e01a9a50fd67cc0a7fd05069def878bf18726c3e115df307cb2"
 		score = 75
 		quality = 85
@@ -270859,8 +271307,8 @@ rule SIGNATURE_BASE_REGEORG_Tuneller_Generic : FILE
 		date = "2021-12-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/unc3524-eye-spy-email"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/webshell_regeorg.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/webshell_regeorg.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ba22992ce835dadcd06bff4ab7b162f9"
 		logic_hash = "1657928875c3cd2d5bf774929b0497d78f0211b321f8a4138cc9b8c80b9f99d6"
 		score = 75
@@ -270890,8 +271338,8 @@ rule SIGNATURE_BASE_Scanbox_Malware_Generic
 		date = "2015-02-28"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/WXUQcP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_scanbox_deeppanda.yar#L2-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_scanbox_deeppanda.yar#L2-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5f521d3f000fb39e5e3b08657e75219e93fb3bb8ffbbdbd70f471928a56bef27"
 		score = 75
 		quality = 85
@@ -270924,8 +271372,8 @@ rule SIGNATURE_BASE_Mirai_Botnet_Malware : FILE
 		date = "2016-10-04"
 		modified = "2023-01-27"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_mirai.yar#L10-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_mirai.yar#L10-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "384f8377ca05296da1177a8939f526069fbad0bb73769bd282d81ea4d876003c"
 		score = 75
 		quality = 83
@@ -270969,8 +271417,8 @@ rule SIGNATURE_BASE_Mirai_1_May17 : FILE
 		date = "2017-05-12"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_mirai.yar#L62-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_mirai.yar#L62-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6816ab3b455bbde6c4bb43bff162615d7fc24b9d5828faa190600387c38978e1"
 		score = 75
 		quality = 85
@@ -270996,8 +271444,8 @@ rule SIGNATURE_BASE_Miari_2_May17 : FILE
 		date = "2017-05-12"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_mirai.yar#L80-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_mirai.yar#L80-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "138a7d0c5508f0168f09329e97f00d0aacef17297558338cd88a9dc3ddddfee3"
 		score = 75
 		quality = 85
@@ -271026,8 +271474,8 @@ rule SIGNATURE_BASE_MAL_ELF_LNX_Mirai_Oct10_1 : FILE
 		date = "2018-10-27"
 		modified = "2023-01-27"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_mirai.yar#L101-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_mirai.yar#L101-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d16ed12522b310fccab027355281a206f5087d555f0d1fef4e7746d01d085613"
 		score = 75
 		quality = 85
@@ -271053,8 +271501,8 @@ rule SIGNATURE_BASE_MAL_ELF_LNX_Mirai_Oct10_2 : FILE
 		date = "2018-10-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_mirai.yar#L124-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_mirai.yar#L124-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "47d20bdf64c18c925dc1391b022278f913b7fbce13988a7b5de2e9d135c5a265"
 		score = 75
 		quality = 85
@@ -271078,8 +271526,8 @@ rule SIGNATURE_BASE_MAL_Mirai_Nov19_1 : FILE
 		date = "2019-11-13"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/bad_packets/status/1194049104533282816"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_mirai.yar#L140-L157"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_mirai.yar#L140-L157"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e1202a9cd445c590c359a9c93e635292f8cf7f09291f4d8504ad9ce6679f6a47"
 		score = 75
 		quality = 85
@@ -271106,8 +271554,8 @@ rule SIGNATURE_BASE_MAL_ARM_LNX_Mirai_Mar13_2022 : FILE
 		date = "2022-03-16"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_mirai.yar#L159-L181"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_mirai.yar#L159-L181"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a44a6174a198a658c8a5e2da50192da20bae7f8ed4e4f212c9eebb29fa4b0dd0"
 		score = 75
 		quality = 85
@@ -271140,8 +271588,8 @@ rule SIGNATURE_BASE_Dridex_Trojan_XML
 		date = "2015-03-08"
 		modified = "2023-12-05"
 		reference = "https://threatpost.com/dridex-banking-trojan-spreading-via-macros-in-xml-files/111503"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_dridex_xml.yar#L1-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_dridex_xml.yar#L1-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "25b6340d782ee20723b2f17f3434a0b27b1561ab22d5a8f859e97e0ac126f651"
 		score = 75
 		quality = 85
@@ -271173,8 +271621,8 @@ rule SIGNATURE_BASE_WEBSHELL_H4Ntu_Shell_Powered_Tsoi_3
 		modified = "2025-03-21"
 		old_rule_name = "Webshell_h4ntu_shell_powered_by_tsoi_"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L32-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L32-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "06ed0b2398f8096f1bebf092d0526137"
 		logic_hash = "871e9a057ca3920fcebaec5c2555c2d936d813c0d8bb2a6a69726dee7a796ff8"
 		score = 70
@@ -271199,8 +271647,8 @@ rule SIGNATURE_BASE_WEBSHELL_H4Ntu_Shell_Powered_Tsoi : FILE
 		modified = "2025-03-21"
 		old_rule_name = "Webshell_h4ntu_shell__powered_by_tsoi_"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L48-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L48-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "06ed0b2398f8096f1bebf092d0526137"
 		logic_hash = "3d9b568a66f3e6933b385fed30921883dd7be17863670c648702ae3403b6e8a1"
 		score = 80
@@ -271223,8 +271671,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Sql
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L65-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L65-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2cf20a207695bbc2311a998d1d795c35"
 		logic_hash = "83049c3c5bce88d239b59accb173e234c3169f59187de17b7e6c2a0aa58a552f"
 		score = 70
@@ -271248,8 +271696,8 @@ rule SIGNATURE_BASE_Webshell_PHP_A
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L80-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L80-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e3b461f7464d81f5022419d87315a90d"
 		logic_hash = "6bdd5fbe9b16f2d84b884239cf3b6453587933c6b0c4308508d10019b4f36e38"
 		score = 70
@@ -271274,8 +271722,8 @@ rule SIGNATURE_BASE_Webshell_Imhapftp_2
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L96-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L96-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "12911b73bc6a5d313b494102abcf5c57"
 		logic_hash = "9099504870c1e466808060f11aea38472832846d24e3c84fdd69b7d26bfed69d"
 		score = 70
@@ -271299,8 +271747,8 @@ rule SIGNATURE_BASE_Webshell_Jspspyweb
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L111-L125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L111-L125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4e9be07e95fff820a9299f3fb4ace059"
 		logic_hash = "491d9c4efee27469f2a26f6fcb7f7c768eac60977e640096ea5f78ff346e7fbe"
 		score = 70
@@ -271324,8 +271772,8 @@ rule SIGNATURE_BASE_Webshell_Safe_Mode_Bypass_PHP_4_4_2_And_PHP_5_1_2
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L126-L140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L126-L140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "49ad9117c96419c35987aaa7e2230f63"
 		logic_hash = "d3d27d80f5f3adbc050a59d0c25953ec5d634344b5d051a4abdf4eeed3b8b035"
 		score = 70
@@ -271349,8 +271797,8 @@ rule SIGNATURE_BASE_Webshell_Simattacker_Vrsion_1_0_0_Priv8_4_My_Friend
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L141-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L141-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "089ff24d978aeff2b4b2869f0c7d38a3"
 		logic_hash = "fc553942b06b305f7b0d5b072a8d4517b0e51229545440ea9c43e9be01d64efa"
 		score = 70
@@ -271374,8 +271822,8 @@ rule SIGNATURE_BASE_Webshell_Phpshell_2_1_Pwhash
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L156-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L156-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ba120abac165a5a30044428fac1970d8"
 		logic_hash = "616c0570550cdb9394b5675864d4eec3fa62390f880817406b2a3b63952b69f0"
 		score = 70
@@ -271399,8 +271847,8 @@ rule SIGNATURE_BASE_Webshell_Phpremoteview
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L171-L185"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L171-L185"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "29420106d9a81553ef0d1ca72b9934d9"
 		logic_hash = "2de48b8640c0f2089a4a0badb4429127cb61ac972459290041e20b959e4e0c05"
 		score = 70
@@ -271424,8 +271872,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_12302
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L186-L201"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L186-L201"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a3930518ea57d899457a62f372205f7f"
 		logic_hash = "0959a138abc791f17344e25e84b24888ddfe238981fc7e3ffd76c0390006ea46"
 		score = 70
@@ -271450,8 +271898,8 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_Guo
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L202-L216"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L202-L216"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9e69a8f499c660ee0b4796af14dc08f0"
 		logic_hash = "efb7055f42dd6be41ea3983cacea1a70b83675c8ebcb88ae3b250066a29e94eb"
 		score = 70
@@ -271475,8 +271923,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Redcod
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L217-L231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L217-L231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5c1c8120d82f46ff9d813fbe3354bac5"
 		logic_hash = "eddfd90d27793756bcc685ffe33b2dabc3bb28b9654c33a0f99359e8b6f13678"
 		score = 70
@@ -271500,8 +271948,8 @@ rule SIGNATURE_BASE_Webshell_Remview_Fix
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L232-L246"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L232-L246"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a24b7c492f5f00e2a19b0fa2eb9c3697"
 		logic_hash = "0b29ef74fb0786aefe99281360dc4fe27005eac345a36bc14259afa6fc555303"
 		score = 70
@@ -271525,8 +271973,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Cmd
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L247-L262"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L247-L262"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "895ca846858c315a3ff8daa7c55b3119"
 		logic_hash = "8e72b54267c2f83b288cdd43ccd56ae4ab1f95c17f4dde077e637d951df54866"
 		score = 70
@@ -271551,8 +271999,8 @@ rule SIGNATURE_BASE_Webshell_Php_Sh_Server
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L263-L276"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L263-L276"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d87b019e74064aa90e2bb143e5e16cfa"
 		logic_hash = "9f4d940a381e7bd298a252f485d5f1d26fd191c27f6e86e8fa6028237592a8c3"
 		score = 50
@@ -271575,8 +272023,8 @@ rule SIGNATURE_BASE_Webshell_PH_Vayv_PH_Vayv
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L277-L291"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L277-L291"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "35fb37f3c806718545d97c6559abd262"
 		logic_hash = "8769400b7b6828849f27092d790d291721c7e1b39dfd2080de5da8e59dd25523"
 		score = 70
@@ -271600,8 +272048,8 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_Ice
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L292-L305"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L292-L305"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6560b436d3d3bb75e2ef3f032151d139"
 		logic_hash = "d92cc9ac8630b40f23b9ff7cda5a237b4885d30de4b9b497be7512e7eb020a09"
 		score = 70
@@ -271624,8 +272072,8 @@ rule SIGNATURE_BASE_Webshell_Cihshell_Fix
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L306-L320"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L306-L320"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3823ac218032549b86ee7c26f10c4cb5"
 		logic_hash = "59ae76d6828d8c0ddcbafa19063e6dcf25c826386f46df2b8f9674b628365a2b"
 		score = 70
@@ -271649,8 +272097,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Shell
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L321-L335"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L321-L335"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e63f5a96570e1faf4c7b8ca6df750237"
 		logic_hash = "5cc698e4ff23ca296b339589d12c24e67c99272e73445604a4552d3023e19636"
 		score = 70
@@ -271674,8 +272122,8 @@ rule SIGNATURE_BASE_Webshell_Private_I3Lue
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L336-L349"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L336-L349"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "13f5c7a035ecce5f9f380967cf9d4e92"
 		logic_hash = "274586f2c451eda45c3a52b615961dbba806f8d25e34cc358e661fcfd1143d08"
 		score = 70
@@ -271698,8 +272146,8 @@ rule SIGNATURE_BASE_Webshell_Php_Up
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L350-L365"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L350-L365"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7edefb8bd0876c41906f4b39b52cd0ef"
 		logic_hash = "22f444ce4068f46c0b57e566faca0c6377346e403de592b0e51869781fda31a9"
 		score = 70
@@ -271724,8 +272172,8 @@ rule SIGNATURE_BASE_Webshell_Mysql_Interface_V1_0
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L366-L379"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L366-L379"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a12fc0a3d31e2f89727b9678148cd487"
 		logic_hash = "baa938c4cfd2c46b1752d866e186d76a04c353617d8ec3e0d78a3c546b120d13"
 		score = 70
@@ -271748,8 +272196,8 @@ rule SIGNATURE_BASE_Webshell_Php_S_U
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L380-L393"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L380-L393"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "efc7ba1a4023bcf40f5e912f1dd85b5a"
 		logic_hash = "3c6904fa475784e737275fd47eabea077bed57e920071c68fa09f7defecbdb72"
 		score = 70
@@ -271772,8 +272220,8 @@ rule SIGNATURE_BASE_Webshell_Phpshell_2_1_Config
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L394-L407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L394-L407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bd83144a649c5cc21ac41b505a36a8f3"
 		logic_hash = "51d16bcaef5f6795ebcd1154dca79d5cf5a389948b0e59f4939c30fef877e816"
 		score = 70
@@ -271796,8 +272244,8 @@ rule SIGNATURE_BASE_Webshell_Asp_EFSO_2
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L408-L421"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L408-L421"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a341270f9ebd01320a7490c12cb2e64c"
 		logic_hash = "19bd00fabe0b4695129c180dd145e757e0b2c2a6dad751e8c889222c191e03ce"
 		score = 70
@@ -271820,8 +272268,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Up
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L422-L435"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L422-L435"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "515a5dd86fe48f673b72422cccf5a585"
 		logic_hash = "77c8121d000c45e44717689dec535fde7c9722005d1e4ff40d0b84abcf289f47"
 		score = 70
@@ -271844,8 +272292,8 @@ rule SIGNATURE_BASE_Webshell_Networkfilemanagerphp
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L436-L449"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L436-L449"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "acdbba993a5a4186fd864c5e4ea0ba4f"
 		logic_hash = "235e4062a9b9ebdf7dd0b8a2cb3b16ba7688a75b90d8c527344cf9605304838d"
 		score = 70
@@ -271868,8 +272316,8 @@ rule SIGNATURE_BASE_Webshell_Server_Variables
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L450-L464"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L450-L464"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "47fb8a647e441488b30f92b4d39003d7"
 		logic_hash = "2a85301f1d6e4c457ff0a1b2a08eb6f054905993a0667087f37b9a7352e38911"
 		score = 70
@@ -271893,8 +272341,8 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_Ice_2
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L465-L478"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L465-L478"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1d6335247f58e0a5b03e17977888f5f2"
 		logic_hash = "57c3c369abd826d676290300d8df2d890b777fa1f0e1156654062159a4228db7"
 		score = 70
@@ -271917,8 +272365,8 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_Mdb
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L479-L492"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L479-L492"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fbf3847acef4844f3a0d04230f6b9ff9"
 		logic_hash = "89f7692acd754992f9379b9b4661a01d6ab95cb85a3c2699928aa5ed3a3ac8c5"
 		score = 70
@@ -271941,8 +272389,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Guige
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L493-L506"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L493-L506"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2c9f2dafa06332957127e2c713aacdd2"
 		logic_hash = "9d71095b5c709dfdd8b5fcebcaa4493d9c93e841e85cda2e2255e0c15ea83659"
 		score = 70
@@ -271965,8 +272413,8 @@ rule SIGNATURE_BASE_Webshell_Phpspy2010
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L507-L522"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L507-L522"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "14ae0e4f5349924a5047fed9f3b105c5"
 		logic_hash = "b3acef196b30cf9afe24c81860bedff69fc5652c514aa36aba85d16b12bcc432"
 		score = 70
@@ -271991,8 +272439,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Ice
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L523-L536"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L523-L536"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d141e011a92f48da72728c35f1934a2b"
 		logic_hash = "524419e802d3cb6ac310565af22ec28044984aa4b1b2ee1cfbd292afd071709c"
 		score = 70
@@ -272015,8 +272463,8 @@ rule SIGNATURE_BASE_Webshell_Drag_System
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L537-L550"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L537-L550"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "15ae237cf395fb24cf12bff141fb3f7c"
 		logic_hash = "8ea8d9d64521f47f1396e4f4d6c8f4a71fa1a643799ec408e1d2e0f255dc4996"
 		score = 70
@@ -272039,8 +272487,8 @@ rule SIGNATURE_BASE_Webshell_Darkblade1_3_Asp_Indexx
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L551-L564"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L551-L564"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b7f46693648f534c2ca78e3f21685707"
 		logic_hash = "57cfe09d53d42ee9d909a3894b8a3362209c1972c7d96ae5fdc61681c2998a89"
 		score = 70
@@ -272063,8 +272511,8 @@ rule SIGNATURE_BASE_Webshell_Phpshell3
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L565-L580"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L565-L580"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "76117b2ee4a7ac06832d50b2d04070b8"
 		logic_hash = "868b1b69fab3ec6fcfa15557075f313f4af0ec9cd15f41bb9dcc9bc26fc17f93"
 		score = 70
@@ -272089,8 +272537,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Hsxa
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L581-L594"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L581-L594"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d0e05f9c9b8e0b3fa11f57d9ab800380"
 		logic_hash = "7f79b66d87f638bc09ee576de4dc4a8c5b1da7c406d318eeff7a4221c35d2313"
 		score = 70
@@ -272113,8 +272561,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Utils
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L595-L609"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L595-L609"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9827ba2e8329075358b8e8a53e20d545"
 		logic_hash = "90a5b64e59306bdffc5a89f5d86a2dc7a17669021d863e2a5ecea13d65c19053"
 		score = 70
@@ -272138,8 +272586,8 @@ rule SIGNATURE_BASE_Webshell_Asp_01
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L610-L623"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L610-L623"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "61a687b0bea0ef97224c7bd2df118b87"
 		logic_hash = "e057800013a9a8f4c3ecbe4e27c14e904700548e6ad9dc1f00313c7a3de7fd2d"
 		score = 50
@@ -272162,8 +272610,8 @@ rule SIGNATURE_BASE_Webshell_Asp_404
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L624-L637"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L624-L637"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d9fa1e8513dbf59fa5d130f389032a2d"
 		logic_hash = "3db951af36ed3d08bc10b4c3fc2e67481f005580fb76f66b6ec5789ed6e2efdb"
 		score = 70
@@ -272186,8 +272634,8 @@ rule SIGNATURE_BASE_Webshell_Webshell_Cnseay02_1
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L638-L651"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L638-L651"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "95fc76081a42c4f26912826cb1bd24b1"
 		logic_hash = "9950fb7c26dfb25665093dbcf5c4a9dcf65466783509a3caa11c2c96d177d855"
 		score = 70
@@ -272210,8 +272658,8 @@ rule SIGNATURE_BASE_Webshell_Php_Fbi
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L652-L665"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L652-L665"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1fb32f8e58c8deb168c06297a04a21f1"
 		logic_hash = "de8584ae83ee3e23f4ce00ccd73f75b4568d6a4544af45b83784a9a0c34d42e3"
 		score = 70
@@ -272234,8 +272682,8 @@ rule SIGNATURE_BASE_Webshell_B374Kphp_B374K
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L666-L682"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L666-L682"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bed7388976f8f1d90422e8795dff1ea6"
 		logic_hash = "1f0fc5e309dd67a11d6ba9b698fd9ca3c7e6616545c220de79aaa3b63f0ad931"
 		score = 70
@@ -272261,8 +272709,8 @@ rule SIGNATURE_BASE_Webshell_Cmd_Asp_5_1
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L683-L696"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L683-L696"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8baa99666bf3734cbdfdd10088e0cd9f"
 		logic_hash = "1ff4ae8c08cec4605594e97d6c077d4808d3a73c04ddf6a51952252dd2d01cf4"
 		score = 70
@@ -272285,8 +272733,8 @@ rule SIGNATURE_BASE_Webshell_Php_Dodo_Zip
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L697-L711"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L697-L711"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b7800364374077ce8864796240162ad5"
 		logic_hash = "bdeffafdedeadaba36c5c67f981c42d6111b954622780b930e9eeb9956c638b5"
 		score = 70
@@ -272310,8 +272758,8 @@ rule SIGNATURE_BASE_Webshell_Azrailphp_V1_0
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L712-L726"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L712-L726"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "26b2d3943395682e36da06ed493a3715"
 		logic_hash = "d0ccf9e37e378db4523d7918b30cff358115e7a4c36fad55a75f3aff218563c6"
 		score = 70
@@ -272335,8 +272783,8 @@ rule SIGNATURE_BASE_Webshell_Php_List
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L727-L742"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L727-L742"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "922b128ddd90e1dc2f73088956c548ed"
 		logic_hash = "007f9307493bca71dcbdcf6ba6c45bf36899e8f636ccbd09c26453cb0aea0847"
 		score = 70
@@ -272361,8 +272809,8 @@ rule SIGNATURE_BASE_Webshell_Ironshell
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L743-L757"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L743-L757"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8bfa2eeb8a3ff6afc619258e39fded56"
 		logic_hash = "7e4916010a33383cfc3cbbcd5d575ac2f3a579220b66bd07e3121f3db30da66d"
 		score = 70
@@ -272386,8 +272834,8 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_404
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L758-L771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L758-L771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ee94952dc53d9a29bdf4ece54c7a7aa7"
 		logic_hash = "0743d18bc5066c96cca8cc0883971d3bc876e6c2fbb996e55b6930c715e07395"
 		score = 70
@@ -272410,8 +272858,8 @@ rule SIGNATURE_BASE_Webshell_ASP_Aspydrv
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L772-L785"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L772-L785"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "de0a58f7d1e200d0b2c801a94ebce330"
 		logic_hash = "a4a6205ace49778ddc421b0f0e65c576e2ffe40ce2ab84debb939d5324420405"
 		score = 70
@@ -272434,8 +272882,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Web
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L786-L799"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L786-L799"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4bc11e28f5dccd0c45a37f2b541b2e98"
 		logic_hash = "ed0ace0ba5f8a9e763353c42e3e3a39da10596e8517aad33e5c5080b44e4d61a"
 		score = 70
@@ -272458,8 +272906,8 @@ rule SIGNATURE_BASE_Webshell_Mysqlwebsh
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L800-L813"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L800-L813"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "babfa76d11943a22484b3837f105fada"
 		logic_hash = "365d19c086b3bbb98cbe1e1ed1e7522ce98dc2614a39c747717c277cebef33d2"
 		score = 70
@@ -272482,8 +272930,8 @@ rule SIGNATURE_BASE_Webshell_Jspshell
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L814-L828"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L814-L828"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0d5b5a17552254be6c1c8f1eb3a5fdc1"
 		logic_hash = "058ddd64b142cada7144b9befa81ada314b72e6f23524d98efcb10136c23ed33"
 		score = 70
@@ -272507,8 +272955,8 @@ rule SIGNATURE_BASE_Webshell_Dx_Dx
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L829-L843"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L829-L843"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9cfe372d49fe8bf2fac8e1c534153d9b"
 		logic_hash = "c2eddf58b25caff79460ab9a87ac0573d483866a87c1b1ec0984afce2c22b29f"
 		score = 70
@@ -272532,8 +272980,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Ntdaddy
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L844-L858"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L844-L858"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c5e6baa5d140f73b4e16a6cfde671c68"
 		logic_hash = "7237eb7233c6affcc1f67a764f704b7d7e1d13f71c64893286c6c99318cc7c3e"
 		score = 70
@@ -272557,8 +273005,8 @@ rule SIGNATURE_BASE_Webshell_Mysql_Web_Interface_Version_0_8
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L859-L872"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L859-L872"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "36d4f34d0a22080f47bb1cb94107c60f"
 		logic_hash = "680d4368804ad21e46dbe400563beca3ef724711b5432dccce1276ecadc04f2c"
 		score = 70
@@ -272581,8 +273029,8 @@ rule SIGNATURE_BASE_Webshell_Elmaliseker_2
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L873-L887"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L873-L887"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b32d1730d23a660fd6aa8e60c3dc549f"
 		logic_hash = "ca300cd142b3c8b820d3b5f5a56eeb834d9acb1d85916b932bd67fb4a25f4ed0"
 		score = 70
@@ -272606,8 +273054,8 @@ rule SIGNATURE_BASE_Webshell_ASP_Remexp
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L888-L902"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L888-L902"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "aa1d8491f4e2894dbdb91eec1abc2244"
 		logic_hash = "7a3b35c4a16f26167180cea81f67de101edabb9b35479f7e5acae7f3fe07f304"
 		score = 70
@@ -272631,8 +273079,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_List1
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L903-L917"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L903-L917"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8d9e5afa77303c9c01ff34ea4e7f6ca6"
 		logic_hash = "61ecafe477d98c5eb6887a9ff50960fc28b84512d09a36c02588159b08b395a4"
 		score = 70
@@ -272656,8 +273104,8 @@ rule SIGNATURE_BASE_Webshell_Phpkit_1_0_Odd
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L918-L933"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L918-L933"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "594d1b1311bbef38a0eb3d6cbb1ab538"
 		logic_hash = "bf99d6a71b9ef72574d928a09f3a479f2f819287d78c9a5435e45752e76a59bf"
 		score = 70
@@ -272682,8 +273130,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_123
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L934-L949"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L934-L949"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c691f53e849676cac68a38d692467641"
 		logic_hash = "48925d3a302bf09ecb3f031301ca8afc722c7ef53b87efa27a3c4b58ee15217d"
 		score = 70
@@ -272708,8 +273156,8 @@ rule SIGNATURE_BASE_Webshell_Asp_1
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L950-L964"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L950-L964"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8991148adf5de3b8322ec5d78cb01bdb"
 		logic_hash = "9cae40c8fc3966942a8fc3ee0f5d07081ba2d1c1c3156144488ba64015d6838b"
 		score = 70
@@ -272733,8 +273181,8 @@ rule SIGNATURE_BASE_Webshell_ASP_Tool
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L965-L980"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L965-L980"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4ab68d38527d5834e9c1ff64407b34fb"
 		logic_hash = "62ba39bac09cb403a47678cd38c519642cc3c20f43c470b828ec448c42e9bb73"
 		score = 70
@@ -272759,8 +273207,8 @@ rule SIGNATURE_BASE_Webshell_Cmd_Win32
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L981-L995"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L981-L995"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cc4d4d6cc9a25984aa9a7583c7def174"
 		logic_hash = "b90ba15b7b2c557f7b2303695b7f1f737f63df06d712c89e0cfea51c7d37e21d"
 		score = 70
@@ -272784,8 +273232,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Jshell
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L996-L1013"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L996-L1013"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "124b22f38aaaf064cef14711b2602c06"
 		logic_hash = "dfe3ac097de4ca406ab7ec967fdc03d1e87c74f84fc675b58438a842d80cccda"
 		score = 70
@@ -272812,8 +273260,8 @@ rule SIGNATURE_BASE_Webshell_ASP_Zehir4
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1014-L1027"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1014-L1027"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7f4e12e159360743ec016273c3b9108c"
 		logic_hash = "aa3e07ee6369dd5f86f28a53c8e45391de718d4935021339a7b47829b5196f54"
 		score = 70
@@ -272836,8 +273284,8 @@ rule SIGNATURE_BASE_Webshell_Wsb_Idc
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1028-L1042"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1028-L1042"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7c5b1b30196c51f1accbffb80296395f"
 		logic_hash = "f274061f1a02ab65bc574a6586343f74262a463c5200cd2c231a752f54967404"
 		score = 70
@@ -272861,8 +273309,8 @@ rule SIGNATURE_BASE_Webshell_Cpg_143_Incl_Xpl
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1043-L1057"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1043-L1057"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5937b131b67d8e0afdbd589251a5e176"
 		logic_hash = "7c2ce25c33e167761d72331d7c4d4f7cd6029ee0caf6e2008df8b12894faaaf8"
 		score = 70
@@ -272886,8 +273334,8 @@ rule SIGNATURE_BASE_Webshell_Mumaasp_Com
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1058-L1071"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1058-L1071"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cce32b2e18f5357c85b6d20f564ebd5d"
 		logic_hash = "75e2a056782190e9914264b9e34002faea75a35ab0f97bf1e05dec15432d064c"
 		score = 70
@@ -272910,8 +273358,8 @@ rule SIGNATURE_BASE_Webshell_Php_404
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1072-L1085"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1072-L1085"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ced050df5ca42064056a7ad610a191b3"
 		logic_hash = "3fc928e6edda8fdc4220f57215db61b7fbf8de5b00423b219a173c8ecde40b79"
 		score = 70
@@ -272934,8 +273382,8 @@ rule SIGNATURE_BASE_Webshell_Webshell_Cnseay_X
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1086-L1099"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1086-L1099"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a0f9f7f5cd405a514a7f3be329f380e5"
 		logic_hash = "59cb8b8a5873b716a25096c7b12f09293a812b63f31fea07d919b9c4d2bc9a19"
 		score = 70
@@ -272958,8 +273406,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Up
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1100-L1114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1100-L1114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f775e721cfe85019fe41c34f47c0d67c"
 		logic_hash = "dff2896d2226ade08e74147121a0e0036e8545dfff36b48b5a0771c9c7d537e9"
 		score = 70
@@ -272983,8 +273431,8 @@ rule SIGNATURE_BASE_Webshell_Phpkit_0_1A_Odd
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1115-L1131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1115-L1131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3c30399e7480c09276f412271f60ed01"
 		logic_hash = "745734658ed4000e1399531ae44125f8462ecd37388e6223cfa9bf91dbb52bbc"
 		score = 70
@@ -273010,8 +273458,8 @@ rule SIGNATURE_BASE_Webshell_ASP_Cmd
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1132-L1145"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1132-L1145"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "97af88b478422067f23b001dd06d56a9"
 		logic_hash = "c1353e43876e18f18638a558a29a12d6e82603641fedd81b042adca91fea0d18"
 		score = 70
@@ -273034,8 +273482,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Shell_X3
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1146-L1161"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1146-L1161"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a2f8fa4cce578fc9c06f8e674b9e63fd"
 		logic_hash = "7361a7eecf345b9c1809294b6b081db8769805ec3e6c656adc4ac87261193683"
 		score = 70
@@ -273060,8 +273508,8 @@ rule SIGNATURE_BASE_Webshell_PHP_G00Nv13
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1162-L1176"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1162-L1176"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "35ad2533192fe8a1a76c3276140db820"
 		logic_hash = "dd9f03a7ad0d2b73f7a8602ab267e0e8e5cb1f9250f9a25c86ded3797df2f8d5"
 		score = 70
@@ -273085,8 +273533,8 @@ rule SIGNATURE_BASE_Webshell_Php_H6Ss
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1177-L1190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1177-L1190"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "272dde9a4a7265d6c139287560328cd5"
 		logic_hash = "c4001be111ff271335dd65c15c59da979a8e202bcf58a7f10de7f03644472153"
 		score = 70
@@ -273109,8 +273557,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Zx
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1191-L1204"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1191-L1204"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "67627c264db1e54a4720bd6a64721674"
 		logic_hash = "d97df624801d0f24141dfe7074d290a56e639af7d867c907362ff4434c3eeac0"
 		score = 70
@@ -273133,8 +273581,8 @@ rule SIGNATURE_BASE_Webshell_Ani_Shell
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1205-L1220"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1205-L1220"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "889bfc9fbb8ee7832044fc575324d01a"
 		logic_hash = "c8caf8686c36a41b5aae093e88b8872350cf625c59a14389c5df93f284c8f05a"
 		score = 70
@@ -273159,8 +273607,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_K8Cmd
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1221-L1234"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1221-L1234"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b39544415e692a567455ff033a97a682"
 		logic_hash = "e523a5b1118c6f4d5798f130c00466c7945d27a6fbe0d4cb3a40b7f36da2a502"
 		score = 70
@@ -273183,8 +273631,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Cmd
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1236-L1249"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1236-L1249"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5391c4a8af1ede757ba9d28865e75853"
 		logic_hash = "e48d4e2d14a3605fd9dda03630820a0fb53d893cc4d283739fde11f9ab7d9d1e"
 		score = 70
@@ -273207,8 +273655,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_K81
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1251-L1265"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1251-L1265"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "41efc5c71b6885add9c1d516371bd6af"
 		logic_hash = "f9c6b5bec9313c6fd059055fa18332675838419bba3348bb852b50806f26ccb2"
 		score = 70
@@ -273232,8 +273680,8 @@ rule SIGNATURE_BASE_Webshell_ASP_Zehir
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1266-L1279"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1266-L1279"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0061d800aee63ccaf41d2d62ec15985d"
 		logic_hash = "90920258017cf189da128dce477e71f0040bc66aefa6f018f64db64d22f60ae5"
 		score = 70
@@ -273257,8 +273705,8 @@ rule SIGNATURE_BASE_Webshell_Worse_Linux_Shell_1
 		modified = "2025-07-07"
 		old_rule_name = "webshell_Worse_Linux_Shell"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1280-L1294"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1280-L1294"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8338c8d9eab10bd38a7116eb534b5fa2"
 		logic_hash = "a24e7ae7c722da7f265f032315b1e8e402c2fc4a2a54a685671a9e52124f6553"
 		score = 70
@@ -273281,8 +273729,8 @@ rule SIGNATURE_BASE_Webshell_Zacosmall
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1295-L1308"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1295-L1308"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5295ee8dc2f5fd416be442548d68f7a6"
 		logic_hash = "739d58e3ab6712c703e0cb0e0070afec3376844b77ed081a5d12407cabb62319"
 		score = 70
@@ -273305,8 +273753,8 @@ rule SIGNATURE_BASE_Webshell_Liz0Zim_Private_Safe_Mode_Command_Execuriton_Bypass
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1309-L1322"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1309-L1322"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c6eeacbe779518ea78b8f7ed5f63fc11"
 		logic_hash = "9630fc0371193bfbd0bd4fb15856477e7739fc9f11ee539d119ee837b1a54502"
 		score = 70
@@ -273329,8 +273777,8 @@ rule SIGNATURE_BASE_Webshell_Redirect
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1323-L1336"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1323-L1336"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "97da83c6e3efbba98df270cc70beb8f8"
 		logic_hash = "b16026623fe7802db9823ad4a3dab051747eea6bd41ce72a0c8c6757bfa2c6f7"
 		score = 70
@@ -273353,8 +273801,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Cmdjsp
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1337-L1350"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1337-L1350"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b815611cc39f17f05a73444d699341d4"
 		logic_hash = "b4822e47a27c598be746ac71bf9b60dafe08d50c83a2dfee5e40ea384fcff21a"
 		score = 70
@@ -273377,8 +273825,8 @@ rule SIGNATURE_BASE_Webshell_Java_Shell
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1351-L1365"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1351-L1365"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "36403bc776eb12e8b7cc0eb47c8aac83"
 		logic_hash = "0d313ff81a36b456326df0054853c31d69710fc142fcfa65747691238af4e635"
 		score = 70
@@ -273402,8 +273850,8 @@ rule SIGNATURE_BASE_Webshell_Asp_1D
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1366-L1379"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1366-L1379"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fad7504ca8a55d4453e552621f81563c"
 		logic_hash = "85b17fde8fb535b64e5eabc887428d9b73adc5bc6741a3a387f235a8b0c6089a"
 		score = 70
@@ -273426,8 +273874,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Ixrbe
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1380-L1393"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1380-L1393"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e26e7e0ebc6e7662e1123452a939e2cd"
 		logic_hash = "8710d092b81c5de1e328ad6e57e5c4a25748cc92844198038c103dabc1e76e77"
 		score = 70
@@ -273450,8 +273898,8 @@ rule SIGNATURE_BASE_Webshell_PHP_G5
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1394-L1407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1394-L1407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "95b4a56140a650c74ed2ec36f08d757f"
 		logic_hash = "2edffbea5142ef146cec57cb88b473532f56ab3e95151c5648eaeabe6a75feda"
 		score = 70
@@ -273474,8 +273922,8 @@ rule SIGNATURE_BASE_Webshell_PHP_R57142
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1408-L1421"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1408-L1421"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0911b6e6b8f4bcb05599b2885a7fe8a8"
 		logic_hash = "3afa0463de3acb12480dba1b2ab9cd53fca88216ba54c5e044e48ebd84bf17bd"
 		score = 70
@@ -273498,8 +273946,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Tree
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1422-L1436"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1422-L1436"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bcdf7bbf7bbfa1ffa4f9a21957dbcdfa"
 		logic_hash = "180aa4572a42d23f3e44589f876356ec973fd64cdd53bac69936b93699888ac2"
 		score = 70
@@ -273523,8 +273971,8 @@ rule SIGNATURE_BASE_Webshell_C99Madshell_V_3_0_Smowu
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1437-L1451"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1437-L1451"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "74e1e7c7a6798f1663efb42882b85bee"
 		logic_hash = "d84a5c573b89790efdbe67a684feb7db88521027e86b7588f090696fd90cbc87"
 		score = 70
@@ -273548,8 +273996,8 @@ rule SIGNATURE_BASE_Webshell_Simple_Backdoor
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1452-L1467"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1452-L1467"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f091d1b9274c881f8e41b2f96e6b9936"
 		logic_hash = "252285e8a796757235d775427e5a73980d065c1221190545428910a77f46bb9a"
 		score = 70
@@ -273574,8 +274022,8 @@ rule SIGNATURE_BASE_Webshell_PHP_404
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1468-L1481"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1468-L1481"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "078c55ac475ab9e028f94f879f548bca"
 		logic_hash = "b0524ecddf990048e3e40f471c24075c0e87654c6fe40f17dc3ff43743402e24"
 		score = 70
@@ -273598,8 +274046,8 @@ rule SIGNATURE_BASE_Webshell_Macker_S_Private_Phpshell
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1482-L1497"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1482-L1497"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e24cbf0e294da9ac2117dc660d890bb9"
 		logic_hash = "4bccc1aca8698e601133436a55538c08e3e1fa113a0776c04590eaf4a10fd309"
 		score = 70
@@ -273624,8 +274072,8 @@ rule SIGNATURE_BASE_Webshell_Antichat_Shell_V1_3_2
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1498-L1511"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1498-L1511"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "40d0abceba125868be7f3f990f031521"
 		logic_hash = "d5a1dc31f442f8db7771ee64164436f6c562ef9f4a203a1e2006d37f9df91846"
 		score = 70
@@ -273648,8 +274096,8 @@ rule SIGNATURE_BASE_Webshell_Safe_Mode_Breaker
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1512-L1526"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1512-L1526"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5bd07ccb1111950a5b47327946bfa194"
 		logic_hash = "4adcefc05413a02653a2a405791345a1a76058a39f6e2b03765c4485f7c6b106"
 		score = 70
@@ -273673,8 +274121,8 @@ rule SIGNATURE_BASE_Webshell_Sst_Sheller
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1527-L1541"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1527-L1541"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d93c62a0a042252f7531d8632511ca56"
 		logic_hash = "4faac0b22fec809f2100bad200ba1f9fb9e16fab743e1b1cbfe0b80c6d2fee32"
 		score = 70
@@ -273698,8 +274146,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_List
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1542-L1557"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1542-L1557"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1ea290ff4259dcaeb680cec992738eda"
 		logic_hash = "5641bff0ec161fe72e502641b6138186d541ebfcbf499e0295a61f9f6f085654"
 		score = 70
@@ -273724,8 +274172,8 @@ rule SIGNATURE_BASE_Webshell_Phpjackal_V1_5
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1558-L1572"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1558-L1572"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d76dc20a4017191216a0315b7286056f"
 		logic_hash = "457bc71cb8e684dafb14b1c5d2faa4366cedce5eba9545493be2b1d49daf98b6"
 		score = 70
@@ -273749,8 +274197,8 @@ rule SIGNATURE_BASE_Webshell_Customize
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1573-L1586"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1573-L1586"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d55578eccad090f30f5d735b8ec530b1"
 		logic_hash = "462d97427793ef6e897b33f4fd02d452ad8cd11ddef21aa25d13efc981eb3afb"
 		score = 70
@@ -273773,8 +274221,8 @@ rule SIGNATURE_BASE_Webshell_S72_Shell_V1_1_Coding
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1587-L1600"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1587-L1600"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c2e8346a5515c81797af36e7e4a3828e"
 		logic_hash = "fd200d8aa347242546a1da311edc61ceebaec5f7d6b4fe2f49f069b36689f547"
 		score = 70
@@ -273797,8 +274245,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Sys3
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1601-L1616"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1601-L1616"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b3028a854d07674f4d8a9cf2fb6137ec"
 		logic_hash = "14b0ac1b1b8538b0c05dcd0a8b7129fdcad2e595ea00630bd55cee6dff596d4f"
 		score = 70
@@ -273823,8 +274271,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Guige02
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1617-L1631"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1617-L1631"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a3b8b2280c56eaab777d633535baf21d"
 		logic_hash = "c214e50b209970c03d389d97673901ec44b2727e5c7588e5e4d0a644cc691423"
 		score = 70
@@ -273848,8 +274296,8 @@ rule SIGNATURE_BASE_Webshell_Php_Ghost
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1632-L1647"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1632-L1647"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "38dc8383da0859dca82cf0c943dbf16d"
 		logic_hash = "9a7635d313345e7b7cb7424726ed62015afd78412b504e406155f85c4cdf623f"
 		score = 70
@@ -273874,8 +274322,8 @@ rule SIGNATURE_BASE_Webshell_Winx_Shell
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1648-L1662"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1648-L1662"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "17ab5086aef89d4951fe9b7c7a561dda"
 		logic_hash = "e6dd5178cafccca751dd3f2e36206acd214a65b2e0783a738a104b3dc680ca21"
 		score = 70
@@ -273899,8 +274347,8 @@ rule SIGNATURE_BASE_Webshell_Crystal_Crystal
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1663-L1677"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1663-L1677"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fdbf54d5bf3264eb1c4bff1fac548879"
 		logic_hash = "735332a2ec7df65cca4ca69e702c5893d302a01c7ee7b84d01a1e6ab9646de93"
 		score = 70
@@ -273924,8 +274372,8 @@ rule SIGNATURE_BASE_Webshell_R57_1_4_0
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1678-L1694"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1678-L1694"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "574f3303e131242568b0caf3de42f325"
 		logic_hash = "cb48621c572d529b8dc634e7b6360257ad4fce9664bfca7ee7c0101be42d2c24"
 		score = 70
@@ -273951,8 +274399,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Ajn
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1696-L1710"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1696-L1710"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "aaafafc5d286f0bff827a931f6378d04"
 		logic_hash = "0a6c9a210c0337d6b984bcf6cd7f14103a0f6f5d38a26c789519c2b1629aaede"
 		score = 70
@@ -273976,8 +274424,8 @@ rule SIGNATURE_BASE_Webshell_Php_Cmd
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1711-L1726"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1711-L1726"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c38ae5ba61fd84f6bbbab98d89d8a346"
 		logic_hash = "d9a0802f6fd7047ba5477f6bba61c4ac02cabfce06270fdbd8e8e68a693ccf68"
 		score = 70
@@ -274002,8 +274450,8 @@ rule SIGNATURE_BASE_Webshell_Asp_List
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1727-L1741"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1727-L1741"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1cfa493a165eb4b43e6d4cc0f2eab575"
 		logic_hash = "9c8bdeb5992015b26fbee418ed6e6b7c6b0901f26bddf9dc26706c0b63ea9c95"
 		score = 70
@@ -274027,8 +274475,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Co
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1742-L1756"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1742-L1756"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "62199f5ac721a0cb9b28f465a513874c"
 		logic_hash = "3fab3e97d10b6c56fb7df8bcd520bda318fc127a620c5aafba09cb36ffd6a8df"
 		score = 70
@@ -274052,8 +274500,8 @@ rule SIGNATURE_BASE_Webshell_PHP_150
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1757-L1771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1757-L1771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "400c4b0bed5c90f048398e1d268ce4dc"
 		logic_hash = "139e3d6aa3cd2b6a9731a6cc14c921f9fd82ff7ca79d156f1ff6bc544897fb12"
 		score = 70
@@ -274077,8 +274525,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Cmdjsp_2
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1772-L1786"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1772-L1786"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1b5ae3649f03784e2a5073fa4d160c8b"
 		logic_hash = "83be82e260adcff9d3d11344c363f6b5da331339ffe78e561cea9ab09b209030"
 		score = 70
@@ -274102,8 +274550,8 @@ rule SIGNATURE_BASE_Webshell_PHP_C37
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1787-L1801"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1787-L1801"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d01144c04e7a46870a8dd823eb2fe5c8"
 		logic_hash = "b93394f4e05cc96c31a8adcb0981aa8b069780893c469b41ece3d3ce92c42251"
 		score = 70
@@ -274127,8 +274575,8 @@ rule SIGNATURE_BASE_Webshell_PHP_B37
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1802-L1815"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1802-L1815"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0421445303cfd0ec6bc20b3846e30ff0"
 		logic_hash = "ae0cca5723a1e885c26ece5082c24f4c95f0262b8e7baf6db5efde5cfee2cc42"
 		score = 70
@@ -274151,8 +274599,8 @@ rule SIGNATURE_BASE_Webshell_Php_Backdoor
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1816-L1830"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1816-L1830"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2b5cb105c4ea9b5ebc64705b4bd86bf7"
 		logic_hash = "1f754b4d29eb93316183cf904b375ded7ccdae1d2196fe05950c449ed0d690f4"
 		score = 70
@@ -274176,8 +274624,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Dabao
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1831-L1845"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1831-L1845"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3919b959e3fa7e86d52c2b0a91588d5d"
 		logic_hash = "62cf46dc16a7365d196c2cb8ede8b1380a0877d134d3726d7c777096a4eda942"
 		score = 70
@@ -274201,8 +274649,8 @@ rule SIGNATURE_BASE_Webshell_Php_2
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1846-L1859"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1846-L1859"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "267c37c3a285a84f541066fc5b3c1747"
 		logic_hash = "bd485c825ae7ac11ff67d109d3c07fb405272a5919e00af39788d1a9c94e754d"
 		score = 70
@@ -274225,8 +274673,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Cmdasp
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1860-L1874"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1860-L1874"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "57b51418a799d2d016be546f399c2e9b"
 		logic_hash = "4259419b4db8e6a83df6f7d258d41028f7f76b0fd2308eeadb4555066c5a2940"
 		score = 70
@@ -274250,8 +274698,8 @@ rule SIGNATURE_BASE_Webshell_Spjspshell
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1875-L1888"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1875-L1888"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d39d51154aaad4ba89947c459a729971"
 		logic_hash = "7926eadd3ffb21de73a63e7a28a525037bf88396ea369599b41ac8c0b0d112ad"
 		score = 70
@@ -274274,8 +274722,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Action
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1889-L1903"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1889-L1903"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5a7d931094f5570aaf5b7b3b06c3d8c0"
 		logic_hash = "5ea7d074d0fe98cf2514a65231013a374532d6b3aa2487bcc34d4285f558752a"
 		score = 70
@@ -274299,8 +274747,8 @@ rule SIGNATURE_BASE_Webshell_Inderxer
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1904-L1917"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1904-L1917"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9ea82afb8c7070817d4cdf686abe0300"
 		logic_hash = "915f2f38c1ca1321980ac66ebb95b0c46443e0ba64cc4b2014200db43439c85e"
 		score = 70
@@ -274323,8 +274771,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Rader
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1918-L1932"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1918-L1932"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ad1a362e0a24c4475335e3e891a01731"
 		logic_hash = "b578f3e844cbb361f455e55353fad2f0134ede7c3c468cebad9ae265e6e768b8"
 		score = 70
@@ -274348,8 +274796,8 @@ rule SIGNATURE_BASE_Webshell_C99_Madnet_Smowu
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1933-L1951"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1933-L1951"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3aaa8cad47055ba53190020311b0fb83"
 		logic_hash = "5c4f76bdbe535a899e40c890eb1ea65e070c781fe5dd44cf13d4832cfd6d2e13"
 		score = 70
@@ -274377,8 +274825,8 @@ rule SIGNATURE_BASE_Webshell_Php_Moon
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1952-L1967"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1952-L1967"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2a2b1b783d3a2fa9a50b1496afa6e356"
 		logic_hash = "4e26dbef647caee19a8707a067c228ba96bd986369e4c87c68964ae42c85b09a"
 		score = 70
@@ -274403,8 +274851,8 @@ rule SIGNATURE_BASE_Webshell_Minupload
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1969-L1983"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1969-L1983"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ec905a1395d176c27f388d202375bdf9"
 		logic_hash = "53dea3ea0e2cf83907273fa7f64b21b40e9a5c8e4aa34e5d46d2762396fa89ce"
 		score = 70
@@ -274428,8 +274876,8 @@ rule SIGNATURE_BASE_Webshell_ELMALISEKER_Backd00R
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1984-L1998"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1984-L1998"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3aa403e0a42badb2c23d4a54ef43e2f4"
 		logic_hash = "c5eea930dc386c60e60f052c4945c8d6c0125d3500e60794e21d5ea04f226628"
 		score = 70
@@ -274453,8 +274901,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Bug_1_
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L1999-L2012"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L1999-L2012"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "91c5fae02ab16d51fc5af9354ac2f015"
 		logic_hash = "12b957b7e0d0823721273ab71a19ee62d84a8dc5f584a46691f0e0aef996386e"
 		score = 70
@@ -274477,8 +274925,8 @@ rule SIGNATURE_BASE_Webshell_Caidao_Shell_Hkmjj
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2013-L2026"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2013-L2026"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e7b994fe9f878154ca18b7cde91ad2d0"
 		logic_hash = "9a25df170ed165fe6528e6b9374ae572bcd26cd2e1f4014c7aa4953122671fac"
 		score = 70
@@ -274501,8 +274949,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Asd
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2027-L2041"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2027-L2041"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a042c2ca64176410236fcc97484ec599"
 		logic_hash = "6620b796b55a67010cd3edebc2ec84c2657717722129ea46288d262cfd1c7e1c"
 		score = 70
@@ -274526,8 +274974,8 @@ rule SIGNATURE_BASE_Webshell_Metaslsoft
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2043-L2056"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2043-L2056"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "aa328ed1476f4a10c0bcc2dde4461789"
 		logic_hash = "20d938fbe21bcf04f09c6450a9acd5db556e9c9f83149d3cdd098be7a905d5ca"
 		score = 70
@@ -274550,8 +274998,8 @@ rule SIGNATURE_BASE_Webshell_Asp_Ajan
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2057-L2070"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2057-L2070"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b6f468252407efc2318639da22b08af0"
 		logic_hash = "1817786725de61150f1b3ff57597c780323a7f4df1c046cfd473e1918decd7d2"
 		score = 70
@@ -274574,8 +275022,8 @@ rule SIGNATURE_BASE_Webshell_Config_Myxx_Zend
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2071-L2087"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2071-L2087"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "161dc712f279e73ea8cab4b0298cc2ca3799c6d9107050c4231a81021caed37f"
 		score = 70
 		quality = 85
@@ -274601,8 +275049,8 @@ rule SIGNATURE_BASE_Webshell_Browser_201_3_Ma_Download
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2088-L2107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2088-L2107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3605e1304fb314c13d6c94d6ac9337731c6ee4fef679444d599cb3ae29023b56"
 		score = 70
 		quality = 85
@@ -274631,8 +275079,8 @@ rule SIGNATURE_BASE_Webshell_Itsec_Itsecteam_Shell_Jhn
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2108-L2125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2108-L2125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2775d7e47a26e06ea716bdca32a0f768eccf4d269caa3d107b4a78f8684ce741"
 		score = 70
 		quality = 85
@@ -274659,8 +275107,8 @@ rule SIGNATURE_BASE_Webshell_Ghost_Source_Icesword_Silic
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2126-L2143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2126-L2143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "22879d5279866e3c25a5b41a98b44595f191cfcac6489208b0bdb6b7ca7201e5"
 		score = 70
 		quality = 85
@@ -274687,8 +275135,8 @@ rule SIGNATURE_BASE_Webshell_Jspspy_Jspspyjdk5_Jspspyjdk51_Luci_Jsp_Spy2009_M_Ma
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2144-L2187"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2144-L2187"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6c61e5ccd4800f0cfd20532ab43f917f39a7367cc09cbe92e5320eb2c97fabf3"
 		score = 70
 		quality = 85
@@ -274741,8 +275189,8 @@ rule SIGNATURE_BASE_Webshell_2_520_Job_Ma1_Ma4_2
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2188-L2208"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2188-L2208"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "db76ff42079b20d9e5c40661d7b30206e6bffc828f55daa4dc210662068f8e27"
 		score = 70
 		quality = 85
@@ -274772,8 +275220,8 @@ rule SIGNATURE_BASE_Webshell_000_403_807_A_C5_Config_Css_Dm_He1P_Jspspy_Jspspyjd
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2209-L2255"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2209-L2255"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cda47d7967b0f4b2a274ff2196d27d2e108b00917812093bbb3f033a8a1d1c3c"
 		score = 70
 		quality = 85
@@ -274829,8 +275277,8 @@ rule SIGNATURE_BASE_Webshell_Wso2_5_1_Wso2_5_Wso2
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2256-L2273"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2256-L2273"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f2dce52f1b8d2c33cd8478a468383a87f13712dc6e5c9050fea6ede4f0d24cc5"
 		score = 70
 		quality = 85
@@ -274857,8 +275305,8 @@ rule SIGNATURE_BASE_Webshell_000_403_C5_Querydong_Spyjsp2010_T00Ls
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2274-L2294"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2274-L2294"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6f507499304a7cf4d14a134a4c0781fed9a94c40fe3257a4168bacdf3910ffec"
 		score = 70
 		quality = 85
@@ -274888,8 +275336,8 @@ rule SIGNATURE_BASE_Webshell_404_Data_Suiyue
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2295-L2311"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2295-L2311"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7f4ab5dbd2a72574c5d188e14ae98e599359b2d662266fc4c3a39d3d4405c208"
 		score = 70
 		quality = 85
@@ -274915,8 +275363,8 @@ rule SIGNATURE_BASE_Webshell_R57Shell_R57Shell127_Sniper_SA_Shell_Egy_Spider_She
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2312-L2337"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2312-L2337"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "04a58352202538d5446f1000c07341ea70434f00403f116233f335213687636e"
 		score = 70
 		quality = 85
@@ -274951,8 +275399,8 @@ rule SIGNATURE_BASE_Webshell_807_A_Css_Dm_He1P_Jspspy_Xxx
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2338-L2376"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2338-L2376"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eb045425a9f519dd7bf028a7795b16b89768682f5850b6a4d45f0991bfeb6431"
 		score = 70
 		quality = 85
@@ -275000,8 +275448,8 @@ rule SIGNATURE_BASE_Webshell_201_3_Ma_Download
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2377-L2396"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2377-L2396"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "14eccd07e7bef9d570f75fc4adc204d175dcfbb5b950bdb3e25a65d3c5bb0310"
 		score = 70
 		quality = 85
@@ -275030,8 +275478,8 @@ rule SIGNATURE_BASE_Webshell_Browser_201_3_400_In_Jfolder_Jfolder01_Jsp_Leo_Ma_W
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2397-L2424"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2397-L2424"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0bf0fd37b542c9362a47180ee03ea28995b48d483f72273e472292a320a3ddee"
 		score = 70
 		quality = 85
@@ -275068,8 +275516,8 @@ rule SIGNATURE_BASE_Webshell_Shell_Phpspy_2006_Arabicspy
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2425-L2442"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2425-L2442"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bd9f1ffdbf94dd5a871fc7c3b31d2357e99265d02bfe1c836f82d251053dce7d"
 		score = 70
 		quality = 85
@@ -275096,8 +275544,8 @@ rule SIGNATURE_BASE_Webshell_In_Jfolder_Jfolder01_Jsp_Leo_Warn
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2443-L2463"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2443-L2463"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "00c3667438a688b990cf1c8bb6db52be7c6d1b36192dece4e8b07edda68f4b72"
 		score = 70
 		quality = 85
@@ -275127,8 +275575,8 @@ rule SIGNATURE_BASE_Webshell_2_520_Icesword_Job_Ma1_Ma4_2
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2464-L2486"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2464-L2486"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "765efb4f776d9ffe5dab1b5decbb60df654e1de9ab8ae7e0437c5c8f717642b9"
 		score = 70
 		quality = 85
@@ -275160,8 +275608,8 @@ rule SIGNATURE_BASE_Webshell_Phpspy_2005_Full_Phpspy_2005_Lite_PHPSPY
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2487-L2505"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2487-L2505"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "80c8e7b50aea91284a25ffd3a07d8705c24b6a95a58f42ec6043ececcff32dbb"
 		score = 70
 		quality = 85
@@ -275189,8 +275637,8 @@ rule SIGNATURE_BASE_Webshell_Shell_Phpspy_2006_Arabicspy_Hkrkoz
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2506-L2523"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2506-L2523"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "228e0a73f14da2957f75ae898fdbcf2386deb366df6ddc312162ab723bac44ba"
 		score = 70
 		quality = 85
@@ -275217,8 +275665,8 @@ rule SIGNATURE_BASE_Webshell_C99_Shell_Ci_Biz_Was_Here_C100_V_Xxx
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2524-L2543"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2524-L2543"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ccc3cb553f7b5d089a43612d48522cc4a66b4a8ab433321ae1a716a8fa57b62c"
 		score = 70
 		quality = 85
@@ -275247,8 +275695,8 @@ rule SIGNATURE_BASE_Webshell_2008_2009Lite_2009Mssql
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2544-L2561"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2544-L2561"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ae33048856440e25972aa5483b60e775f50f60a9ef5e77a58edd60eacdcd9ee3"
 		score = 70
 		quality = 85
@@ -275275,8 +275723,8 @@ rule SIGNATURE_BASE_Webshell_Shell_Phpspy_2005_Full_Phpspy_2005_Lite_Phpspy_2006
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2562-L2583"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2562-L2583"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5da06481cf789e71969a5b54a33bfab41e08a1961cc056604a696203fef48422"
 		score = 70
 		quality = 85
@@ -275307,8 +275755,8 @@ rule SIGNATURE_BASE_Webshell_807_Dm_Jspspyjdk5_M_Cofigrue
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2584-L2603"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2584-L2603"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0fc7ac740e147bd3703dac74743b19148aa7bb359cc5f347acf3b0dbe26bf752"
 		score = 70
 		quality = 85
@@ -275337,8 +275785,8 @@ rule SIGNATURE_BASE_Webshell_Dive_Shell_1_0_Emperor_Hacking_Team_Xxx
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2604-L2621"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2604-L2621"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8bf11041a16060fa32431adfe33727863355bae7fec2cf841dcc919092db5c80"
 		score = 70
 		quality = 85
@@ -275365,8 +275813,8 @@ rule SIGNATURE_BASE_Webshell_404_Data_In_Jfolder_Jfolder01_Xxx
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2622-L2644"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2622-L2644"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "171b811c1b93f99f3070692a91a0462f80d9d52ecf26d7fb7297a8bdd9a4c014"
 		score = 70
 		quality = 85
@@ -275398,8 +275846,8 @@ rule SIGNATURE_BASE_Webshell_Jsp_Reverse_Jsp_Reverse_Jspbd
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2645-L2663"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2645-L2663"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cd7409bb6ace3044f3d0bf380133c4fe4a7c0c0309f9d800b397439aa95f81fc"
 		score = 50
 		quality = 85
@@ -275427,8 +275875,8 @@ rule SIGNATURE_BASE_Webshell_400_In_Jfolder_Jfolder01_Jsp_Leo_Warn_Webshell_Nc
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2664-L2688"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2664-L2688"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "74e31e51f2cb46a042e8591ffb44fe68fb591d202c8171c6afb556eddb381f6f"
 		score = 70
 		quality = 85
@@ -275462,8 +275910,8 @@ rule SIGNATURE_BASE_Webshell_2_520_Job_Jspwebshell_1_2_Ma1_Ma4_2
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2689-L2711"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2689-L2711"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "49614b2a42210fa134f85fa52c66e12809f2bb9eaf56c17b69d21e5fbfc8888b"
 		score = 70
 		quality = 85
@@ -275495,8 +275943,8 @@ rule SIGNATURE_BASE_Webshell_Shell_2008_2009Mssql_Phpspy_2005_Full_Phpspy_2006_A
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2712-L2736"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2712-L2736"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "140af92ab61059649a872bef96b916f2c402fd9891301d4a1ba1f389a45af003"
 		score = 60
 		quality = 85
@@ -275530,8 +275978,8 @@ rule SIGNATURE_BASE_Webshell_Gfs_Sh_R57Shell_R57Shell127_Sniper_SA_Xxx
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2737-L2762"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2737-L2762"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "24d93f9ae5e174873a32abdf8dca6c00f03cbb4c5e2ad531ac7fa34f8fc90794"
 		score = 70
 		quality = 85
@@ -275566,8 +276014,8 @@ rule SIGNATURE_BASE_Webshell_Itsec_Phpjackal_Itsecteam_Shell_Jhn
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2763-L2782"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2763-L2782"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0c97731c28f59a6fbab2b7882fae171da8d71add73ec92ab6093dec57fcd7207"
 		score = 70
 		quality = 85
@@ -275596,8 +276044,8 @@ rule SIGNATURE_BASE_Webshell_Shell_Ci_Biz_Was_Here_C100_V_Xxx
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2783-L2803"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2783-L2803"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a7841dec442877648a589045849f7f1b80316a30dda5a44ccc4bb626dbd2cdea"
 		score = 70
 		quality = 85
@@ -275627,8 +276075,8 @@ rule SIGNATURE_BASE_Webshell_NIX_REMOTE_WEB_SHELL_NIX_REMOTE_WEB_Xxx1
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2804-L2823"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2804-L2823"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "95d25e9dc75a9af91e23b8c53acb384616f5d8a78605200bdb94f016a7f160f6"
 		score = 70
 		quality = 85
@@ -275657,8 +276105,8 @@ rule SIGNATURE_BASE_Webshell_C99_C99Shell_C99_W4Cking_Shell_Xxx
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2824-L2852"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2824-L2852"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "731bbf06208d20874c1d8464472e6a66a2e9b0bc2dc0475783763b99eb70fefa"
 		score = 70
 		quality = 85
@@ -275696,8 +276144,8 @@ rule SIGNATURE_BASE_Webshell_2008_2009Mssql_Phpspy_2005_Full_Phpspy_2006_Arabics
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2853-L2875"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2853-L2875"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2d78db4d45a35d6a78d4288e00a382a0937e3806f0570bd353b88955664a47f6"
 		score = 70
 		quality = 85
@@ -275729,8 +276177,8 @@ rule SIGNATURE_BASE_Webshell_C99_C66_C99_Shadows_Mod_C99Shell
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2876-L2898"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2876-L2898"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b50a6124f25bbb6fcc9d16d1de26d833a4b968db8e8033e76f3a74695577017e"
 		score = 70
 		quality = 85
@@ -275762,8 +276210,8 @@ rule SIGNATURE_BASE_Webshell_He1P_Jspspy_Nogfw_Ok_Style_1_Jspspy1
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2899-L2922"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2899-L2922"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "522ba5f797e33c27fef3ae8d89889c31799073ed3c770a49401f4d42ead04640"
 		score = 70
 		quality = 85
@@ -275796,8 +276244,8 @@ rule SIGNATURE_BASE_Webshell_000_403_C5_Config_Myxx_Querydong_Spyjsp2010_Zend
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2923-L2946"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2923-L2946"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7ca710973592718c5455508c5798b3c51dce994d5ebd33aa3a59d1b03c096bdf"
 		score = 70
 		quality = 85
@@ -275830,8 +276278,8 @@ rule SIGNATURE_BASE_Webshell_C99_C99Shell_C99_C99Shell
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2947-L2965"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2947-L2965"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b999b1a8307e228fb97772799369e292fb806d614159f2b2abfc7a71c5bdb225"
 		score = 70
 		quality = 85
@@ -275859,8 +276307,8 @@ rule SIGNATURE_BASE_Webshell_R57Shell127_R57_Ifx_R57_Kartal_R57_Antichat
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2966-L2987"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2966-L2987"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "23887963068f7dd2e4c85b11079276a00786d1a753f22e3b63f01139087a7f4c"
 		score = 70
 		quality = 85
@@ -275891,8 +276339,8 @@ rule SIGNATURE_BASE_Webshell_NIX_REMOTE_WEB_SHELL_Nstview_Xxx
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L2988-L3007"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L2988-L3007"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b10e89c6b1851f88a2bbb9116969ea3770366c162b911cb8a2c3a033da3a46bc"
 		score = 70
 		quality = 85
@@ -275921,8 +276369,8 @@ rule SIGNATURE_BASE_Webshell_000_403_807_A_C5_Config_Css_Dm_He1P_Xxx
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3008-L3058"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3008-L3058"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "46eede3a1af29e344ed5107fc0af4bd13cd1492bff340d61063911bbb474e7b3"
 		score = 70
 		quality = 85
@@ -275982,8 +276430,8 @@ rule SIGNATURE_BASE_Webshell_2_520_Icesword_Job_Ma1
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3059-L3079"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3059-L3079"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "795eb586310d87a3c6b53117bf2c8cbcfadcb177f5a5129c17fd21f0b64c385c"
 		score = 70
 		quality = 85
@@ -276013,8 +276461,8 @@ rule SIGNATURE_BASE_Webshell_404_Data_In_Jfolder_Jfolder01_Jsp_Suiyue_Warn
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3080-L3104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3080-L3104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5e0da29499d76539fb1f5cfbe0a00331eeb0bb8fa861f2e2d686130ee4939fac"
 		score = 70
 		quality = 85
@@ -276048,8 +276496,8 @@ rule SIGNATURE_BASE_Webshell_Phpspy_2005_Full_Phpspy_2005_Lite_Phpspy_2006_PHPSP
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3106-L3126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3106-L3126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fc47a50c5964574fb9b9caf3fb94041f028998577bf4ccf21884a41fa1876572"
 		score = 70
 		quality = 85
@@ -276079,8 +276527,8 @@ rule SIGNATURE_BASE_Webshell_C99_Locus7S_C99_W4Cking_Xxx
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3127-L3156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3127-L3156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4afadac41e729f77711eb3ea3ee8f6e8ce61e19294e90db024e5334e214d9647"
 		score = 70
 		quality = 85
@@ -276119,8 +276567,8 @@ rule SIGNATURE_BASE_Webshell_Browser_201_3_Ma_Ma2_Download
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3157-L3178"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3157-L3178"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3b8bb6ca2eb146f8c170d629612ba12d4663445d443b681f2859af25d50ab6fe"
 		score = 70
 		quality = 85
@@ -276151,8 +276599,8 @@ rule SIGNATURE_BASE_Webshell_000_403_C5_Querydong_Spyjsp2010
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3179-L3200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3179-L3200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dd01bb059d741fedaee17d46355c7cd8a845d714b20ae37db36424544b954d2f"
 		score = 70
 		quality = 85
@@ -276183,8 +276631,8 @@ rule SIGNATURE_BASE_Webshell_R57Shell127_R57_Kartal_R57
 		date = "2014-01-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3201-L3219"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3201-L3219"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fd849f76f8348ee57a9c96eed91c8cac416fdc45a08c93e93ebc952375de27a3"
 		score = 70
 		quality = 85
@@ -276212,8 +276660,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Con2
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3221-L3235"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3221-L3235"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d3584159ab299d546bd77c9654932ae3"
 		logic_hash = "c681b04a1ee4d6af3275b6d772ef35f8bc888a5fcaf3b84f29f77c264e8ad9b9"
 		score = 70
@@ -276237,8 +276685,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Make2
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3236-L3249"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3236-L3249"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9af195491101e0816a263c106e4c145e"
 		logic_hash = "7c94c925b5fd7fbc37428c21a9ea3c5a73f4fa0a20a1f5d03f0d5a990bd6f45a"
 		score = 50
@@ -276261,8 +276709,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Aaa
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3250-L3265"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3250-L3265"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "68483788ab171a155db5266310c852b2"
 		logic_hash = "3c5b9dd86dc790b03a8540b2fb3a717c5ad17d34f366a319faa127479387eed9"
 		score = 70
@@ -276287,8 +276735,8 @@ rule SIGNATURE_BASE_Webshell_Expdoor_Com_ASP
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3266-L3283"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3266-L3283"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "caef01bb8906d909f24d1fa109ea18a7"
 		logic_hash = "838edb9d718b5e1a8be155c4569b4a291b37337e71b435c2b1cd6bcaa53c0dea"
 		score = 70
@@ -276315,8 +276763,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Php2
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3284-L3297"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3284-L3297"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fbf2e76e6f897f6f42b896c855069276"
 		logic_hash = "0350df076a25af77fbd8d5db2b38438a10cd5b9237b23b2f64c6360607b41982"
 		score = 70
@@ -276339,8 +276787,8 @@ rule SIGNATURE_BASE_Webshell_Bypass_Iisuser_P
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3298-L3311"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3298-L3311"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "924d294400a64fa888a79316fb3ccd90"
 		logic_hash = "60d0609291e5def26ce949c903ac767db4157b4f9cf4eee315c69ee7a8d8e77b"
 		score = 70
@@ -276363,8 +276811,8 @@ rule SIGNATURE_BASE_Webshell_Sig_404Super
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3312-L3330"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3312-L3330"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7ed63176226f83d36dce47ce82507b28"
 		logic_hash = "01ecffc6bca2acf1ea4f4d965f3513f7b08ee3d5abbda29d53081f2931ecf9e9"
 		score = 70
@@ -276392,8 +276840,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_JSP
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3331-L3346"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3331-L3346"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "495f1a0a4c82f986f4bdf51ae1898ee7"
 		logic_hash = "bcb2f5d16ff3cc1454bf4653defe037e02a9228a5b7cf7428b1a577f4207c3c8"
 		score = 70
@@ -276418,8 +276866,8 @@ rule SIGNATURE_BASE_Webshell_Webshell_123
 		date = "2014-03-28"
 		modified = "2023-01-27"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3347-L3364"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3347-L3364"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2782bb170acaed3829ea9a04f0ac7218"
 		logic_hash = "1caccadf2bd7d265f9b5026c82acc31ade95313d57382651004db8b5e361312d"
 		score = 70
@@ -276445,8 +276893,8 @@ rule SIGNATURE_BASE_Webshell_Dev_Core
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3365-L3383"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3365-L3383"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "55ad9309b006884f660c41e53150fc2e"
 		logic_hash = "b3c7a9bdaa7e5bf76df9ffba94157777c32199edeaa1c8745e9400d138abc267"
 		score = 70
@@ -276474,8 +276922,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Php
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3384-L3401"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3384-L3401"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b0e842bdf83396c3ef8c71ff94e64167"
 		logic_hash = "a943f3b0d1d56194e250c7cf3e05b2bfec7b29f91ef56085d645efa3fe8995c9"
 		score = 70
@@ -276502,8 +276950,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Pppp
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3402-L3417"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3402-L3417"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cf01cb6e09ee594545693c5d327bdd50"
 		logic_hash = "bd09fc2ec88bea83b16e63afafa3d5f74f119a81046a663322f5b396b48da135"
 		score = 70
@@ -276528,8 +276976,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Code
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3418-L3435"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3418-L3435"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a444014c134ff24c0be5a05c02b81a79"
 		logic_hash = "5ae053a9afc1f720c56304c434cd89861e1df4060b7d813921e7f85978227020"
 		score = 70
@@ -276556,8 +277004,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Jspyyy
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3436-L3449"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3436-L3449"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b291bf3ccc9dac8b5c7e1739b8fa742e"
 		logic_hash = "0afe45556aa7b562672cc4b609cf001aaa617b03028322abac6524f666b069e1"
 		score = 70
@@ -276580,8 +277028,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Xxxx
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3450-L3463"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3450-L3463"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5bcba70b2137375225d8eedcde2c0ebb"
 		logic_hash = "e14cc1eaf357389ca58193c77ce2f54774aebb42be9df15f12415df356c7ed42"
 		score = 70
@@ -276604,8 +277052,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Jjjsp3
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3464-L3477"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3464-L3477"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "949ffee1e07a1269df7c69b9722d293e"
 		logic_hash = "44889540effa2f71889e7f6d0c5d12486e256d83b9230c4902d56f6a59b7939b"
 		score = 70
@@ -276628,8 +277076,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_PHP1
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3478-L3493"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3478-L3493"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "14c7281fdaf2ae004ca5fec8753ce3cb"
 		logic_hash = "1c5eb355455c7fbd2b74d91f78e1d77f460dfeb4fe0ee65f18aa1453337b67a0"
 		score = 70
@@ -276654,8 +277102,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Jjjsp2
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3494-L3510"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3494-L3510"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5a9fec45236768069c99f0bfd566d754"
 		logic_hash = "47dca67c7a01035996d032cb3871da5532aea81ab6570c93c4a6b148fd95e9f9"
 		score = 70
@@ -276681,8 +277129,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Radhat
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3511-L3524"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3511-L3524"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "72cb5ef226834ed791144abaa0acdfd4"
 		logic_hash = "28d4d380b25da05a3be439bad72725fa49c947535dfeb5c24994a849c0592b81"
 		score = 70
@@ -276705,8 +277153,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Asp1
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3525-L3539"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3525-L3539"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b63e708cd58ae1ec85cf784060b69cad"
 		logic_hash = "6c76c5388825e29d333096d4cfa3782b7776f31b206a0ed5a8809428d698778b"
 		score = 70
@@ -276730,8 +277178,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Php6
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3540-L3555"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3540-L3555"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ea75280224a735f1e445d244acdfeb7b"
 		logic_hash = "495dc6c6769b8605ea946c012ad0ebb54685e7e91afd383027640753d90c6b3f"
 		score = 70
@@ -276756,8 +277204,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Xxx
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3556-L3569"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3556-L3569"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0e71428fe68b39b70adb6aeedf260ca0"
 		logic_hash = "837ed266af8a65ac683be39c32509df34bc8041b336a71c12700ca73bf210b4d"
 		score = 70
@@ -276780,8 +277228,8 @@ rule SIGNATURE_BASE_Webshell_Getpostphp
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3570-L3583"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3570-L3583"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "20ede5b8182d952728d594e6f2bb5c76"
 		logic_hash = "e75f66200593c3fdaadf1881235847f6c3f3caadcb7ffe13e8b01bce5f922702"
 		score = 70
@@ -276804,8 +277252,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Php5
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3584-L3597"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3584-L3597"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cf2ab009cbd2576a806bfefb74906fdf"
 		logic_hash = "280be378bc6cf52ef9454083180015ed00f9d0bc936620a4105c34c3a3002383"
 		score = 70
@@ -276828,8 +277276,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_PHP
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3598-L3615"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3598-L3615"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a524e7ae8d71e37d2fd3e5fbdab405ea"
 		logic_hash = "706f835f63e153f907ae8a5a48f1dc4b9d3b8511b21b7155bc045b0ebdc893fc"
 		score = 70
@@ -276856,8 +277304,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_New_Asp
 		date = "2014-03-28"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3616-L3631"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3616-L3631"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "32c87744ea404d0ea0debd55915010b7"
 		logic_hash = "dd2e9f753e8fa781c28c2d5bb9336bb3f39ed8a496bd89eb54bc1812ef512ab5"
 		score = 70
@@ -276882,8 +277330,8 @@ rule SIGNATURE_BASE_Perlbot_Pl
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3635-L3646"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3635-L3646"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7e4deb9884ffffa5d82c22f8dc533a45"
 		logic_hash = "784980d620e71fb0cf5aed9ef8bd171a8f50d850bc782645575070b75c42e426"
 		score = 75
@@ -276906,8 +277354,8 @@ rule SIGNATURE_BASE_Php_Backdoor_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3647-L3659"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3647-L3659"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2b5cb105c4ea9b5ebc64705b4bd86bf7"
 		logic_hash = "acab82b40760b45d49da51953f78c69166955de54918634c9bfe394208cdbb56"
 		score = 75
@@ -276931,8 +277379,8 @@ rule SIGNATURE_BASE_Liz0Zim_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit_
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3660-L3672"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3660-L3672"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c6eeacbe779518ea78b8f7ed5f63fc11"
 		logic_hash = "a0606dad4474579354709fe6306d15427afc4dec8ad6760a0ee9e91c86c23e4d"
 		score = 75
@@ -276956,8 +277404,8 @@ rule SIGNATURE_BASE_Nshell__1__Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3673-L3684"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3673-L3684"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "973fc89694097a41e684b43a21b1b099"
 		logic_hash = "53c7cd24c4eddbded1b4c16fd2758bdf66c0bbe396e487a56d56fc053cf3cc1a"
 		score = 75
@@ -276980,8 +277428,8 @@ rule SIGNATURE_BASE_Shankar_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3685-L3697"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3685-L3697"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6eb9db6a3974e511b7951b8f7e7136bb"
 		logic_hash = "58b365206c18b8394cf1e03b71b8e47be10bc933bc2c05b7b03b7dad94f6d6b8"
 		score = 75
@@ -277005,8 +277453,8 @@ rule SIGNATURE_BASE_Casus15_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3698-L3710"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3698-L3710"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5e2ede2d1c4fa1fcc3cbfe0c005d7b13"
 		logic_hash = "6ee7a07163d33ca329d3be2084406629711db14db4605e8413ee963eb0f9d5a7"
 		score = 75
@@ -277030,8 +277478,8 @@ rule SIGNATURE_BASE_Small_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3711-L3723"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3711-L3723"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fcee6226d09d150bfa5f103bee61fbde"
 		logic_hash = "e0444aa604e8956d423037b70b9476f5653503055d0f1bc875d43de144ce5c44"
 		score = 75
@@ -277055,8 +277503,8 @@ rule SIGNATURE_BASE_Shellbot_Pl
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3724-L3738"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3724-L3738"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b2a883bc3c03a35cfd020dd2ace4bab8"
 		logic_hash = "5db224e4fe8608bb53f044ca6c0361dc66cadd58c6d4ea5ab4f8ae14ebde0e6e"
 		score = 75
@@ -277082,8 +277530,8 @@ rule SIGNATURE_BASE_Fuckphpshell_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3739-L3752"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3739-L3752"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "554e50c1265bb0934fcc8247ec3b9052"
 		logic_hash = "0c993960b4ca880b818c7b7ba726479ed1c64c46ef8ca82d3c990d69ebe43f42"
 		score = 75
@@ -277108,8 +277556,8 @@ rule SIGNATURE_BASE_Ngh_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3753-L3767"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3753-L3767"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c372b725419cdfd3f8a6371cfeebc2fd"
 		logic_hash = "c794b216bafdaecf5bd138cc8c7552efbb8c3c571a441489d02a19793a4c294f"
 		score = 75
@@ -277135,8 +277583,8 @@ rule SIGNATURE_BASE_Jsp_Reverse_Jsp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3768-L3780"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3768-L3780"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8b0e6779f25a17f0ffb3df14122ba594"
 		logic_hash = "bdd2db4c032b25faaaf3a3a8e769000013f643ecfcb8b0374165a244ad2162a6"
 		score = 75
@@ -277160,8 +277608,8 @@ rule SIGNATURE_BASE_Tool_Asp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3781-L3794"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3781-L3794"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8febea6ca6051ae5e2ad4c78f4b9c1f2"
 		logic_hash = "d6bd782302b2c614fc572babb3825c0e1fcd0de5841ca8541ca27580ccc274d4"
 		score = 75
@@ -277186,8 +277634,8 @@ rule SIGNATURE_BASE_NT_Addy_Asp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3795-L3807"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3795-L3807"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2e0d1bae844c9a8e6e351297d77a1fec"
 		logic_hash = "0fc61d5e276786b8be822712cdcfc81146998e535532e44d3da92e0668713a48"
 		score = 75
@@ -277211,8 +277659,8 @@ rule SIGNATURE_BASE_Simattacker___Vrsion_1_0_0___Priv8_4_My_Friend_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3808-L3820"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3808-L3820"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "089ff24d978aeff2b4b2869f0c7d38a3"
 		logic_hash = "46bc4063d06b4af3e4e61e1e998d489e974e76f17363c9777b8afc39ff21f698"
 		score = 75
@@ -277236,8 +277684,8 @@ rule SIGNATURE_BASE_Remexp_Asp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3821-L3833"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3821-L3833"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "aa1d8491f4e2894dbdb91eec1abc2244"
 		logic_hash = "c7da9908a0252e95b47dbc8fbb36aeac1661dc464123aaca036bd51047a31584"
 		score = 75
@@ -277261,8 +277709,8 @@ rule SIGNATURE_BASE_Phvayvv_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3834-L3846"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3834-L3846"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "35fb37f3c806718545d97c6559abd262"
 		logic_hash = "503a69a7e2c30cc82eba430082627bb93c459a95f675b968126bf4524c598863"
 		score = 75
@@ -277286,8 +277734,8 @@ rule SIGNATURE_BASE_Klasvayv_Asp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3847-L3860"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3847-L3860"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2b3e64bf8462fc3d008a3d1012da64ef"
 		logic_hash = "eb1b11e02b075a4e7d28b77cf91ad596a85e4c697a36304ee177d46735965e75"
 		score = 75
@@ -277312,8 +277760,8 @@ rule SIGNATURE_BASE_R57Shell_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3861-L3874"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3861-L3874"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d28445de424594a5f14d0fe2a7c4e94f"
 		logic_hash = "658eec4f3c463ec1a480bcb7ba995b8d81d1fb846832e569751d9f505f0fa87e"
 		score = 75
@@ -277338,8 +277786,8 @@ rule SIGNATURE_BASE_Rst_Sql_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3875-L3888"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3875-L3888"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0961641a4ab2b8cb4d2beca593a92010"
 		logic_hash = "d15cf69d9ad8683d2ac1ff09b08b0b26ecaf35df8e45bbd5c3a02c393f88cb34"
 		score = 75
@@ -277364,8 +277812,8 @@ rule SIGNATURE_BASE_Wh_Bindshell_Py
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3889-L3901"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3889-L3901"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fab20902862736e24aaae275af5e049c"
 		logic_hash = "e38a4f5c23371705f9bbf2db8e65d68074554edc1022576166e76d40e06bc039"
 		score = 75
@@ -277389,8 +277837,8 @@ rule SIGNATURE_BASE_Lurm_Safemod_On_Cgi
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3902-L3914"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3902-L3914"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5ea4f901ce1abdf20870c214b3231db3"
 		logic_hash = "d308ad6cda92fa437b9a4c46cd1b97fb0138aa8d0010256bda56a64ced1c7875"
 		score = 75
@@ -277414,8 +277862,8 @@ rule SIGNATURE_BASE_C99Madshell_V2_0_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3915-L3925"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3915-L3925"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d27292895da9afa5b60b9d3014f39294"
 		logic_hash = "07922511d9dfdd32f6b1f47479fca2063b773024a20dcab6f5cf4d56d66c3397"
 		score = 75
@@ -277437,8 +277885,8 @@ rule SIGNATURE_BASE_Backupsql_Php_Often_With_C99Shell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3926-L3937"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3926-L3937"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ab1a06ab1a1fe94e3f3b7f80eedbc12f"
 		logic_hash = "7c64e3d4e5815859c51f05cb376f72ea266b31193f3f4588526005e167ebabad"
 		score = 75
@@ -277461,8 +277909,8 @@ rule SIGNATURE_BASE_Uploader_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3938-L3950"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3938-L3950"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0b53b67bb3b004a8681e1458dd1895d0"
 		logic_hash = "6e6ffc4cad2a956cb2b6667928bac5996cf95cd36f43ba789144c46726471f07"
 		score = 75
@@ -277486,8 +277934,8 @@ rule SIGNATURE_BASE_Telnet_Pl
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3951-L3962"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3951-L3962"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "dd9dba14383064e219e29396e242c1ec"
 		logic_hash = "2d1abc52fc70ce664a19e49e6fa4175bc8d8785dee332d5273323479d9628a8c"
 		score = 75
@@ -277510,8 +277958,8 @@ rule SIGNATURE_BASE_W3D_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3963-L3975"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3963-L3975"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "987f66b29bfb209a0b4f097f84f57c3b"
 		logic_hash = "33f948a1ae4474daddd788df84fa8baabf4390ec242cad9a6a51dac0152d3b75"
 		score = 75
@@ -277535,8 +277983,8 @@ rule SIGNATURE_BASE_Webshell_Cgi
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3976-L3987"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3976-L3987"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bc486c2e00b5fc3e4e783557a2441e6f"
 		logic_hash = "8908ced96284de6b6d5ae693ba54c49a6333bbe5780d951cbacc91b4dde027df"
 		score = 75
@@ -277559,8 +278007,8 @@ rule SIGNATURE_BASE_Winx_Shell_Html
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L3988-L4000"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L3988-L4000"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "17ab5086aef89d4951fe9b7c7a561dda"
 		logic_hash = "4248f807d66990946523ba7b92d795c2c40429182389d9bf3f4a972e246b50c6"
 		score = 75
@@ -277584,8 +278032,8 @@ rule SIGNATURE_BASE_Dx_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4001-L4013"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4001-L4013"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9cfe372d49fe8bf2fac8e1c534153d9b"
 		logic_hash = "ab43ddcf317eb4db890ca9750dc6bbc19b06b806339a67c82216df02bc2e8446"
 		score = 75
@@ -277609,8 +278057,8 @@ rule SIGNATURE_BASE_Csh_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4014-L4027"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4014-L4027"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "194a9d3f3eac8bc56d9a7c55c016af96"
 		logic_hash = "2a74e06a9fd59d7a577041b49403738904239fb011f9bfe2fb665165991b9c98"
 		score = 75
@@ -277635,8 +278083,8 @@ rule SIGNATURE_BASE_Phpinj_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4028-L4040"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4028-L4040"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d7a4b0df45d34888d5a09f745e85733f"
 		logic_hash = "5d39fd31cdaae7765267ce8a35a2fdcf86e7f0de40d4f303fb0f219c0fc04e40"
 		score = 75
@@ -277660,8 +278108,8 @@ rule SIGNATURE_BASE_Sig_2008_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4041-L4054"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4041-L4054"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3e4ba470d4c38765e4b16ed930facf2c"
 		logic_hash = "a437dc3dc836e93c7a691f7a000c4a4ae574ba95b3a216394ba42538beb9c0f7"
 		score = 75
@@ -277686,8 +278134,8 @@ rule SIGNATURE_BASE_Ak74Shell_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4055-L4067"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4055-L4067"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7f83adcb4c1111653d30c6427a94f66f"
 		logic_hash = "64eb7e72679fc9ee81af6f46d0ab604357710716b93b1ddfaebc5596c968fce8"
 		score = 75
@@ -277711,8 +278159,8 @@ rule SIGNATURE_BASE_Rem_View_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4068-L4080"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4068-L4080"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "29420106d9a81553ef0d1ca72b9934d9"
 		logic_hash = "bcd5c86e793748ffe0ce4415ee68101e8183e1f97477b49843938d254f08695a"
 		score = 75
@@ -277736,8 +278184,8 @@ rule SIGNATURE_BASE_Java_Shell_Js
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4081-L4093"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4081-L4093"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "36403bc776eb12e8b7cc0eb47c8aac83"
 		logic_hash = "f312298ac30ab57b21222a529b1566b9a66909806e4bc88120ac3992cfd3c6fb"
 		score = 75
@@ -277761,8 +278209,8 @@ rule SIGNATURE_BASE_STNC_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4094-L4107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4094-L4107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2e56cfd5b5014cbbf1c1e3f082531815"
 		logic_hash = "b4118dc45ac109bde1cafda24cc103370db57c1993690f450cff828c1633af3c"
 		score = 75
@@ -277787,8 +278235,8 @@ rule SIGNATURE_BASE_Azrailphp_V1_0_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4108-L4120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4108-L4120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "26b2d3943395682e36da06ed493a3715"
 		logic_hash = "4385f294e59b644fe86d8380db4f7926924eb744ad80735b78ef778d2f7e8ae0"
 		score = 75
@@ -277812,8 +278260,8 @@ rule SIGNATURE_BASE_Moroccan_Spamers_Ma_Edition_By_Ghost_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4121-L4133"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4121-L4133"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d1b7b311a7ffffebf51437d7cd97dc65"
 		logic_hash = "e755e4ea467861e5217d532b161bf4c582ff71aa1e4720dfa4b75d6e8d7629d8"
 		score = 75
@@ -277837,8 +278285,8 @@ rule SIGNATURE_BASE_Zacosmall_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4134-L4146"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4134-L4146"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5295ee8dc2f5fd416be442548d68f7a6"
 		logic_hash = "5a2125fc447344f8cc708503d9e4dd82f9b873e40ded497ef9e01974d08bf043"
 		score = 75
@@ -277862,8 +278310,8 @@ rule SIGNATURE_BASE_Cmdasp_Asp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4147-L4160"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4147-L4160"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "64f24f09ec6efaa904e2492dffc518b9"
 		logic_hash = "95dc25ecd47b43edbd7e7e36966377aa09da769aff2bc1c33a7df87989611bfa"
 		score = 75
@@ -277888,8 +278336,8 @@ rule SIGNATURE_BASE_Simple_Backdoor_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4161-L4173"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4161-L4173"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f091d1b9274c881f8e41b2f96e6b9936"
 		logic_hash = "e2e98580b59727313de298fab0009704f621b1b6556220d5065118d960f7a068"
 		score = 75
@@ -277913,8 +278361,8 @@ rule SIGNATURE_BASE_Mysql_Shell_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4174-L4186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4174-L4186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d42aec2891214cace99b3eb9f3e21a63"
 		logic_hash = "dbd825e1056c41efaf80c0495ba7b6cf1c88403b997ea7ac1378512a19f7ed8a"
 		score = 75
@@ -277938,8 +278386,8 @@ rule SIGNATURE_BASE_Dive_Shell_1_0___Emperor_Hacking_Team_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4187-L4200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4187-L4200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1b5102bdc41a7bc439eea8f0010310a5"
 		logic_hash = "bd51b625359799178ad3c8e02ba5bb5fca89e6e14769b86dd35c2b8a1049599f"
 		score = 75
@@ -277964,8 +278412,8 @@ rule SIGNATURE_BASE_Asmodeus_V0_1_Pl
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4201-L4214"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4201-L4214"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0978b672db0657103c79505df69cb4bb"
 		logic_hash = "be0130c9d2a5d29e6ef8749b0058c96c2ca1ecb9823fd14a8a2c82978cf3d104"
 		score = 75
@@ -277990,8 +278438,8 @@ rule SIGNATURE_BASE_Backup_Php_Often_With_C99Shell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4215-L4227"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4215-L4227"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "aeee3bae226ad57baf4be8745c3f6094"
 		logic_hash = "e27d00ebfbac2565568b9a97552a331db91b4e9aa318febb048937f5c3a1a1ba"
 		score = 75
@@ -278015,8 +278463,8 @@ rule SIGNATURE_BASE_Reader_Asp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4228-L4240"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4228-L4240"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ad1a362e0a24c4475335e3e891a01731"
 		logic_hash = "ec0dc3b050d84e852e0c18bd00961f109d3506fa7f2e8656448bd5edd28d9305"
 		score = 75
@@ -278040,8 +278488,8 @@ rule SIGNATURE_BASE_Phpshell17_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4241-L4253"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4241-L4253"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9a928d741d12ea08a624ee9ed5a8c39d"
 		logic_hash = "a9306747a5c9756f393c61562ed4a601c75c3a9491ad19a7b7dbae1fbd505e9a"
 		score = 75
@@ -278065,8 +278513,8 @@ rule SIGNATURE_BASE_Myshell_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4254-L4266"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4254-L4266"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "62783d1db52d05b1b6ae2403a7044490"
 		logic_hash = "dd7b0fa637a8317986de0c2312b4b552f1110fb5a64590a9a21c854e5985fbb6"
 		score = 75
@@ -278090,8 +278538,8 @@ rule SIGNATURE_BASE_Simshell_1_0___Simorgh_Security_MGZ_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4267-L4280"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4267-L4280"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "37cb1db26b1b0161a4bf678a6b4565bd"
 		logic_hash = "590a1572877fafcd4425a04c12cd56194f03a63b7acad93c39d4b16dc5a1902d"
 		score = 75
@@ -278116,8 +278564,8 @@ rule SIGNATURE_BASE_Jspshall_Jsp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4281-L4293"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4281-L4293"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "efe0f6edaa512c4e1fdca4eeda77b7ee"
 		logic_hash = "94c458d3f38ba21348b0202e2b81bbbc3859e97d64f101a9ea7ec6f036e38bc5"
 		score = 75
@@ -278141,8 +278589,8 @@ rule SIGNATURE_BASE_Webshell_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4294-L4305"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4294-L4305"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e425241b928e992bde43dd65180a4894"
 		logic_hash = "7b0f4f4afde7dcb44c9d877a72c961f3666278ce28a24ae8068cfbc32639e307"
 		score = 75
@@ -278165,8 +278613,8 @@ rule SIGNATURE_BASE_Rootshell_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4306-L4319"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4306-L4319"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "265f3319075536030e59ba2f9ef3eac6"
 		logic_hash = "f836dd1825dc84212d32a034c0dde45d60ccd1eb667018abb60d671b61192666"
 		score = 75
@@ -278191,8 +278639,8 @@ rule SIGNATURE_BASE_Connectback2_Pl
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4320-L4332"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4320-L4332"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "473b7d226ea6ebaacc24504bd740822e"
 		logic_hash = "7316c93f12dbbf6d0235601d8be88c199e37955507925222d00041d0ceaf01c7"
 		score = 75
@@ -278216,8 +278664,8 @@ rule SIGNATURE_BASE_Defacekeeper_0_2_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4333-L4345"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4333-L4345"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "713c54c3da3031bc614a8a55dccd7e7f"
 		logic_hash = "0ee3fed3441e9561867508e324d7a6b1808a8923513bf1c9b82f8238224c994c"
 		score = 75
@@ -278241,8 +278689,8 @@ rule SIGNATURE_BASE_Shells_PHP_Wso
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4346-L4357"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4346-L4357"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "33e2891c13b78328da9062fbfcf898b6"
 		logic_hash = "31ef69228b66b30300006f63b1e4d6e92c2512caca4bd915d418b48564b39c47"
 		score = 75
@@ -278265,8 +278713,8 @@ rule SIGNATURE_BASE_Backdoor1_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4358-L4370"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4358-L4370"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e1adda1f866367f52de001257b4d6c98"
 		logic_hash = "7c8840dc91c16b9fa19fee16e0159a7f13db23c96596e18da0cdab07931ce35b"
 		score = 75
@@ -278290,8 +278738,8 @@ rule SIGNATURE_BASE_Elmaliseker_Asp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4371-L4384"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4371-L4384"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b32d1730d23a660fd6aa8e60c3dc549f"
 		logic_hash = "969f0f12449375a9ebbb8a68fd4b3db395927416d5cceccdb7f2c64310430880"
 		score = 75
@@ -278316,8 +278764,8 @@ rule SIGNATURE_BASE_Indexer_Asp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4385-L4396"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4385-L4396"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9ea82afb8c7070817d4cdf686abe0300"
 		logic_hash = "0a51f15bfb4289dcb70e1e0b96d100be12901ebf26ed9c0e543eda5f4aa91f1c"
 		score = 75
@@ -278340,8 +278788,8 @@ rule SIGNATURE_BASE_Dxshell_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4397-L4408"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4397-L4408"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "33a2b31810178f4c2e71fbdeb4899244"
 		logic_hash = "821f9295eba6119ad08349e769d1909cd7836b4e35795915e94095cf715dc6e5"
 		score = 75
@@ -278364,8 +278812,8 @@ rule SIGNATURE_BASE_S72_Shell_V1_1_Coding_Html
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4409-L4421"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4409-L4421"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c2e8346a5515c81797af36e7e4a3828e"
 		logic_hash = "aef8840b72e5c435c11150007d6b3af2943126fefdc6df343d0f73755340e260"
 		score = 75
@@ -278389,8 +278837,8 @@ rule SIGNATURE_BASE_Kacak_Asp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4422-L4435"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4422-L4435"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "907d95d46785db21331a0324972dda8c"
 		logic_hash = "8542a3985dff2d1eb42f4d2c9f30405a4817a8e30075225c518ec52381f1f7df"
 		score = 75
@@ -278415,8 +278863,8 @@ rule SIGNATURE_BASE_PHP_Backdoor_Connect_Pl_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4436-L4448"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4436-L4448"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "57fcd9560dac244aeaf95fd606621900"
 		logic_hash = "b141546f45767884f9c8b1cc4c09ea25f90c0f3a3633bfeecad78b60e7f20306"
 		score = 75
@@ -278440,8 +278888,8 @@ rule SIGNATURE_BASE_Antichat_Socks5_Server_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4449-L4461"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4449-L4461"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cbe9eafbc4d86842a61a54d98e5b61f1"
 		logic_hash = "d6b203561f95f431b3d2c241011ae08c05619d45c5900a28137481c029e8297e"
 		score = 75
@@ -278465,8 +278913,8 @@ rule SIGNATURE_BASE_Antichat_Shell_V1_3_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4462-L4474"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4462-L4474"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "40d0abceba125868be7f3f990f031521"
 		logic_hash = "566c324f3bf44ce9f32ddad82a8d3daa87a8a75b5ca0c8286bc912a8ae4ac8e9"
 		score = 75
@@ -278490,8 +278938,8 @@ rule SIGNATURE_BASE_Safe_Mode_Bypass_PHP_4_4_2_And_PHP_5_1_2_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4475-L4487"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4475-L4487"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "49ad9117c96419c35987aaa7e2230f63"
 		logic_hash = "d6d2a3999f2e8ceb70f57697c0a845edbbcfce0aba151ec6a0ac23f55265cd47"
 		score = 75
@@ -278515,8 +278963,8 @@ rule SIGNATURE_BASE_Mysql_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4488-L4500"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4488-L4500"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "12bbdf6ef403720442a47a3cc730d034"
 		logic_hash = "60e235310f378698ffcc3ae6a07ab5dd94a660ca4b1504cc878d9741f751d5d1"
 		score = 75
@@ -278540,8 +278988,8 @@ rule SIGNATURE_BASE_Worse_Linux_Shell_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4501-L4512"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4501-L4512"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8338c8d9eab10bd38a7116eb534b5fa2"
 		logic_hash = "47801296b700e85f9e08857eb06f845ef8ed3f88b7d0de34d4b7c47cef6cc7fb"
 		score = 75
@@ -278564,8 +279012,8 @@ rule SIGNATURE_BASE_Cyberlords_Sql_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4513-L4526"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4513-L4526"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "03b06b4183cb9947ccda2c3d636406d4"
 		logic_hash = "b3286f9fd86c90c5afc79801b6d65c9ae52ee1c37da93ff15461d84f37ef8019"
 		score = 75
@@ -278590,8 +279038,8 @@ rule SIGNATURE_BASE_Cmd_Asp_5_1_Asp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4527-L4538"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4527-L4538"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8baa99666bf3734cbdfdd10088e0cd9f"
 		logic_hash = "a41c83da1a65e67b6f4ac6ad7cc8702486957ab0c7dda658d071e603338c324b"
 		score = 75
@@ -278614,8 +279062,8 @@ rule SIGNATURE_BASE_Pws_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4539-L4551"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4539-L4551"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ecdc6c20f62f99fa265ec9257b7bf2ce"
 		logic_hash = "98dae8aab5bfd58f4264e318f5a5b5900b38687386f9d7f09c31da0f51d57bc0"
 		score = 75
@@ -278639,8 +279087,8 @@ rule SIGNATURE_BASE_PHP_Shell_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4552-L4563"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4552-L4563"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a2f8fa4cce578fc9c06f8e674b9e63fd"
 		logic_hash = "2d5b6e08bfe9e1551dab12b01189dadc924c097427c996684bab96c48d528395"
 		score = 75
@@ -278663,8 +279111,8 @@ rule SIGNATURE_BASE_Ayyildiz_Tim___AYT__Shell_V_2_1_Biz_Html
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4564-L4577"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4564-L4577"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8a8c8bb153bd1ee097559041f2e5cf0a"
 		logic_hash = "9e2d56b49df65a2c13e15f97ec91cdbb6852d86e86f921d7c8a4db82cbea12f5"
 		score = 75
@@ -278689,8 +279137,8 @@ rule SIGNATURE_BASE_EFSO_2_Asp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4578-L4589"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4578-L4589"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b5fde9682fd63415ae211d53c6bfaa4d"
 		logic_hash = "15e5419854bcbb08f28fff1e266cca7a004f01ec0a5c313c107ec17c3aa7ffee"
 		score = 75
@@ -278713,8 +279161,8 @@ rule SIGNATURE_BASE_Lamashell_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4590-L4602"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4590-L4602"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "de9abc2e38420cad729648e93dfc6687"
 		logic_hash = "5e156c3057338fa7b306b91dd979851dd56b8b698cfe99e1d7b6d096a4c580e7"
 		score = 75
@@ -278738,8 +279186,8 @@ rule SIGNATURE_BASE_Ajax_PHP_Command_Shell_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4603-L4615"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4603-L4615"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "93d1a2e13a3368a2472043bd6331afe9"
 		logic_hash = "37cba26018f3d37194a143871012a61a7bcee6775d2cf5f93a52b779010d3260"
 		score = 75
@@ -278763,8 +279211,8 @@ rule SIGNATURE_BASE_Jspwebshell_1_2_Jsp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4616-L4629"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4616-L4629"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "70a0ee2624e5bbe5525ccadc467519f6"
 		logic_hash = "32b3ddb00f89a3540118fe8ce5fc070556b00030dcf2b21245d38ae66e6cbc14"
 		score = 75
@@ -278789,8 +279237,8 @@ rule SIGNATURE_BASE_Sincap_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4630-L4642"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4630-L4642"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b68b90ff6012a103e57d141ed38a7ee9"
 		logic_hash = "e708a7dcb26ff7d0208c1f092e14e701f2ae94c4ffca019f13064bbe04ef74d7"
 		score = 75
@@ -278814,8 +279262,8 @@ rule SIGNATURE_BASE_Test_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4643-L4655"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4643-L4655"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "77e331abd03b6915c6c6c7fe999fcb50"
 		logic_hash = "575a2eeadc8113d779057f98e978ed4f8914546117b57944bf65f1d6d84c9521"
 		score = 50
@@ -278839,8 +279287,8 @@ rule SIGNATURE_BASE_Phyton_Shell_Py
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4656-L4669"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4656-L4669"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "92b3c897090867c65cc169ab037a0f55"
 		logic_hash = "ac16a95cd1fb09c93b315e3cd7d57c1ebec322b641f515854fb73a61393dd365"
 		score = 75
@@ -278865,8 +279313,8 @@ rule SIGNATURE_BASE_Mysql_Tool_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4670-L4682"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4670-L4682"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5fbe4d8edeb2769eda5f4add9bab901e"
 		logic_hash = "9f49bd6c56c919f678ecada82ff3d801c82c98a8abdee85cda1ec7e5b6756012"
 		score = 75
@@ -278890,8 +279338,8 @@ rule SIGNATURE_BASE_Zehir_4_Asp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4683-L4694"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4683-L4694"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7f4e12e159360743ec016273c3b9108c"
 		logic_hash = "69063d866daf1709df81fa22d76177bf8d552e19725a94db4a1b2fca79387faf"
 		score = 75
@@ -278914,8 +279362,8 @@ rule SIGNATURE_BASE_Sh_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4695-L4706"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4695-L4706"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "330af9337ae51d0bac175ba7076d6299"
 		logic_hash = "b0c3307d451e5d7dadece114e2888503a46038e2edb2ff32bf566ce47b300e76"
 		score = 75
@@ -278938,8 +279386,8 @@ rule SIGNATURE_BASE_Phpbackdoor15_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4707-L4719"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4707-L4719"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0fdb401a49fc2e481e3dfd697078334b"
 		logic_hash = "cdd105f36593e8326ca32bf7cf1fba6fb754e7305c91fe6c078323db8f59b23c"
 		score = 75
@@ -278963,8 +279411,8 @@ rule SIGNATURE_BASE_Phpjackal_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4720-L4731"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4720-L4731"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ab230817bcc99acb9bdc0ec6d264d76f"
 		logic_hash = "6e2ff262aecd08e5feaa274a7fd128d75565d6cc03341da7cbeb2949070705e5"
 		score = 75
@@ -278987,8 +279435,8 @@ rule SIGNATURE_BASE_Sql_Php_Php : FILE
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4732-L4745"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4732-L4745"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8334249cbb969f2d33d678fec2b680c5"
 		logic_hash = "016ea01e9b53add0799f5c105fb3d54e6ee07d01c950772a618b2a780f14254f"
 		score = 75
@@ -279012,8 +279460,8 @@ rule SIGNATURE_BASE_Cgi_Python_Py
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4746-L4758"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4746-L4758"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0a15f473e2232b89dae1075e1afdac97"
 		logic_hash = "37c6c7db32a52c8a83ff85f0a50c6fa71e833b9e6d20b1f95e9512fe8bbd0aee"
 		score = 75
@@ -279037,8 +279485,8 @@ rule SIGNATURE_BASE_Ru24_Post_Sh_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4759-L4771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4759-L4771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5b334d494564393f419af745dc1eeec7"
 		logic_hash = "e81e5345bbe07ca85c94a3d8411f0dd3c418689ccae7115c098f718f9093b3bf"
 		score = 75
@@ -279062,8 +279510,8 @@ rule SIGNATURE_BASE_Dtool_Pro_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4772-L4784"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4772-L4784"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "366ad973a3f327dfbfb915b0faaea5a6"
 		logic_hash = "e8f8b4ca2ab4607e700e897671fd230280763a70897b8ccfc31b3bcb7f2a1f4a"
 		score = 75
@@ -279087,8 +279535,8 @@ rule SIGNATURE_BASE_Telnetd_Pl
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4785-L4799"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4785-L4799"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5f61136afd17eb025109304bd8d6d414"
 		logic_hash = "faf21758b311fa4c2d11cd60169e6c9a67282cf739b73664456691361a480419"
 		score = 75
@@ -279114,8 +279562,8 @@ rule SIGNATURE_BASE_Php_Include_W_Shell_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4800-L4811"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4800-L4811"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4e913f159e33867be729631a7ca46850"
 		logic_hash = "a63910d97b7ef447b2cadb7de12943d3dbb6eada27d3097b8acf58d9b65b6f60"
 		score = 75
@@ -279138,8 +279586,8 @@ rule SIGNATURE_BASE_Safe0Ver_Shell__Safe_Mod_Bypass_By_Evilc0Der_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4812-L4824"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4812-L4824"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6163b30600f1e80d2bb5afaa753490b6"
 		logic_hash = "46f6bb38f1175e02b03047c06a7aed968b1c1ce2e28cc4b88e15703040e91592"
 		score = 75
@@ -279163,8 +279611,8 @@ rule SIGNATURE_BASE_Shell_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4825-L4837"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4825-L4837"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1a95f0163b6dea771da1694de13a3d8d"
 		logic_hash = "dbd08e71dc512f8dcf009150fb4448cd3608291ef9078c7e6b86e6f8d820bd94"
 		score = 75
@@ -279188,8 +279636,8 @@ rule SIGNATURE_BASE_Telnet_Cgi
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4838-L4850"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4838-L4850"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "dee697481383052980c20c48de1598d1"
 		logic_hash = "689c1d43c64aa7469989686c60fc9ab46acde42fdf3c1157bae1e2b8373c845f"
 		score = 75
@@ -279213,8 +279661,8 @@ rule SIGNATURE_BASE_Ironshell_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4851-L4865"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4851-L4865"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8bfa2eeb8a3ff6afc619258e39fded56"
 		logic_hash = "23574299ee2bb33c3f71102adf71ac8f09b6f8ece5f798beacb9b2432d297ee7"
 		score = 75
@@ -279240,8 +279688,8 @@ rule SIGNATURE_BASE_Backdoorfr_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4866-L4877"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4866-L4877"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "91e4afc7444ed258640e85bcaf0fecfc"
 		logic_hash = "40a6fb41a65fd35acb7cdc36fdda90f5dc54b641adc3ba9eaae29c5e46622206"
 		score = 75
@@ -279264,8 +279712,8 @@ rule SIGNATURE_BASE_Aspydrv_Asp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4878-L4891"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4878-L4891"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1c01f8a88baee39aa1cebec644bbcb99"
 		logic_hash = "64912d7521d4bff33b5f3a78525bf4ed94246f5933753bed7ca02bedffc85f0f"
 		score = 60
@@ -279289,8 +279737,8 @@ rule SIGNATURE_BASE_Cmdjsp_Jsp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4892-L4905"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4892-L4905"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b815611cc39f17f05a73444d699341d4"
 		logic_hash = "8b0e425c7d71ea2c536192ff186665e7f0fbdbc0e0d195d7107ac57cf9bd1773"
 		score = 75
@@ -279315,8 +279763,8 @@ rule SIGNATURE_BASE_H4Ntu_Shell__Powered_By_Tsoi_
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4906-L4917"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4906-L4917"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "06ed0b2398f8096f1bebf092d0526137"
 		logic_hash = "32c620a4ed3f7a8640928e2211516978c12cfbdedb7d96e923303740407b5a1c"
 		score = 75
@@ -279339,8 +279787,8 @@ rule SIGNATURE_BASE_Ajan_Asp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4918-L4930"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4918-L4930"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b6f468252407efc2318639da22b08af0"
 		logic_hash = "13988af864a62ca04501288d4f2d830815ab453b14cef6795fe993db1dd1a9ef"
 		score = 75
@@ -279364,8 +279812,8 @@ rule SIGNATURE_BASE_PHANTASMA_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4931-L4944"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4931-L4944"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "52779a27fa377ae404761a7ce76a5da7"
 		logic_hash = "d4a2a1bcc1ff3264b35f2b05d7de664b56807977f2a793fd87206f046a185d3b"
 		score = 75
@@ -279390,8 +279838,8 @@ rule SIGNATURE_BASE_Mysql_Web_Interface_Version_0_8_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4945-L4958"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4945-L4958"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "36d4f34d0a22080f47bb1cb94107c60f"
 		logic_hash = "f0a20870a3240948e3ef1ad61685b00c5fc90d6098b87af9ac43ab44ccd13c9e"
 		score = 75
@@ -279416,8 +279864,8 @@ rule SIGNATURE_BASE_Simple_Cmd_Html
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4959-L4972"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4959-L4972"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c6381412df74dbf3bcd5a2b31522b544"
 		logic_hash = "56b5b9e5518fa8a4be8c48735e997a538b0e534ad8fd72c1419dc0e8353bbc00"
 		score = 75
@@ -279442,8 +279890,8 @@ rule SIGNATURE_BASE__1_C2007_Php_Php_C100_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4973-L4987"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4973-L4987"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6f6cb7c210bcd0f84c2ccff52850b1d673622ae49b83d614d63b5bbba7392327"
 		score = 75
 		quality = 85
@@ -279469,8 +279917,8 @@ rule SIGNATURE_BASE__Nst_Php_Php_Img_Php_Php_Nstview_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L4988-L5003"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L4988-L5003"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b1e13f75edbbc8f9263e0e516a54330ce57190ba0b45813dad4bafeaeefa389b"
 		score = 75
 		quality = 85
@@ -279497,8 +279945,8 @@ rule SIGNATURE_BASE__Network_Php_Php_Xinfo_Php_Php_Nfm_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5004-L5018"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5004-L5018"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "913ff19b6448d3b074440c2a5f85d85813fdf010d33dc57c89ba1e5db6455e11"
 		score = 75
 		quality = 85
@@ -279524,8 +279972,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_Specials
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5019-L5034"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5019-L5034"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a4bae5456baf0d8d894165c84d66118f2b16cfc040e299c2032eccb6a9eb4822"
 		score = 75
 		quality = 85
@@ -279552,8 +280000,8 @@ rule SIGNATURE_BASE__R577_Php_Php_Sniper_SA_Shell_Php_R57_Php_Php_R57_Shell_Php_
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5035-L5052"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5035-L5052"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0df3e00f752f85aa1f150c01e3ef41b9a5cd3d3ce2060965992320cb3c4d87ae"
 		score = 75
 		quality = 85
@@ -279582,8 +280030,8 @@ rule SIGNATURE_BASE__C99Shell_V1_0_Php_Php_C99Php_Sses_Php_Php_Ctt_Sh_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5053-L5069"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5053-L5069"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "137f98b636ec012d7d5e687f7d24ae88e8d3261360e60a4bbc03da248cce381e"
 		score = 75
 		quality = 85
@@ -279611,8 +280059,8 @@ rule SIGNATURE_BASE__R577_Php_Php_Spy_Php_Php_S_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5070-L5084"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5070-L5084"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "09892789e8dad16f9fc7c4e22525e5d0af3af401a4b2655b70f7a6856888875c"
 		score = 75
 		quality = 85
@@ -279638,8 +280086,8 @@ rule SIGNATURE_BASE_Webshell_C99_Generic
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5085-L5105"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5085-L5105"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "422bc3a0d9b04b1e37ad954faacb1ec7841fe529c1eb19634bdbfe83da374c73"
 		score = 75
 		quality = 85
@@ -279671,8 +280119,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_C99Shell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5106-L5123"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5106-L5123"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b133cf947476a1c94ed90b5cd3757ca8aa429be4284d75664625896d9cfa687f"
 		score = 75
 		quality = 85
@@ -279701,8 +280149,8 @@ rule SIGNATURE_BASE__W_Php_Php_Wacking_Php_Php_Specialshell_99_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5124-L5138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5124-L5138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7bdaebfb093b58a2fd33b4bbeea8465d0f724383b4855eb521a3e339ee153781"
 		score = 75
 		quality = 85
@@ -279728,8 +280176,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_Sses_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5139-L5155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5139-L5155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6dbd40e19d4d5753dbd1f7e627bccc08a60430de8138a923f13e836d19dde65c"
 		score = 75
 		quality = 85
@@ -279757,8 +280205,8 @@ rule SIGNATURE_BASE__R577_Php_Php_Sniper_SA_Shell_Php_R57_Php_Php_Spy_Php_Php_S_
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5156-L5172"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5156-L5172"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "834c33059e08e8075a8d3f69187b74f3b53afabfc37ae1f13a2f579f0948a363"
 		score = 75
 		quality = 85
@@ -279786,8 +280234,8 @@ rule SIGNATURE_BASE__R577_Php_Php_Sniper_SA_Shell_Php_R57_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5173-L5188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5173-L5188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f97846fdaac949185b4ce6a25cc276f4ae4243d891acb18c3a3ce0c18b540976"
 		score = 75
 		quality = 85
@@ -279814,8 +280262,8 @@ rule SIGNATURE_BASE__R577_Php_Php_R57_Shell_Php_Php_Spy_Php_Php_S_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5189-L5205"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5189-L5205"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "764a374c1e4acec8978db1e7e7e326c4fa95c6f92e1ca5a6d7f892bb05ecd289"
 		score = 75
 		quality = 85
@@ -279843,8 +280291,8 @@ rule SIGNATURE_BASE__Wacking_Php_Php_1_Specialshell_99_Php_Php_C100_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5206-L5222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5206-L5222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0d32fc00ba2602a1140dc9030894bb9524c55b95c445a08f2bf6f8fc60108e64"
 		score = 75
 		quality = 85
@@ -279872,8 +280320,8 @@ rule SIGNATURE_BASE__R577_Php_Php_R57_Php_Php_R57_Shell_Php_Php_Spy_Php_Php_S_Ph
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5223-L5240"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5223-L5240"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "afbd2103b0c953d6aec070ba450f43e567560bc9743423a5731cd4d6e5e36bb6"
 		score = 75
 		quality = 85
@@ -279902,8 +280350,8 @@ rule SIGNATURE_BASE__W_Php_Php_Wacking_Php_Php_Sses_Php_Php_Specialshell_99_Php_
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5241-L5257"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5241-L5257"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9bbcb687c83c01ad52e8978a60e604a74f10c33a63af3b91d0286b30dea42890"
 		score = 75
 		quality = 85
@@ -279931,8 +280379,8 @@ rule SIGNATURE_BASE_Multiple_Php_Webshells
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5259-L5280"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5259-L5280"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d55c96febd64107273001edadbda6d0a1b4b00e35fb41b46561b49fca6a9bd1b"
 		score = 75
 		quality = 85
@@ -279965,8 +280413,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5281-L5296"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5281-L5296"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c089f8175532ddc0e2d256b4972f7db32683bd213a456622ed27ab4844d1e435"
 		score = 75
 		quality = 85
@@ -279993,8 +280441,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_C99Shell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5297-L5314"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5297-L5314"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e82882e89a1aeb256768f2af7a6d3674c89f9abc358710b33b8d3d425defcef1"
 		score = 75
 		quality = 85
@@ -280023,8 +280471,8 @@ rule SIGNATURE_BASE__GFS_Web_Shell_Ver_3_1_7___Priv8_Php_Nshell_Php_Php_Gfs_Sh_P
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5315-L5330"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5315-L5330"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9df5b6df25574b303044a0799c5eb5f38f9ebfbc6f6114275fe1e34adbde1f7c"
 		score = 75
 		quality = 85
@@ -280051,8 +280499,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_C99Shell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5331-L5349"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5331-L5349"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0f44dc1ff243b234a718e8dbd5cc8c4dc8eb9d3b63300a5c6ff72b86280607bf"
 		score = 75
 		quality = 85
@@ -280082,8 +280530,8 @@ rule SIGNATURE_BASE__W_Php_Php_Wacking_Php_Php_C99Shell_V1_0_Php_Php_C99Php_Spec
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5350-L5366"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5350-L5366"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e9cd7425b806f71d8889f5df7f3fc2f4a692279fc4e495104646cfe28c5b5fe5"
 		score = 75
 		quality = 85
@@ -280111,8 +280559,8 @@ rule SIGNATURE_BASE__Antichat_Php_Php_Fatalshell_Php_Php_A_Gedit_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5367-L5383"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5367-L5383"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "789340845aeed4accaef02afa1a1fe420e73b6f5af1b621f4ec2342994045278"
 		score = 75
 		quality = 85
@@ -280140,8 +280588,8 @@ rule SIGNATURE_BASE__C99Shell_V1_0_Php_Php_C99Php_Sses_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5384-L5397"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5384-L5397"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b2bdf4187ff3d63e4af5c70e8cc93cd8fac3257b33c38764ad2bb2e206066162"
 		score = 75
 		quality = 85
@@ -280166,8 +280614,8 @@ rule SIGNATURE_BASE__Crystal_Php_Nshell_Php_Php_Load_Shell_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5398-L5413"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5398-L5413"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "71a9310b19b66e3699f75f551cc604f535ea843eb9c50f4a009edcd9c11e01b9"
 		score = 75
 		quality = 85
@@ -280194,8 +280642,8 @@ rule SIGNATURE_BASE__Nst_Php_Php_Cybershell_Php_Php_Img_Php_Php_Nstview_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5414-L5430"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5414-L5430"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "afc0b1c83644aa323d308471e5978b6b03f444f5f46fbaddac28ff42d524df1e"
 		score = 75
 		quality = 85
@@ -280223,8 +280671,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_Dc3_Secu
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5431-L5447"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5431-L5447"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7a4c74912caa1855efc3a2ea7fa6d0082f62776d77a211e59f12892d4883f240"
 		score = 75
 		quality = 85
@@ -280252,8 +280700,8 @@ rule SIGNATURE_BASE__C99Shell_V1_0_Php_Php_C99Php_1_C2007_Php_Php_C100_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5448-L5463"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5448-L5463"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a5dc73a12d8c8b89bab77b90cb3b561e9daf9db5f5ad550326a2fbce52c1c8da"
 		score = 75
 		quality = 85
@@ -280280,8 +280728,8 @@ rule SIGNATURE_BASE_Multiple_Php_Webshells_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5464-L5484"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5464-L5484"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "26fe586ba7f4d1931b2df81aa27543ff422e699fd56b6b1be289a0f8d6954691"
 		score = 75
 		quality = 85
@@ -280313,8 +280761,8 @@ rule SIGNATURE_BASE__W_Php_Php_C99Madshell_V2_1_Php_Php_Wacking_Php_Php_1_Specia
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5485-L5503"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5485-L5503"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "160adf93d4f9e51022c427b2b0601207dd9ca917e98d99e2013fe83e09a85d21"
 		score = 75
 		quality = 85
@@ -280344,8 +280792,8 @@ rule SIGNATURE_BASE__R577_Php_Php_R57_Php_Php_Spy_Php_Php_S_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5504-L5520"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5504-L5520"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7ba3d6927dc06bfcd98ee9d7146164ca9a9024ef26eac60fabc8ed1375db618d"
 		score = 75
 		quality = 85
@@ -280373,8 +280821,8 @@ rule SIGNATURE_BASE__Nixrem_Php_Php_C99Shell_V1_0_Php_Php_C99Php_NIX_REMOTE_WEB_
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5521-L5538"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5521-L5538"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f7575db2c8f147d03d5b93b431d1a73c4182b5db6e801e672914778b2042a712"
 		score = 75
 		quality = 85
@@ -280403,8 +280851,8 @@ rule SIGNATURE_BASE_Darksecurityteam_Webshell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5542-L5554"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5542-L5554"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f1c95b13a71ca3629a0bb79601fcacf57cdfcf768806a71b26f2448f8c1d5d24"
 		logic_hash = "0c58ed8845cb04d785322b280647d424e1028a3be7e92b2493fd907fae36b16d"
 		score = 50
@@ -280427,8 +280875,8 @@ rule SIGNATURE_BASE_PHP_Cloaked_Webshell_Superfetchexec
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "http://goo.gl/xFvioC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5556-L5568"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5556-L5568"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "320b85b1ad39a90578f53c69838b6264af1e6a71c509aefc0986c7f0c77fdae9"
 		score = 50
 		quality = 85
@@ -280450,8 +280898,8 @@ rule SIGNATURE_BASE_Webshell_Remexp_Asp_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5572-L5587"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5572-L5587"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d9919dcf94a70d5180650de8b81669fa1c10c5a2"
 		logic_hash = "b3cfa44898629ffa20630436ae10a94ad72f0e793d61e1157a4de649aa048fe2"
 		score = 75
@@ -280478,8 +280926,8 @@ rule SIGNATURE_BASE_Webshell_Dc3_Security_Crew_Shell_Priv
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5588-L5604"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5588-L5604"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1b2a4a7174ca170b4e3a8cdf4814c92695134c8a"
 		logic_hash = "f93a5d87d4a490844de578067dc0b7bac6b01ceb9130cd7c70a227566e18f16c"
 		score = 75
@@ -280507,8 +280955,8 @@ rule SIGNATURE_BASE_Webshell_Simattacker
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5605-L5623"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5605-L5623"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "258297b62aeaf4650ce04642ad5f19be25ec29c9"
 		logic_hash = "323b68f1d31df647775ad16a85b9f90bce4eac89188160a1e4853f8fec680160"
 		score = 75
@@ -280538,8 +280986,8 @@ rule SIGNATURE_BASE_Webshell_Dtool_Pro
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5624-L5642"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5624-L5642"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e2ee1c7ba7b05994f65710b7bbf935954f2c3353"
 		logic_hash = "da744efb521415fb8817c0982d8d538e1e38b1c0995f43716611df37bf371c38"
 		score = 75
@@ -280570,8 +281018,8 @@ rule SIGNATURE_BASE_Webshell_Ironshell_4
 		modified = "2025-07-07"
 		old_rule_name = "WebShell_ironshell"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5643-L5662"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5643-L5662"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d47b8ba98ea8061404defc6b3a30839c4444a262"
 		logic_hash = "1810071f261ad7390532b07ef24115726f236131aa8ffd29adbde9ebe5085e9d"
 		score = 75
@@ -280601,8 +281049,8 @@ rule SIGNATURE_BASE_Webshell_Indexer_Asp_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5663-L5679"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5663-L5679"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e9a7aa5eb1fb228117dc85298c7d3ecd8e288a2d"
 		logic_hash = "c576925c95b5bd2549e8039a1fc6ac228bfab5ddee8c4e12264ea78e9828ba5c"
 		score = 75
@@ -280630,8 +281078,8 @@ rule SIGNATURE_BASE_Webshell_Toolaspshell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5680-L5693"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5680-L5693"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "11d236b0d1c2da30828ffd2f393dd4c6a1022e3f"
 		logic_hash = "cb46d3170a9c144a22ef8c91b381495a471d2aa178a4a123eb9a1e32e1db7683"
 		score = 75
@@ -280656,8 +281104,8 @@ rule SIGNATURE_BASE_Webshell_B374K_Mini_Shell_Php_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5694-L5707"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5694-L5707"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "afb88635fbdd9ebe86b650cc220d3012a8c35143"
 		logic_hash = "553bd775d9662f9410d9ab946ccffe4b2ee92e367bcc6345fa595527653280cf"
 		score = 75
@@ -280682,8 +281130,8 @@ rule SIGNATURE_BASE_Webshell_Sincap_1_0
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5708-L5723"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5708-L5723"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9b72635ff1410fa40c4e15513ae3a496d54f971c"
 		logic_hash = "0cb8851285bd55b0b613ec4c46ab88142e2cbba7e527ad510b008cfb342af221"
 		score = 75
@@ -280710,8 +281158,8 @@ rule SIGNATURE_BASE_Webshell_B374K_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5724-L5739"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5724-L5739"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "04c99efd187cf29dc4e5603c51be44170987bce2"
 		logic_hash = "f44ecdcf327cf417a90a91c8d23f6137b80c2006bea2ca2e214f2bfdf5793771"
 		score = 75
@@ -280738,8 +281186,8 @@ rule SIGNATURE_BASE_Webshell_Simattacker___Vrsion_1_0_0___Priv8_4_My_Friend
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5740-L5757"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5740-L5757"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6454cc5ab73143d72cf0025a81bd1fe710351b44"
 		logic_hash = "63ebb0c673a5aee05d2d9d571ebf63942d826b5148a5f7ed587ba1efbb0dc923"
 		score = 75
@@ -280769,8 +281217,8 @@ rule SIGNATURE_BASE_WEBSHELL_H4Ntu_Shell_Powered_Tsoi_2 : FILE
 		modified = "2025-03-21"
 		old_rule_name = "WebShell_h4ntu_shell__powered_by_tsoi_"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5759-L5774"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5759-L5774"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cbca8cd000e705357e2a7e0cf8262678706f18f9"
 		logic_hash = "c731f2f430e61277ec6c8e292aa50a31eea46fe67eb455811b3fbe9e8967a8c1"
 		score = 75
@@ -280795,8 +281243,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Myshell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5776-L5794"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5776-L5794"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "42e283c594c4d061f80a18f5ade0717d3fb2f76d"
 		logic_hash = "2c39ffecb44ce2f936ba3563c6086d8b2ed75aec3b57b45e2a1f5e7321ac9a3f"
 		score = 75
@@ -280826,8 +281274,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Pws
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5795-L5811"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5795-L5811"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7a405f1c179a84ff8ac09a42177a2bcd8a1a481b"
 		logic_hash = "4b2eeb80200cc5dffa80cddc74f1902c0e8a5d2313d9a20d02eeb99ccb668ec0"
 		score = 75
@@ -280855,8 +281303,8 @@ rule SIGNATURE_BASE_Webshell_Reader_Asp_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5812-L5826"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5812-L5826"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "70656f3495e2b3ad391a77d5208eec0fb9e2d931"
 		logic_hash = "6ffda38584b6cdec818af8e09c62bb4a46f40230ffd5c1a68993a91c37f67680"
 		score = 75
@@ -280883,8 +281331,8 @@ rule SIGNATURE_BASE_Webshell_Safe_Mode_Bypass_PHP_4_4_2_And_PHP_5_1_2_3
 		modified = "2025-07-07"
 		old_rule_name = "WebShell_Safe_Mode_Bypass_PHP_4_4_2_and_PHP_5_1_2"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5827-L5844"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5827-L5844"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "db076b7c80d2a5279cab2578aa19cb18aea92832"
 		logic_hash = "6840af0d9f99277277edce93deb54e9a319c8938169701c89fdeb65207590951"
 		score = 75
@@ -280913,8 +281361,8 @@ rule SIGNATURE_BASE_Webshell_Liz0Zim_Private_Safe_Mode_Command_Execuriton_Bypass
 		modified = "2025-07-07"
 		old_rule_name = "WebShell_Liz0ziM_Private_Safe_Mode_Command_Execuriton_Bypass_Exploit"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5845-L5861"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5845-L5861"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b2b797707e09c12ff5e632af84b394ad41a46fa4"
 		logic_hash = "92bfac3516a448bbb3e78cf8950c6e816bf35d0ae2f3d32bc9b9b2836309999b"
 		score = 75
@@ -280942,8 +281390,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Backdoor_2
 		modified = "2025-07-07"
 		old_rule_name = "WebShell_php_backdoor"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5862-L5878"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5862-L5878"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b190c03af4f3fb52adc20eb0f5d4d151020c74fe"
 		logic_hash = "4228bcbfff5d7756615347196270f7916843e2aceacc7298610070b8b923381b"
 		score = 75
@@ -280971,8 +281419,8 @@ rule SIGNATURE_BASE_Webshell_Worse_Linux_Shell_2
 		modified = "2025-07-07"
 		old_rule_name = "WebShell_Worse_Linux_Shell"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5879-L5896"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5879-L5896"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "64623ab1246bc8f7d256b25f244eb2b41f543e96"
 		logic_hash = "6480c524213583511253ea1d37820994bba8a86f58a3775d4a9e4325725289d8"
 		score = 75
@@ -281000,8 +281448,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Phpinj
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5897-L5914"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5897-L5914"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "75116bee1ab122861b155cc1ce45a112c28b9596"
 		logic_hash = "271efaa8f370376f971d3d59256658b341599ac554cc216e09401e44b16bdede"
 		score = 75
@@ -281030,8 +281478,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_NGH
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5915-L5932"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5915-L5932"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c05b5deecfc6de972aa4652cb66da89cfb3e1645"
 		logic_hash = "572b026545b012951136bdb9b1101e38f27bc3321b895799bc853ea1190877f9"
 		score = 75
@@ -281060,8 +281508,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Matamu
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5933-L5949"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5933-L5949"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d477aae6bd2f288b578dbf05c1c46b3aaa474733"
 		logic_hash = "c0101dab5fe7c3a2652b2e23e1ef0274364137895a402a0367c6b5474c0e8a1f"
 		score = 75
@@ -281089,8 +281537,8 @@ rule SIGNATURE_BASE_Webshell_Ru24_Post_Sh
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5950-L5965"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5950-L5965"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d2c18766a1cd4dda928c12ff7b519578ccec0769"
 		logic_hash = "6cf15a67c311979d32edfb443701cef34ee32d7a672314fc7b60b262b6b2c402"
 		score = 75
@@ -281117,8 +281565,8 @@ rule SIGNATURE_BASE_Webshell_Hiddens_Shell_V1
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5966-L5977"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5966-L5977"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1674bd40eb98b48427c547bf9143aa7fbe2f4a59"
 		logic_hash = "b76400c320e6294b0c831fbbb8e08a9d2097fbb027065f9c4b496d4b005ba016"
 		score = 75
@@ -281141,8 +281589,8 @@ rule SIGNATURE_BASE_Webshell_C99_Madnet
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5978-L5993"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5978-L5993"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "17613df393d0a99fd5bea18b2d4707f566cff219"
 		logic_hash = "cd4048f28405f106302643656ae5f8a257aaec0184a8057a9dffbda9bb857027"
 		score = 75
@@ -281169,8 +281617,8 @@ rule SIGNATURE_BASE_Webshell_C99_Locus7S
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L5994-L6009"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L5994-L6009"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d413d4700daed07561c9f95e1468fb80238fbf3c"
 		logic_hash = "5ecfc5f6da471bd3037228c0bc762d50762933af3cf6674210c7b2017a45a646"
 		score = 75
@@ -281197,8 +281645,8 @@ rule SIGNATURE_BASE_Webshell_Jspwebshell_1_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6010-L6026"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6010-L6026"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0bed4a1966117dd872ac9e8dceceb54024a030fa"
 		logic_hash = "13e696c1c671d7fda832c84f150e3f41ed55bf888c4bebfeb06ea68d6be65527"
 		score = 75
@@ -281226,8 +281674,8 @@ rule SIGNATURE_BASE_Webshell_Safe0Ver
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6027-L6044"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6027-L6044"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "366639526d92bd38ff7218b8539ac0f154190eb8"
 		logic_hash = "ae5de63b79804cf8c99bc5ea0c8862cf05e4085451d2b516cf95565bf32f3876"
 		score = 75
@@ -281256,8 +281704,8 @@ rule SIGNATURE_BASE_Webshell_Uploader
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6045-L6056"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6045-L6056"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e216c5863a23fde8a449c31660fd413d77cce0b7"
 		logic_hash = "c4b915f60a952131caa2c4f5bb2eea85ef25f27cabb8ad36a6bb928433558954"
 		score = 75
@@ -281280,8 +281728,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Kral
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6057-L6073"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6057-L6073"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4cd1d1a2fd448cecc605970e3a89f3c2e5c80dfc"
 		logic_hash = "0aded226f4e54c0169b9fbda91458f581ea47f9f8bda61a350b5e6f8b60931f3"
 		score = 75
@@ -281309,8 +281757,8 @@ rule SIGNATURE_BASE_Webshell_Cgitelnet
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6074-L6088"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6074-L6088"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "72e5f0e4cd438e47b6454de297267770a36cbeb3"
 		logic_hash = "e9b7096d5a19c9d5423bbfe125ae0347853919ab092efa98f0687a5d0cf68953"
 		score = 75
@@ -281337,8 +281785,8 @@ rule SIGNATURE_BASE_Webshell_Simple_Backdoor_2
 		modified = "2025-07-07"
 		old_rule_name = "WebShell_simple_backdoor"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6089-L6109"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6089-L6109"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "edcd5157a68fa00723a506ca86d6cbb8884ef512"
 		logic_hash = "655e445e51ec0f1bdce006a72acf3bce95941a349c279c14768760fa9f6f9d76"
 		score = 75
@@ -281369,8 +281817,8 @@ rule SIGNATURE_BASE_Webshell_Safe_Mode_Bypass_PHP_4_4_2_And_PHP_5_1_2_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6110-L6124"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6110-L6124"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8fdd4e0e87c044177e9e1c97084eb5b18e2f1c25"
 		logic_hash = "fbe1f77e00fbc4e58cbad564e2d96c0381765ac799dfdf6cc2580428c68f97a5"
 		score = 75
@@ -281396,8 +281844,8 @@ rule SIGNATURE_BASE_Webshell_Ntdaddy_V1_9
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6125-L6139"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6125-L6139"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "79519aa407fff72b7510c6a63c877f2e07d7554b"
 		logic_hash = "fdf8b4bb4980e588ad5ccee2d047660980d39f38617f887c5762dcdb0b858267"
 		score = 75
@@ -281423,8 +281871,8 @@ rule SIGNATURE_BASE_Webshell_Lamashell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6140-L6156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6140-L6156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b71181e0d899b2b07bc55aebb27da6706ea1b560"
 		logic_hash = "e58dbd6b9c65a139828890a3fadfad9031580fe189066489d266d37d7078ad98"
 		score = 75
@@ -281452,8 +281900,8 @@ rule SIGNATURE_BASE_Webshell_Simple_PHP_Backdoor_By_DK
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6157-L6172"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6157-L6172"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "03f6215548ed370bec0332199be7c4f68105274e"
 		logic_hash = "1f65f759ec4045c521085aad84d0aea4dcfcf26eac4357751cf1dde6886d1718"
 		score = 75
@@ -281480,8 +281928,8 @@ rule SIGNATURE_BASE_Webshell_Moroccan_Spamers_Ma_Edition_By_Ghost
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6173-L6186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6173-L6186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "31e5473920a2cc445d246bc5820037d8fe383201"
 		logic_hash = "0e3d2d97665b8849d121d63a22baf7393047a814dde3753e395418c1868b59be"
 		score = 75
@@ -281506,8 +281954,8 @@ rule SIGNATURE_BASE_Webshell_C99Madshell_V__2_0_Madnet_Edition
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6187-L6202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6187-L6202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f99f8228eb12746847f54bad45084f19d1a7e111"
 		logic_hash = "7cf825a604783ebc74b1dca53aaff5c886957c562e11276f2acce5ff1f6ab991"
 		score = 75
@@ -281534,8 +281982,8 @@ rule SIGNATURE_BASE_Webshell_Cmdasp_Asp_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6203-L6222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6203-L6222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cb18e1ac11e37e236e244b96c2af2d313feda696"
 		logic_hash = "0fd9c7e83ad9ddf5cf88f1d1573324d9f24ae03a1951446fe11c116fd0cf4932"
 		score = 75
@@ -281566,8 +282014,8 @@ rule SIGNATURE_BASE_Webshell_NCC_Shell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6223-L6239"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6223-L6239"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "64d4495875a809b2730bd93bec2e33902ea80a53"
 		logic_hash = "c58edc548b7804be25f6956e9407cc9f8c74dfd8651f601a87ba639284e612d9"
 		score = 75
@@ -281595,8 +282043,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_README
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6240-L6252"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6240-L6252"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ef2c567b4782c994db48de0168deb29c812f7204"
 		logic_hash = "aa8a9be74bbac08518d5ba442aa6fa37d3f1b255df48b49ccb9842f5728a49d5"
 		score = 75
@@ -281620,8 +282068,8 @@ rule SIGNATURE_BASE_Webshell_Backupsql
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6253-L6268"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6253-L6268"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "863e017545ec8e16a0df5f420f2d708631020dd4"
 		logic_hash = "0126bfad6eb3861e8322ac3e11b4fd95bc8b88597d916e66c6646d7d5529c1d5"
 		score = 75
@@ -281648,8 +282096,8 @@ rule SIGNATURE_BASE_Webshell_AK_74_Security_Team_Web_Shell_Beta_Version
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6269-L6282"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6269-L6282"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c90b0ba575f432ecc08f8f292f3013b5532fe2c4"
 		logic_hash = "4fbf8f5cab8593fd88e5a430b849e61d7d663c13700f459aa516c5b337d5438b"
 		score = 75
@@ -281674,8 +282122,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Cpanel
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6283-L6299"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6283-L6299"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "433dab17106b175c7cf73f4f094e835d453c0874"
 		logic_hash = "e4dc90c52648f1e5b7dc2d77dcb94feb774ec9e3c156c923c54a9e8f537bbf07"
 		score = 75
@@ -281703,8 +282151,8 @@ rule SIGNATURE_BASE_Webshell_Accept_Language
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6300-L6311"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6300-L6311"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "180b13576f8a5407ab3325671b63750adbcb62c9"
 		logic_hash = "6d45071722268f5b39b1486a7dce883ecefb2b3c9993357b7b58bd603ff1c40d"
 		score = 75
@@ -281727,8 +282175,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_529
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6312-L6329"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6312-L6329"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ba3fb2995528307487dff7d5b624d9f4c94c75d3"
 		logic_hash = "f46b84d51077f157c83cd01534dfe7f9cd0d9ef04ad9935ced22d2abc873c171"
 		score = 75
@@ -281757,8 +282205,8 @@ rule SIGNATURE_BASE_Webshell_STNC_Webshell_V0_8
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6330-L6343"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6330-L6343"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "52068c9dff65f1caae8f4c60d0225708612bb8bc"
 		logic_hash = "c2067a1b78c441aa05366b612090e0df895c621843038cc9e65beb6719c0cb9a"
 		score = 75
@@ -281783,8 +282231,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Tryag
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6344-L6359"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6344-L6359"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "42d837e9ab764e95ed11b8bd6c29699d13fe4c41"
 		logic_hash = "2af3bbe8d1940e60843f3f5d40c9c6550e76df21568c374f7a871f73aeefae44"
 		score = 75
@@ -281811,8 +282259,8 @@ rule SIGNATURE_BASE_Webshell_Dc3_Security_Crew_Shell_Priv_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6360-L6375"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6360-L6375"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9077eb05f4ce19c31c93c2421430dd3068a37f17"
 		logic_hash = "52dc0449c205ff9105e2dedc3cb4858f83a2efc7bae579656a26da493dc59500"
 		score = 75
@@ -281839,8 +282287,8 @@ rule SIGNATURE_BASE_Webshell_Qsd_Php_Backdoor
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6376-L6390"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6376-L6390"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4856bce45fc5b3f938d8125f7cdd35a8bbae380f"
 		logic_hash = "3ef7b67cd60370a99fdfa6fd614f71ee314af27c9d983383dde8f03a127a28b3"
 		score = 75
@@ -281866,8 +282314,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Spygrup
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6391-L6405"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6391-L6405"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "12f9105332f5dc5d6360a26706cd79afa07fe004"
 		logic_hash = "5981f8cc1a98f799b1573cf73297383f995acf1c40f0227ac10302dc4d6fd6cc"
 		score = 75
@@ -281893,8 +282341,8 @@ rule SIGNATURE_BASE_Webshell_Web_Shell__C_Shankar
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6406-L6420"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6406-L6420"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3dd4f25bd132beb59d2ae0c813373c9ea20e1b7a"
 		logic_hash = "9d320eed18a5d76a87cee4ea0fa9caf08f096f7eeaab55420540aa082b596e0f"
 		score = 75
@@ -281920,8 +282368,8 @@ rule SIGNATURE_BASE_Webshell_Ayyildiz_Tim___AYT__Shell_V_2_1_Biz
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6421-L6435"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6421-L6435"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5fe8c1d01dc5bc70372a8a04410faf8fcde3cb68"
 		logic_hash = "2d096baad162c0e3e01732007a3be2804155e614a8fa4cd2d5dd3a7ac808fb49"
 		score = 75
@@ -281947,8 +282395,8 @@ rule SIGNATURE_BASE_Webshell_Gamma_Web_Shell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6436-L6450"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6436-L6450"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7ef773df7a2f221468cc8f7683e1ace6b1e8139a"
 		logic_hash = "1de868c4948a95272d288aeba3ac38b84bf6b33ede6b3b600b32530c85586404"
 		score = 75
@@ -281974,8 +282422,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Aspydrv
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6451-L6466"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6451-L6466"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3d8996b625025dc549d73cdb3e5fa678ab35d32a"
 		logic_hash = "314fd671b163b9904cc78cb3a5858f5b1e3dfae9d520d5ebc545a7abd922e9f7"
 		score = 75
@@ -282002,8 +282450,8 @@ rule SIGNATURE_BASE_Webshell_Jspwebshell_1_2_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6467-L6482"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6467-L6482"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "184fc72b51d1429c44a4c8de43081e00967cf86b"
 		logic_hash = "41d937fce969a850a2e4e07eb168becc96a036317a78d620e812707be9466dfc"
 		score = 75
@@ -282030,8 +282478,8 @@ rule SIGNATURE_BASE_Webshell_G00Nshell_V1_3
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6483-L6498"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6483-L6498"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "70fe072e120249c9e2f0a8e9019f984aea84a504"
 		logic_hash = "2ecb3ce2aa43a99552fb26e610c35bdb04f4ff0dc75c867e4327d6e27eed0177"
 		score = 75
@@ -282059,8 +282507,8 @@ rule SIGNATURE_BASE_Webshell_Winx_Shell_2
 		modified = "2025-07-07"
 		old_rule_name = "WebShell_WinX_Shell"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6499-L6515"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6499-L6515"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a94d65c168344ad9fa406d219bdf60150c02010e"
 		logic_hash = "f953c297763e41d197ce186dc818b656951dfa8c855c5063fc4abb54eeefc7bb"
 		score = 75
@@ -282087,8 +282535,8 @@ rule SIGNATURE_BASE_Webshell_PHANTASMA
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6516-L6530"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6516-L6530"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cd12d42abf854cd34ff9e93a80d464620af6d75e"
 		logic_hash = "355be62807182f9a53bac20a6dead8f0a3bee83b6bdc4566502c157f16076b9b"
 		score = 75
@@ -282114,8 +282562,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Cw
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6531-L6547"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6531-L6547"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e65e0670ef6edf0a3581be6fe5ddeeffd22014bf"
 		logic_hash = "52bfb14f4d5d3df787ce7782cbbee25ea1556758eed48e3001c8a3f35a541526"
 		score = 75
@@ -282143,8 +282591,8 @@ rule SIGNATURE_BASE_Webshell_Php_Include_W_Shell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6548-L6561"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6548-L6561"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1a7f4868691410830ad954360950e37c582b0292"
 		logic_hash = "2be144060d4fdaee38214dc2eba80c2a6fd3699060d274e66356fd5a08c9be4b"
 		score = 75
@@ -282169,8 +282617,8 @@ rule SIGNATURE_BASE_Webshell_Mysql_Tool
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6562-L6574"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6562-L6574"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c9cf8cafcd4e65d1b57fdee5eef98f0f2de74474"
 		logic_hash = "611636b3fa9a3163574b18cf8eacebea9733a1ad381261387f79a532b003e8fd"
 		score = 75
@@ -282194,8 +282642,8 @@ rule SIGNATURE_BASE_Webshell_Phpspy_Ver_2006
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6575-L6589"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6575-L6589"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "34a89e0ab896c3518d9a474b71ee636ca595625d"
 		logic_hash = "69bd2c387b0e676168116f3b3c3c081e08fd555cc6bc9a94b9c8ef97f194b09f"
 		score = 75
@@ -282221,8 +282669,8 @@ rule SIGNATURE_BASE_Webshell_Zyklonshell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6590-L6604"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6590-L6604"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3fa7e6f3566427196ac47551392e2386a038d61c"
 		logic_hash = "5d49f2599781836156f6bbb0c50cfcffdb2ca51c7cb688abbc6245d7f856ad01"
 		score = 75
@@ -282249,8 +282697,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Myshell_2
 		modified = "2025-07-07"
 		old_rule_name = "WebShell_php_webshells_myshell"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6605-L6620"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6605-L6620"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5bd52749872d1083e7be076a5e65ffcde210e524"
 		logic_hash = "7765e43189d6ec0cda0b58d00cfd7fc8cec89287dbac7487083b6ce1ce55f306"
 		score = 75
@@ -282276,8 +282724,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Lolipop
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6621-L6634"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6621-L6634"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "86f23baabb90c93465e6851e40104ded5a5164cb"
 		logic_hash = "8b0dcf76a244f80d4bee0c62189df55c1f8d71cf0900cd8ebb5916f5fe972bed"
 		score = 75
@@ -282302,8 +282750,8 @@ rule SIGNATURE_BASE_Webshell_Simple_Cmd
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6635-L6649"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6635-L6649"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "466a8caf03cdebe07aa16ad490e54744f82e32c2"
 		logic_hash = "82a65f4bbdcd2fc626aa9f36fe530d19aa19a48389e970c26e525597818914ee"
 		score = 75
@@ -282329,8 +282777,8 @@ rule SIGNATURE_BASE_Webshell_Go_Shell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6650-L6665"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6650-L6665"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3dd85981bec33de42c04c53d081c230b5fc0e94f"
 		logic_hash = "f2fcefb9a0536c80fa74ceb002e113f95de53d1f56e22c81b542c395dd11071d"
 		score = 75
@@ -282358,8 +282806,8 @@ rule SIGNATURE_BASE_Webshell_Azrailphp_V1_0_2
 		modified = "2025-07-07"
 		old_rule_name = "WebShell_aZRaiLPhp_v1_0"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6666-L6681"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6666-L6681"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a2c609d1a8c8ba3d706d1d70bef69e63f239782b"
 		logic_hash = "8309338bb327cc14ae5970bd921b3dba68353d55be31b9dbbc5374ded24ed563"
 		score = 75
@@ -282385,8 +282833,8 @@ rule SIGNATURE_BASE_Webshell_Webshells_Zehir4
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6682-L6695"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6682-L6695"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "788928ae87551f286d189e163e55410acbb90a64"
 		logic_hash = "36b6940ffecd9be190cce62252ec7d87f1c0bc0d19b4442df63f4404eb316364"
 		score = 55
@@ -282410,8 +282858,8 @@ rule SIGNATURE_BASE_Webshell_Zehir4_Asp_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6696-L6709"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6696-L6709"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1d9b78b5b14b821139541cc0deb4cbbd994ce157"
 		logic_hash = "dfaf685ac3b364143bfbe289b05f066b09f01622fec3e9157f4b4791f7567619"
 		score = 75
@@ -282436,8 +282884,8 @@ rule SIGNATURE_BASE_Webshell_Php_Webshells_Lostdc
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6710-L6725"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6710-L6725"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d54fe07ea53a8929620c50e3a3f8fb69fdeb1cde"
 		logic_hash = "e3cd28f4a72f5a8a92c728fe76a7159c28256e87daf4c1dd10190a57263f5b45"
 		score = 75
@@ -282464,8 +282912,8 @@ rule SIGNATURE_BASE_Webshell_Casus_1_5
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6726-L6739"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6726-L6739"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7eee8882ad9b940407acc0146db018c302696341"
 		logic_hash = "0dbaa39bd33047d24e5bc9716108c5581da3f54e93d90f9c550b3d84de1ebfe2"
 		score = 75
@@ -282490,8 +282938,8 @@ rule SIGNATURE_BASE_Webshell_Ftpsearch
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6740-L6754"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6740-L6754"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c945f597552ccb8c0309ad6d2831c8cabdf4e2d6"
 		logic_hash = "6b32553be4fdf26776e3cbb8a5d4d011d88f2bd50949b65934df72b89065aeec"
 		score = 75
@@ -282517,8 +282965,8 @@ rule SIGNATURE_BASE_Webshell__Cyber_Shell_Cybershell_Cyber_Shell__V_1_0_
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6755-L6772"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6755-L6772"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fc2cf9a25ccc5aa3d9dc287ef9600b065ba9025cfb0a1ccca1bce9120ea03ff4"
 		score = 75
 		quality = 85
@@ -282547,8 +282995,8 @@ rule SIGNATURE_BASE_Webshell__Ajax_PHP_Command_Shell_Ajax_PHP_Command_Shell_Sold
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6773-L6793"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6773-L6793"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0b9e0d96c8a618a4883235e8c5c9a03a1e0b586cb4b30e0273e24c35ee5ee502"
 		score = 75
 		quality = 85
@@ -282580,8 +283028,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_7
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6794-L6812"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6794-L6812"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9d9b6b1333f2061c357fad110b5cc508288c70aea1212aa2fcbf283a2ce4fb2c"
 		score = 75
 		quality = 85
@@ -282611,8 +283059,8 @@ rule SIGNATURE_BASE_Webshell__Small_Web_Shell_By_Zaco_Small_Zaco_Zacosmall
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6813-L6831"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6813-L6831"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "840c58043e39014e90e7621c1d2417d5a970c744560738abc4fea3db3cbb8d5a"
 		score = 75
 		quality = 85
@@ -282642,8 +283090,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_8
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6832-L6851"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6832-L6851"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "346df2686c4d43b3210b07a30845477e057602500e67baba69b50c41e8d501fa"
 		score = 75
 		quality = 85
@@ -282674,8 +283122,8 @@ rule SIGNATURE_BASE_Webshell__PH_Vayv_Phvayv_PH_Vayv_Klasvayv_Asp_Php
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6852-L6870"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6852-L6870"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "42959ba1e3c0f7f198f953e98b9df87059999f5526df4338c109828d0a5a518a"
 		score = 75
 		quality = 85
@@ -282705,8 +283153,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_9
 		date = "2014-04-06"
 		modified = "2022-12-06"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6872-L6892"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6872-L6892"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9f8768f609ccd464f7c2b9d10ce8ea423355e11b05b39e629e5e3de0787e212b"
 		score = 70
 		quality = 77
@@ -282734,8 +283182,8 @@ rule SIGNATURE_BASE_Webshell__PH_Vayv_Phvayv_PH_Vayv
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6894-L6910"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6894-L6910"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b2f2b95415bc990adac38eada20cbc793f286d51f2054bc969e9c667f16717f9"
 		score = 75
 		quality = 85
@@ -282763,8 +283211,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_1
 		date = "2014-04-06"
 		modified = "2022-12-06"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6912-L6931"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6912-L6931"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9e3759d45d13e33481b962c4b59a019647a3e80bdd3885c4404169af74288b89"
 		score = 70
 		quality = 79
@@ -282792,8 +283240,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6933-L6952"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6933-L6952"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0a63d3b00ad9719140da9bb5dcb49981c4d3758fac13c392d016b47e54f356c8"
 		score = 75
 		quality = 85
@@ -282824,8 +283272,8 @@ rule SIGNATURE_BASE_Webshell__Crystalshell_V_1_Erne_Stres
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6953-L6974"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6953-L6974"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a0484a5a71715d6a79c89e20919ab89aaa7e85a18ee502651f1f6b29153847a3"
 		score = 75
 		quality = 85
@@ -282858,8 +283306,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_3
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6975-L6994"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6975-L6994"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5c264a294fc75cf2cadd3dba61bc64658989ffe5ddecfa18ba18e66492ad3c71"
 		score = 75
 		quality = 85
@@ -282890,8 +283338,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_4
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L6995-L7017"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L6995-L7017"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "18db4c6728f0575b4d8388dab9563ee98ca9aa5fdc8534bf76856a87820b4596"
 		score = 75
 		quality = 85
@@ -282925,8 +283373,8 @@ rule SIGNATURE_BASE_Webshell_GFS
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7019-L7035"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7019-L7035"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "72a3f117cb11e1461b760c47a3de74283640b6e1daa87b24e45210213bb76609"
 		score = 75
 		quality = 85
@@ -282954,8 +283402,8 @@ rule SIGNATURE_BASE_Webshell__Crystalshell_V_1_Sosyete_Stres
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7036-L7056"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7036-L7056"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "78aeabe38f7457060d81c3863098b5e424bc38f13e9e86bbb6ea54827f27afcd"
 		score = 75
 		quality = 85
@@ -282987,8 +283435,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_10
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7057-L7077"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7057-L7077"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0bf731edef55cde5d2ad16510fb9f1a240c1a06b535af7e13300fdbea470df74"
 		score = 75
 		quality = 85
@@ -283020,8 +283468,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_11
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7078-L7100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7078-L7100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5a559a26314ce603d6454efb71f1243bf89daed920ca2a495a51b94a4cca0045"
 		score = 75
 		quality = 85
@@ -283055,8 +283503,8 @@ rule SIGNATURE_BASE_Webshell__Findsock_Php_Findsock_Shell_Php_Reverse_Shell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7101-L7115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7101-L7115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2459f7114482e17f087bda4b638c29e237f2f3cb5a9e41e326ed65fc1834b6be"
 		score = 75
 		quality = 85
@@ -283082,8 +283530,8 @@ rule SIGNATURE_BASE_Webshell_Generic_PHP_6
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7116-L7137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7116-L7137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7b3f2ca3cb9516ddda1b9cac2ca5eb5d9e62e1839dad041f69a3dc7a2a186897"
 		score = 75
 		quality = 85
@@ -283116,8 +283564,8 @@ rule SIGNATURE_BASE_Unpack_Injectt
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7139-L7152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7139-L7152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8a5d2158a566c87edc999771e12d42c5"
 		logic_hash = "d8e9ed4f2604617bd6410f36ab827affa3cc6729ba996d0d9cd9c8eb0fd96533"
 		score = 75
@@ -283142,8 +283590,8 @@ rule SIGNATURE_BASE_Hytop_Devpack_Fso
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7153-L7165"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7153-L7165"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b37f3cde1a08890bd822a182c3a881f6"
 		logic_hash = "9d071c1e2e0725091a2abe24759e6e71d78e29caa76b4fff77c44e3bb381b1a2"
 		score = 75
@@ -283167,8 +283615,8 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_Ssh
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7166-L7177"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7166-L7177"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1aa5307790d72941589079989b4f900e"
 		logic_hash = "40c5a5d1d714947454f4aa9f7ed09d777cb60c23933201ac8eaf0d49452af8c6"
 		score = 75
@@ -283191,8 +283639,8 @@ rule SIGNATURE_BASE_Debug_Bdoor
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7178-L7190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7178-L7190"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e4e8e31dd44beb9320922c5f49739955"
 		logic_hash = "ed8caeb96a6fc48fe23d5db078bbb8ba5aec3c5d4ee382cbc6bc4e01630f1460"
 		score = 75
@@ -283216,8 +283664,8 @@ rule SIGNATURE_BASE_Bin_Client
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7191-L7205"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7191-L7205"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5f91a5b46d155cacf0cc6673a2a5461b"
 		logic_hash = "28ce9aa136b5d41bb580e6b5b8580d3ccbb7eeec31007e68241d23c5a0f40d40"
 		score = 75
@@ -283243,8 +283691,8 @@ rule SIGNATURE_BASE_Zxshell2_0_Rar_Folder_Zxshell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7206-L7218"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7206-L7218"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "246ce44502d2f6002d720d350e26c288"
 		logic_hash = "72eaf90551144eccb7329e0a0e05bcc955ea2bfdb37aa87e9cae7b5f5a26bea0"
 		score = 75
@@ -283268,8 +283716,8 @@ rule SIGNATURE_BASE_Rkntload
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7219-L7237"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7219-L7237"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "262317c95ced56224f136ba532b8b34f"
 		logic_hash = "ab767a7016318633055a85195ca2bab08a8c68222d46018aaf8772ab27a373c4"
 		score = 75
@@ -283299,8 +283747,8 @@ rule SIGNATURE_BASE_Binder2_Binder2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7238-L7254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7238-L7254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d594e90ad23ae0bc0b65b59189c12f11"
 		logic_hash = "fbe56b7d37fc7863fcf55761c0b5b671d661a713ac95f90d65b79eee9a447a9b"
 		score = 75
@@ -283328,8 +283776,8 @@ rule SIGNATURE_BASE_Thelast_Orice2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7255-L7267"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7255-L7267"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "aa63ffb27bde8d03d00dda04421237ae"
 		logic_hash = "075f3377a9b90c6c1ba74682415b9c0832a839afe647fa6d3c85d4e987618405"
 		score = 75
@@ -283353,8 +283801,8 @@ rule SIGNATURE_BASE_FSO_S_Sincap
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7268-L7280"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7268-L7280"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "dc5c2c2392b84a1529abd92e98e9aa5b"
 		logic_hash = "705030e93248f5ea6744f78bd7a1816aaa9772880059286b8d686e05b193d4a0"
 		score = 75
@@ -283378,8 +283826,8 @@ rule SIGNATURE_BASE_Phpshell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7281-L7292"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7281-L7292"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "539baa0d39a9cf3c64d65ee7a8738620"
 		logic_hash = "95b3cedac370bf9b06092035a738722f3ec97e6cbafe3d4f742429a865576ad8"
 		score = 75
@@ -283402,8 +283850,8 @@ rule SIGNATURE_BASE_Hytop_Devpack_Config
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7293-L7306"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7293-L7306"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b41d0e64e64a685178a3155195921d61"
 		logic_hash = "b2806c30db413bca518943352f233c9d2915356a41eceed5e352b88ee34fbbd3"
 		score = 75
@@ -283428,8 +283876,8 @@ rule SIGNATURE_BASE_Sendmail
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7307-L7319"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7307-L7319"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "75b86f4a21d8adefaf34b3a94629bd17"
 		logic_hash = "bcca9a9380d2695bc277afc9fa72c24cb26ac44c6fbcc87113b017cfe190bdab"
 		score = 75
@@ -283453,8 +283901,8 @@ rule SIGNATURE_BASE_FSO_S_Zehir4
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7320-L7331"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7320-L7331"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5b496a61363d304532bcf52ee21f5d55"
 		logic_hash = "6bcfb1ee40403394bf996ecbe1bb17f9afa0c3ba9e1906881b94bbc785b4a510"
 		score = 75
@@ -283477,8 +283925,8 @@ rule SIGNATURE_BASE_Hkshell_Hkshell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7332-L7345"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7332-L7345"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "168cab58cee59dc4706b3be988312580"
 		logic_hash = "bee4d4c957ede41c771d690d52ac2fd3655238cc1fc106d30fb2721084b38aa1"
 		score = 75
@@ -283503,8 +283951,8 @@ rule SIGNATURE_BASE_Imhapftp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7346-L7357"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7346-L7357"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "12911b73bc6a5d313b494102abcf5c57"
 		logic_hash = "c24bb80a0ae4284b4303450e9103c5dda30c41b41f323641ac1175461f741ced"
 		score = 75
@@ -283527,8 +283975,8 @@ rule SIGNATURE_BASE_Unpack_Tback
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7358-L7369"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7358-L7369"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a9d1007823bf96fb163ab38726b48464"
 		logic_hash = "0fb43766c305f4235cc0987f411fdc3b3674723687f0b63d346429f4a7b5b87f"
 		score = 75
@@ -283551,8 +283999,8 @@ rule SIGNATURE_BASE_Darkspy105
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7370-L7381"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7370-L7381"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f0b85e7bec90dba829a3ede1ab7d8722"
 		logic_hash = "0f1c9dba4525f9c30f309500652ed6af647ddf492f483e101fc23c891e15fc85"
 		score = 75
@@ -283575,8 +284023,8 @@ rule SIGNATURE_BASE_Editserver_EXE
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7382-L7395"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7382-L7395"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f945de25e0eba3bdaf1455b3a62b9832"
 		logic_hash = "d440669b0c0bf575cf9dea946edf55f724300a4c765e90c631fc1eee062bf006"
 		score = 75
@@ -283601,8 +284049,8 @@ rule SIGNATURE_BASE_FSO_S_Reader
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7396-L7407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7396-L7407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b598c8b662f2a1f6cc61f291fb0a6fa2"
 		logic_hash = "89a948f8da66173965884cd525615c8eeb91cf98a4984c05be7472034bb72f76"
 		score = 75
@@ -283625,8 +284073,8 @@ rule SIGNATURE_BASE_ASP_Cmdasp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7408-L7421"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7408-L7421"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "79d4f3425f7a89befb0ef3bafe5e332f"
 		logic_hash = "84c3148fe74b1afaa6e3bbff0aca8df1f1775759a36a673cc13d35ef7658929c"
 		score = 75
@@ -283651,8 +284099,8 @@ rule SIGNATURE_BASE_KA_Ushell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7422-L7434"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7422-L7434"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "685f5d4f7f6751eaefc2695071569aab"
 		logic_hash = "58d25e19e2e14a909b4b623a85dfd8c62974121d3b23574d1e94b62385e42b45"
 		score = 75
@@ -283676,8 +284124,8 @@ rule SIGNATURE_BASE_PHP_Backdoor_V1
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7435-L7448"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7435-L7448"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0506ba90759d11d78befd21cabf41f3d"
 		logic_hash = "396ae1ee34a06ab4863f4f54257a9020b8747fb99dff15372f0aa54fa4598e43"
 		score = 75
@@ -283701,8 +284149,8 @@ rule SIGNATURE_BASE_Svchostdll
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7449-L7468"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7449-L7468"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0f6756c8cb0b454c452055f189e4c3f4"
 		logic_hash = "4a7a7bb7d827c2e7801f8c33b292bb3d312428fc4ae79f07e103f456984c3b83"
 		score = 75
@@ -283733,8 +284181,8 @@ rule SIGNATURE_BASE_Hytop_Devpack_Server
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7469-L7480"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7469-L7480"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1d38526a215df13c7373da4635541b43"
 		logic_hash = "66b8513a532f64af535c948da28674795ae6495b9844165c3b039bf61c25eb46"
 		score = 75
@@ -283757,8 +284205,8 @@ rule SIGNATURE_BASE_Vanquish
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7481-L7494"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7481-L7494"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "684450adde37a93e8bb362994efc898c"
 		logic_hash = "223c59d06a9389f380fa29959c54e53a17b53080f704189ae519b9527b2c6384"
 		score = 75
@@ -283783,8 +284231,8 @@ rule SIGNATURE_BASE_Winshell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7495-L7514"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7495-L7514"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3144410a37dd4c29d004a814a294ea26"
 		logic_hash = "addbfa598039af09c0e4c50138fcfabd16c35c5516259cf9595cf49855da518d"
 		score = 75
@@ -283815,8 +284263,8 @@ rule SIGNATURE_BASE_FSO_S_Remview
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7515-L7528"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7515-L7528"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b4a09911a5b23e00b55abe546ded691c"
 		logic_hash = "19719e8c9215ec9ba9fab55b604907e0a6d0a0507a5662926acff1e9dc03440e"
 		score = 75
@@ -283841,8 +284289,8 @@ rule SIGNATURE_BASE_Saphpshell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7529-L7540"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7529-L7540"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d7bba8def713512ddda14baf9cd6889a"
 		logic_hash = "24d558292a709bb29334b1acdc53cdb6c5bc6803caec527edcacd6a19f6dc7c9"
 		score = 75
@@ -283865,8 +284313,8 @@ rule SIGNATURE_BASE_Hytop2006_Rar_Folder_2006Z
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7541-L7553"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7541-L7553"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fd1b6129abd4ab177fed135e3b665488"
 		logic_hash = "4b427132541cd26ee47c387a98f6f46f86808f9a775068e1d114c9ef4abca9f6"
 		score = 75
@@ -283890,8 +284338,8 @@ rule SIGNATURE_BASE_Admin_Ad
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7554-L7566"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7554-L7566"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e6819b8f8ff2f1073f7d46a0b192f43b"
 		logic_hash = "0febd10979a959af73332a8e064a510e949109abf863b5fd0fef19b635968d1d"
 		score = 75
@@ -283915,8 +284363,8 @@ rule SIGNATURE_BASE_FSO_S_Casus15
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7567-L7578"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7567-L7578"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8d155b4239d922367af5d0a1b89533a3"
 		logic_hash = "58921290952f23ff5b828d8c92c818ebd91b726cdbbc9137b0f55a0e5ca90636"
 		score = 75
@@ -283939,8 +284387,8 @@ rule SIGNATURE_BASE_BIN_Client
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7579-L7595"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7579-L7595"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9f0a74ec81bc2f26f16c5c172b80eca7"
 		logic_hash = "e1277f6b7adc2e832a3aad96c7e44796596d2e61eb9247977da3c3569777e0b2"
 		score = 75
@@ -283968,8 +284416,8 @@ rule SIGNATURE_BASE_Shelltools_G0T_Root_Uptime
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7596-L7611"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7596-L7611"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d1f56102bc5d3e2e37ab3ffa392073b9"
 		logic_hash = "5d91dda859a63a965250bd4d76565c6adf18e4ee306be3b91965e5d35bc521e8"
 		score = 75
@@ -283996,8 +284444,8 @@ rule SIGNATURE_BASE_Simple_PHP_Backdoor
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7612-L7625"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7612-L7625"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a401132363eecc3a1040774bec9cb24f"
 		logic_hash = "9739217c23f583452fbf1d7a8e20b2f1379ebf430e0a4fd73ad62e88d544670a"
 		score = 75
@@ -284022,8 +284470,8 @@ rule SIGNATURE_BASE_Sig_2005Gray
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7626-L7640"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7626-L7640"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "75dbe3d3b70a5678225d3e2d78b604cc"
 		logic_hash = "927ed5cdaa14b6cd63a6ca7d7bec6635b69fa19d88808890e7d198fb7a0b57b4"
 		score = 75
@@ -284049,8 +284497,8 @@ rule SIGNATURE_BASE_Dllinjection
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7641-L7652"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7641-L7652"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a7b92283a5102886ab8aee2bc5c8d718"
 		logic_hash = "6e01ae1cc8a91a5e0d22bdf477aa72bf0116dbe31752a069b1e34d8a09ec6213"
 		score = 75
@@ -284073,8 +284521,8 @@ rule SIGNATURE_BASE_Mithril_V1_45_Mithril
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7653-L7665"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7653-L7665"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f1484f882dc381dde6eaa0b80ef64a07"
 		logic_hash = "a3e74bfb34762553eccaddd745d9e17dc3a5a25201e4bc9e2ea9a49342295c78"
 		score = 75
@@ -284098,8 +284546,8 @@ rule SIGNATURE_BASE_Hkshell_Hkrmv
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7666-L7678"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7666-L7678"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bd3a0b7a6b5536f8d96f50956560e9bf"
 		logic_hash = "f1da0778456272e6d93633a564018bdf0fa74f1db1c9e963a03a59c69c752b6e"
 		score = 75
@@ -284124,8 +284572,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_1
 		modified = "2025-07-07"
 		old_rule_name = "phpshell"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7679-L7693"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7679-L7693"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1dccb1ea9f24ffbd085571c88585517b"
 		logic_hash = "eed450ae6668bbee01ea2689e9864f10a66714ec4c91afabb12609ad4ebdac8c"
 		score = 75
@@ -284150,8 +284598,8 @@ rule SIGNATURE_BASE_FSO_S_Cmd
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7694-L7706"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7694-L7706"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cbe8e365d41dd3cd8e462ca434cf385f"
 		logic_hash = "43f3379a57210f0e3b70575313115a7ba3d71359de7c5ac9a6a178b93af3545e"
 		score = 75
@@ -284175,8 +284623,8 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_Phpft
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7707-L7719"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7707-L7719"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "60ef80175fcc6a879ca57c54226646b1"
 		logic_hash = "741536acafdc4da618d69bdae2f0a3e8c004a4027cc76c796158ee111c006414"
 		score = 75
@@ -284200,8 +284648,8 @@ rule SIGNATURE_BASE_FSO_S_Indexer
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7720-L7731"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7720-L7731"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "135fc50f85228691b401848caef3be9e"
 		logic_hash = "a1bfba9c24819f5c1574aa179d853a6cc2fcf58c7b9a14eeab2639248178549c"
 		score = 75
@@ -284224,8 +284672,8 @@ rule SIGNATURE_BASE_R57Shell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7732-L7743"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7732-L7743"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8023394542cddf8aee5dec6072ed02b5"
 		logic_hash = "40ff6bceb3f9bd95fbf5e75681fadadaa64243007e10fcc86bb909282b8161c5"
 		score = 75
@@ -284248,8 +284696,8 @@ rule SIGNATURE_BASE_Bdcli100
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7744-L7756"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7744-L7756"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b12163ac53789fb4f62e4f17a8c2e028"
 		logic_hash = "48c70413c71d5a84f8cea48c77935b7cc26d9e1348d7ab257de4540d69f0f817"
 		score = 75
@@ -284273,8 +284721,8 @@ rule SIGNATURE_BASE_Hytop_Devpack_2005Red
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7757-L7770"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7757-L7770"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d8ccda2214b3f6eabd4502a050eb8fe8"
 		logic_hash = "716b6faa8d1216f592d63b658cdd65d7be0226bf746b5fdf1827bdf881562711"
 		score = 75
@@ -284299,8 +284747,8 @@ rule SIGNATURE_BASE_Hytop2006_Rar_Folder_2006X2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7771-L7783"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7771-L7783"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cc5bf9fc56d404ebbc492855393d7620"
 		logic_hash = "0df587ccaf41d11c6be90ef631ce8b21f95f08fa8f71e62463c378455b312f4a"
 		score = 75
@@ -284324,8 +284772,8 @@ rule SIGNATURE_BASE_Rdrbs084
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7784-L7796"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7784-L7796"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ed30327b255816bdd7590bf891aa0020"
 		logic_hash = "8a743d62723c4a5f863f986edd4b149728680b40d6a4b9a99b093d62ccb70cf8"
 		score = 75
@@ -284349,8 +284797,8 @@ rule SIGNATURE_BASE_Hytop_Caseswitch_2005
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7797-L7815"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7797-L7815"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8bf667ee9e21366bc0bd3491cb614f41"
 		logic_hash = "0ecf28b5abb918cd1d8f38b76019dddf19dff5dbb114f16ef6ec9b46cb590a46"
 		score = 75
@@ -284380,8 +284828,8 @@ rule SIGNATURE_BASE_Ebayid_Index3
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7816-L7827"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7816-L7827"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0412b1e37f41ea0d002e4ed11608905f"
 		logic_hash = "47660cb71d6787683e51aa14fc0f4a9d6f1c59517b77bfe4135098a0020ded11"
 		score = 75
@@ -284404,8 +284852,8 @@ rule SIGNATURE_BASE_FSO_S_Phvayv
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7828-L7839"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7828-L7839"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "205ecda66c443083403efb1e5c7f7878"
 		logic_hash = "d0482607f7d9cf6c89963cb9b1f943fa0b80636e857e0fb044cd9a0b3f974deb"
 		score = 75
@@ -284428,8 +284876,8 @@ rule SIGNATURE_BASE_Byshell063_Ntboot
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7840-L7854"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7840-L7854"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "99b5f49db6d6d9a9faeffb29fd8e6d8c"
 		logic_hash = "2fdc930eacb87d02ebe69a2b64df4103bd0f3417a76f1b2922b3d4cd4c0dffe9"
 		score = 75
@@ -284455,8 +284903,8 @@ rule SIGNATURE_BASE_FSO_S_Casus15_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7855-L7866"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7855-L7866"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8d155b4239d922367af5d0a1b89533a3"
 		logic_hash = "45820e0398cca8e75fc4acf6863d962a817afd95a4592acd4ac4a50029684220"
 		score = 75
@@ -284479,8 +284927,8 @@ rule SIGNATURE_BASE_Installer
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7867-L7879"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7867-L7879"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a507919ae701cf7e42fa441d3ad95f8f"
 		logic_hash = "73c1032313155ceb752fe2f94c8d242833127fe0443d7e3044fa1de2b2b7742b"
 		score = 75
@@ -284504,8 +284952,8 @@ rule SIGNATURE_BASE_FSO_S_Remview_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7880-L7892"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7880-L7892"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b4a09911a5b23e00b55abe546ded691c"
 		logic_hash = "0a682431f7044e9a49c8dd4842a22c521e2a07d5df045b0a12449e3b3206716b"
 		score = 75
@@ -284529,8 +284977,8 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_R57
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7893-L7904"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7893-L7904"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "903908b77a266b855262cdbce81c3f72"
 		logic_hash = "8d0f3b2009594d4aa413c4794dca12e3c66a19974cc6d0b47cc3f5e2572a4c57"
 		score = 75
@@ -284553,8 +285001,8 @@ rule SIGNATURE_BASE_Hytop2006_Rar_Folder_2006X
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7905-L7917"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7905-L7917"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cf3ee0d869dd36e775dfcaa788db8e4b"
 		logic_hash = "b71cf90900c7eae4caef57564292ca497a2c6c77e3de2994ba9e4cecae7f2697"
 		score = 75
@@ -284578,8 +285026,8 @@ rule SIGNATURE_BASE_FSO_S_Phvayv_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7918-L7929"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7918-L7929"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "205ecda66c443083403efb1e5c7f7878"
 		logic_hash = "11418a11692412ccb309983bdadd9bda2b27b692c3282eb0386094e76c7ba1e0"
 		score = 75
@@ -284602,8 +285050,8 @@ rule SIGNATURE_BASE_Elmaliseker
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7930-L7942"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7930-L7942"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ccf48af0c8c09bbd038e610a49c9862e"
 		logic_hash = "54c0b8e74a9b10fe54901c0595600af1dfc54abd3f710fc20ca87ca92236bb49"
 		score = 75
@@ -284627,8 +285075,8 @@ rule SIGNATURE_BASE_Shelltools_G0T_Root_Resolve
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7943-L7960"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7943-L7960"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "69bf9aa296238610a0e05f99b5540297"
 		logic_hash = "39d8ac274e94f13b5eb197be5827a95ac09df70793bd584c96b81983a565c1ce"
 		score = 75
@@ -284657,8 +285105,8 @@ rule SIGNATURE_BASE_FSO_S_Remexp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7961-L7974"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7961-L7974"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b69670ecdbb40012c73686cd22696eeb"
 		logic_hash = "b9b966a89ab097494d7af90775bf124f1310c77145be67fa57ebdacd0164e3d0"
 		score = 75
@@ -284683,8 +285131,8 @@ rule SIGNATURE_BASE_FSO_S_Tool
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7975-L7986"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7975-L7986"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3a1e1e889fdd974a130a6a767b42655b"
 		logic_hash = "a3449aca3124aa4d920d78e5e674ddd9d8a181b0ce0143032352a69dfdbcad2d"
 		score = 75
@@ -284707,8 +285155,8 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_2005
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L7987-L7999"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L7987-L7999"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "97f2552c2fafc0b2eb467ee29cc803c8"
 		logic_hash = "4d04174b23c9057acf2618c01cd702eaaec2d3508a8c25dd87fdd320c076a3b1"
 		score = 75
@@ -284732,8 +285180,8 @@ rule SIGNATURE_BASE_Byloader
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8000-L8015"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8000-L8015"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0f0d6dc26055653f5844ded906ce52df"
 		logic_hash = "66c900e4bc771fb23d7623e57ad51edaa95696c2e31554720582f3e33a1b2e25"
 		score = 75
@@ -284760,8 +285208,8 @@ rule SIGNATURE_BASE_Shelltools_G0T_Root_Fport
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8016-L8028"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8016-L8028"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "dbb75488aa2fa22ba6950aead1ef30d5"
 		logic_hash = "b9dc66e249c0577839cc3748f129c343d2ccb7327b92a2a67e4467782d10a25e"
 		score = 75
@@ -284785,8 +285233,8 @@ rule SIGNATURE_BASE_Backdoor__Fr_
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8029-L8040"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8029-L8040"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a79cac2cf86e073a832aaf29a664f4be"
 		logic_hash = "6c16c200712015eed71aeb119e46bad5f93445a8f719d98ef31f9012cb3551ae"
 		score = 75
@@ -284809,8 +285257,8 @@ rule SIGNATURE_BASE_FSO_S_Ntdaddy
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8041-L8052"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8041-L8052"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f6262f3ad9f73b8d3e7d9ea5ec07a357"
 		logic_hash = "4df6f53ee9bfc0214e69dd858878026e962b90573ed48a5ffdd5523538e8f3bf"
 		score = 75
@@ -284833,8 +285281,8 @@ rule SIGNATURE_BASE_Nstview_Nstview
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8053-L8064"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8053-L8064"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3871888a0c1ac4270104918231029a56"
 		logic_hash = "2b25e22d86a672af0b8957f1b0336ed80e09f3389f5045c230af2372db0e3415"
 		score = 75
@@ -284857,8 +285305,8 @@ rule SIGNATURE_BASE_Hytop_Devpack_Upload
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8065-L8076"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8065-L8076"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b09852bda534627949f0259828c967de"
 		logic_hash = "312020a72a37adb0111ac6d61810c8e476be39dc6456e80e83cd6a680e8ea051"
 		score = 75
@@ -284881,8 +285329,8 @@ rule SIGNATURE_BASE_Passwordreminder
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8077-L8088"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8077-L8088"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ea49d754dc609e8bfa4c0f95d14ef9bf"
 		logic_hash = "f3da5381f5e352c541654d2af918ca8cea8049d137078670dd0538a4d13f676e"
 		score = 75
@@ -284905,8 +285353,8 @@ rule SIGNATURE_BASE_Pack_Injectt
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8089-L8104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8089-L8104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "983b74ccd57f6195a0584cdfb27d55e8"
 		logic_hash = "9f66b7b429ed585888c0fb4943bb12262247b3af8d85bc67309b27752171e66a"
 		score = 75
@@ -284933,8 +285381,8 @@ rule SIGNATURE_BASE_FSO_S_Remexp_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8105-L8117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8105-L8117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b69670ecdbb40012c73686cd22696eeb"
 		logic_hash = "e31e25a7c2b2e970a379a61d2dac335bd37cac48328eee9f3966ff5c77ef6f18"
 		score = 75
@@ -284958,8 +285406,8 @@ rule SIGNATURE_BASE_FSO_S_C99
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8118-L8129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8118-L8129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5f9ba02eb081bba2b2434c603af454d0"
 		logic_hash = "de769299bbd8b895b84db757fcc037b807f7caaa624c06e9d330934a968b2381"
 		score = 75
@@ -284982,8 +285430,8 @@ rule SIGNATURE_BASE_Rknt_Zip_Folder_Rknt
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8130-L8147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8130-L8147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5f97386dfde148942b7584aeb6512b85"
 		logic_hash = "59de8a40a7081ee5fbea9f413590237c1da9985f2352b32571529baf38c93ddb"
 		score = 75
@@ -285012,8 +285460,8 @@ rule SIGNATURE_BASE_Dbgntboot
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8148-L8160"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8148-L8160"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4d87543d4d7f73c1529c9f8066b475ab"
 		logic_hash = "10f86f18aff4995928efb3c8000eca166fe37e6006de7938139cad718ff7653f"
 		score = 75
@@ -285037,8 +285485,8 @@ rule SIGNATURE_BASE_PHP_Shell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8161-L8173"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8161-L8173"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "45e8a00567f8a34ab1cccc86b4bc74b9"
 		logic_hash = "a62061b2fa851f5798158198e26f188408f3f37dca69a85ca155777c0b8407ee"
 		score = 75
@@ -285062,8 +285510,8 @@ rule SIGNATURE_BASE_Hxdef100
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8174-L8187"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8174-L8187"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "55cc1769cef44910bd91b7b73dee1f6c"
 		logic_hash = "a2002dcddad7ffdbe9614723163016f9357347bb704640d3933ce4513c37d474"
 		score = 75
@@ -285088,8 +285536,8 @@ rule SIGNATURE_BASE_Rdrbs100
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8188-L8200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8188-L8200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7c752bcd6da796d80a6830c61a632bff"
 		logic_hash = "8a427ef9e0ecd0c810913203aaef43647964f33658dfdca8195fce6f0545f8f4"
 		score = 75
@@ -285113,8 +285561,8 @@ rule SIGNATURE_BASE_Mithril_Mithril
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8201-L8219"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8201-L8219"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "017191562d72ab0ca551eb89256650bd"
 		logic_hash = "5d19eb4132a0401d226c9cffc927b2838e9c69428746296b55a488d097759587"
 		score = 75
@@ -285144,8 +285592,8 @@ rule SIGNATURE_BASE_Hxdef100_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8220-L8233"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8220-L8233"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1b393e2e13b9c57fb501b7cd7ad96b25"
 		logic_hash = "d44131f6c1bfdc36079f474832a79a361dfad96d1b84f7004d682150c93eccc5"
 		score = 75
@@ -285170,8 +285618,8 @@ rule SIGNATURE_BASE_Release_Dlltest
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8234-L8254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8234-L8254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "76a59fc3242a2819307bb9d593bef2e0"
 		logic_hash = "ba759ae1bbde357085b2b2dfda0780b5a239a44b4e999244e8eceed246090ce3"
 		score = 50
@@ -285203,8 +285651,8 @@ rule SIGNATURE_BASE_Webadmin
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8255-L8266"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8255-L8266"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3a90de401b30e5b590362ba2dde30937"
 		logic_hash = "6e215c3d8b8357b839416ee6951f7739387bb94aa1284ea7e827ae2205221294"
 		score = 75
@@ -285227,8 +285675,8 @@ rule SIGNATURE_BASE_Commands
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8267-L8279"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8267-L8279"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "174486fe844cb388e2ae3494ac2d1ec2"
 		logic_hash = "5251ee090934c8f99a8a2ffef2605593943306937dc56a135a47f1da7e732587"
 		score = 75
@@ -285252,8 +285700,8 @@ rule SIGNATURE_BASE_Hkdoordll
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8280-L8291"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8280-L8291"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b715c009d47686c0e62d0981efce2552"
 		logic_hash = "a3c4d262b59cdf82390c0457810505e9e7a18c9b26ba4524bc368fd2141ec306"
 		score = 75
@@ -285276,8 +285724,8 @@ rule SIGNATURE_BASE_R57Shell_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8292-L8303"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8292-L8303"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8023394542cddf8aee5dec6072ed02b5"
 		logic_hash = "5319426928d33b62527efb561c2b7a226a5a473735f501b267e6b3b174972085"
 		score = 75
@@ -285300,8 +285748,8 @@ rule SIGNATURE_BASE_Mithril_V1_45_Dlltest
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8304-L8317"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8304-L8317"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1b9e518aaa62b15079ff6edb412b21e9"
 		logic_hash = "cf1e2ca39ae6b726792bbbaf0f1dd90788a4bb9ba5e3d50c22d75f2b3d4e9e7d"
 		score = 50
@@ -285326,8 +285774,8 @@ rule SIGNATURE_BASE_Dbgiis6Cli
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8318-L8330"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8318-L8330"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3044dceb632b636563f66fee3aaaf8f3"
 		logic_hash = "f6de3c9b8fbcca230540d1b41659ab02c9548df69f53fa9d5730ac7bb7dfe88a"
 		score = 75
@@ -285351,8 +285799,8 @@ rule SIGNATURE_BASE_Remview_2003_04_22
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8331-L8342"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8331-L8342"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "17d3e4e39fbca857344a7650f7ea55e3"
 		logic_hash = "2957f6ec7a022ac04759724276f6928625708346903597b0765b5e81207fc6b9"
 		score = 75
@@ -285375,8 +285823,8 @@ rule SIGNATURE_BASE_FSO_S_Test
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8343-L8355"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8343-L8355"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "82cf7b48da8286e644f575b039a99c26"
 		logic_hash = "62613bead716717f116290b1c9eca9aa63eadd280050811e30a54e5d186af2fc"
 		score = 50
@@ -285400,8 +285848,8 @@ rule SIGNATURE_BASE_Debug_Cress
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8356-L8368"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8356-L8368"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "36a416186fe010574c9be68002a7286a"
 		logic_hash = "670e236e72d3cb52ea5dba865749baee58a70f8d100db1dd8eddfe3183339181"
 		score = 75
@@ -285425,8 +285873,8 @@ rule SIGNATURE_BASE_Webshell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8369-L8384"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8369-L8384"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f2f8c02921f29368234bfb4d4622ad19"
 		logic_hash = "e3fdce426d2f6e88d8e9412a3026ea05d027af934763eafe0188602458c2289d"
 		score = 75
@@ -285453,8 +285901,8 @@ rule SIGNATURE_BASE_FSO_S_EFSO_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8385-L8397"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8385-L8397"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a341270f9ebd01320a7490c12cb2e64c"
 		logic_hash = "462c713e5d4fb6d0db91b14bfacdca73f780559ba2dad80988c356ee1a3d369d"
 		score = 75
@@ -285478,8 +285926,8 @@ rule SIGNATURE_BASE_Thelast_Index3
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8398-L8409"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8398-L8409"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cceff6dc247aaa25512bad22120a14b4"
 		logic_hash = "3700141ca2cf53f49618e2d4cab8866efccdce843921f1733b3d6260b8feea68"
 		score = 75
@@ -285502,8 +285950,8 @@ rule SIGNATURE_BASE_Adjustcr
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8410-L8424"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8410-L8424"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "17037fa684ef4c90a25ec5674dac2eb6"
 		logic_hash = "d2a86083ff5cb34a0453f812e2d316c63342e529f00099a8869fa7e0a43321ef"
 		score = 75
@@ -285529,8 +285977,8 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_Xishell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8425-L8436"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8425-L8436"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "997c8437c0621b4b753a546a53a88674"
 		logic_hash = "13393bc72477ab9a4ebc16b409de8ed73e086cc41f25f34315d11401b63c2471"
 		score = 75
@@ -285553,8 +286001,8 @@ rule SIGNATURE_BASE_Hytop_Apppack_2005
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8437-L8448"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8437-L8448"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "63d9fd24fa4d22a41fc5522fc7050f9f"
 		logic_hash = "0de4800291132efca24b40bebcc895d6873110214c8cbf8384317208e0d9db82"
 		score = 75
@@ -285577,8 +286025,8 @@ rule SIGNATURE_BASE_Xssshell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8449-L8460"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8449-L8460"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8fc0ffc5e5fbe85f7706ffc45b3f79b4"
 		logic_hash = "6b0e602b523f58ec61850b4ba2e69da4fe4bf2833fb45e529785a398445db127"
 		score = 75
@@ -285601,8 +286049,8 @@ rule SIGNATURE_BASE_Felikspack3___PHP_Shells_Usr
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8461-L8472"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8461-L8472"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ade3357520325af50c9098dc8a21a024"
 		logic_hash = "f5fd4a4c1b531b23b09505d302dc27d7ba2eb733fcf313c04ba9085b090f7cbe"
 		score = 75
@@ -285625,8 +286073,8 @@ rule SIGNATURE_BASE_FSO_S_Phpinj
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8473-L8484"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8473-L8484"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "dd39d17e9baca0363cc1c3664e608929"
 		logic_hash = "de4ac200f5426ec4c6fef21d5fbc37281811569a3e71a9bcb6fa51d13eb600a4"
 		score = 75
@@ -285649,8 +286097,8 @@ rule SIGNATURE_BASE_Xssshell_Db
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8485-L8496"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8485-L8496"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cb62e2ec40addd4b9930a9e270f5b318"
 		logic_hash = "3fdbaa17c12abef8576bf859065d90f4b6e80c187af734b71b26a1bd5d073e86"
 		score = 75
@@ -285673,8 +286121,8 @@ rule SIGNATURE_BASE_PHP_Sh
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8497-L8508"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8497-L8508"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1e9e879d49eb0634871e9b36f99fe528"
 		logic_hash = "da0b572f116cc5c55e8d7469f222896d602d09be4761a0e2139fc8ce67ac4050"
 		score = 75
@@ -285697,8 +286145,8 @@ rule SIGNATURE_BASE_Xssshell_Default
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8509-L8520"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8509-L8520"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d156782ae5e0b3724de3227b42fcaf2f"
 		logic_hash = "6a8772a8a6399c3266abcc22a3c55eda70ec9703346398f5f1768bbd35974f8c"
 		score = 75
@@ -285721,8 +286169,8 @@ rule SIGNATURE_BASE_Editserver_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8521-L8534"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8521-L8534"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5c1f25a4d206c83cdfb006b3eb4c09ba"
 		logic_hash = "c581936928ce0f1061feb5665c743f14f12a9f875e360f40cc064f3047b23adf"
 		score = 75
@@ -285747,8 +286195,8 @@ rule SIGNATURE_BASE_By064Cli
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8535-L8547"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8535-L8547"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "10e0dff366968b770ae929505d2a9885"
 		logic_hash = "51efd5c510efc6657ae175af47b09437ae70eb0237d88ffdf3cdae365d0ec7be"
 		score = 75
@@ -285772,8 +286220,8 @@ rule SIGNATURE_BASE_Mithril_Dlltest
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8548-L8560"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8548-L8560"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a8d25d794d8f08cd4de0c3d6bf389e6d"
 		logic_hash = "c8c8d1b75ed4eb4bc66a762e53aa6b3ab439e96ef464a8b9ffa4dff887986465"
 		score = 50
@@ -285797,8 +286245,8 @@ rule SIGNATURE_BASE_Peek_A_Boo
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8561-L8577"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8561-L8577"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "aca339f60d41fdcba83773be5d646776"
 		logic_hash = "b103c1b873dd0df9626d72a1127fbadc821777a05012a080423263a2083c398b"
 		score = 75
@@ -285826,8 +286274,8 @@ rule SIGNATURE_BASE_Fmlibraryv3
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8578-L8589"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8578-L8589"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c34c248fed6d5a20d8203924a2088acc"
 		logic_hash = "a7dc83db26cdda757f626c42022c17bb2764074a3cc5f87b4a3aaa991fac5dc2"
 		score = 75
@@ -285850,8 +286298,8 @@ rule SIGNATURE_BASE_Debug_Dlltest_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8590-L8602"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8590-L8602"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1b9e518aaa62b15079ff6edb412b21e9"
 		logic_hash = "bf260ce0f8d4728920679573cd77927b44db28ba6102923707af8d1ad7d0ef2d"
 		score = 50
@@ -285875,8 +286323,8 @@ rule SIGNATURE_BASE_Connector
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8603-L8615"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8603-L8615"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3ba1827fca7be37c8296cd60be9dc884"
 		logic_hash = "b8cadb7aa23a8cdef10e7b1eb05586d6c3e7c398958a80861b6f1ccd4edf1eca"
 		score = 75
@@ -285900,8 +286348,8 @@ rule SIGNATURE_BASE_Shelltools_G0T_Root_Hiderun
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8616-L8628"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8616-L8628"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "45436d9bfd8ff94b71eeaeb280025afe"
 		logic_hash = "3a6dea2314800b28e92b59595c8b79c64e66dc66ebfa8f89c2f4028b574b9a91"
 		score = 75
@@ -285925,8 +286373,8 @@ rule SIGNATURE_BASE_PHP_Shell_V1_7
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8629-L8640"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8629-L8640"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b5978501c7112584532b4ca6fb77cba5"
 		logic_hash = "e03904177309de9ce1afa0b12bf70913b106650c3db5807f9d4ccb91fb2ade77"
 		score = 75
@@ -285949,8 +286397,8 @@ rule SIGNATURE_BASE_Xssshell_Save
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8641-L8653"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8641-L8653"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "865da1b3974e940936fe38e8e1964980"
 		logic_hash = "c53034c6ebc4f01c4573e688f548e71dae944913797b12eb8f22a5ef0a368ccf"
 		score = 75
@@ -285974,8 +286422,8 @@ rule SIGNATURE_BASE_Screencap
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8654-L8667"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8654-L8667"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "51139091dea7a9418a50f2712ea72aa6"
 		logic_hash = "9be7ec97ef8e9b8838f7931a8fcf8d85b1543a202a7bf34fab9791fc47889cb9"
 		score = 75
@@ -286000,8 +286448,8 @@ rule SIGNATURE_BASE_FSO_S_Phpinj_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8668-L8679"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8668-L8679"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "dd39d17e9baca0363cc1c3664e608929"
 		logic_hash = "12af5182b94f01ac4fbdee92c007556aaa7f196aca116575803cedd84b81f3b0"
 		score = 75
@@ -286024,8 +286472,8 @@ rule SIGNATURE_BASE_Zxshell2_0_Rar_Folder_Zxrecv
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8680-L8697"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8680-L8697"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5d3d12a39f41d51341ef4cb7ce69d30f"
 		logic_hash = "7eef63e45f6902e4f2d5f854b2794df3101a2ef145e2d627263db429c2b728d7"
 		score = 75
@@ -286054,8 +286502,8 @@ rule SIGNATURE_BASE_FSO_S_Ajan
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8698-L8709"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8698-L8709"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "22194f8c44524f80254e1b5aec67b03e"
 		logic_hash = "a7766caae5845ce43cff2212c25fea9a78979d10c79d8c40290b5c1471b101cd"
 		score = 75
@@ -286078,8 +286526,8 @@ rule SIGNATURE_BASE_C99Shell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8710-L8721"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8710-L8721"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "90b86a9c63e2cd346fe07cea23fbfc56"
 		logic_hash = "a0fcc43a80ac4d059aea36da8b4b5a81c99a54f7c66c521697805ae890d66fe8"
 		score = 75
@@ -286102,8 +286550,8 @@ rule SIGNATURE_BASE_Phpspy_2005_Full
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8722-L8733"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8722-L8733"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d1c69bb152645438440e6c903bac16b2"
 		logic_hash = "8561161726a49374a9bc3389fef593e5d68dc437552e06736a235412183bef45"
 		score = 75
@@ -286126,8 +286574,8 @@ rule SIGNATURE_BASE_FSO_S_Zehir4_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8734-L8745"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8734-L8745"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5b496a61363d304532bcf52ee21f5d55"
 		logic_hash = "bb10f2e28bb375366b9140c06bb242cd13fdb69e67ce72ecae0e50270566f116"
 		score = 75
@@ -286150,8 +286598,8 @@ rule SIGNATURE_BASE_FSO_S_Indexer_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8746-L8757"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8746-L8757"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "135fc50f85228691b401848caef3be9e"
 		logic_hash = "8cf4c8fb1e985adbed2cf20578fcfc14240f6d9fe6062bbe3fe2f895f58bc172"
 		score = 75
@@ -286174,8 +286622,8 @@ rule SIGNATURE_BASE_Hytop_Devpack_2005
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8758-L8771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8758-L8771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "63d9fd24fa4d22a41fc5522fc7050f9f"
 		logic_hash = "b312cddff4c5292cc51acc39448c815fede3c9356d7d225c3a08c7124712b3f8"
 		score = 75
@@ -286200,8 +286648,8 @@ rule SIGNATURE_BASE__Root_040_Zip_Folder_Deploy
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8772-L8785"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8772-L8785"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2c9f9c58999256c73a5ebdb10a9be269"
 		logic_hash = "9852b105e6a28f5500fc6739b196dd14b9b0b69b1077be4063735380b0699abb"
 		score = 75
@@ -286225,8 +286673,8 @@ rule SIGNATURE_BASE_By063Cli
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8786-L8798"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8786-L8798"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "49ce26eb97fd13b6d92a5e5d169db859"
 		logic_hash = "c89159b73232bc8fd7430b3330009f4b3eb25b9511515bc9b4cd433f7a67f30e"
 		score = 75
@@ -286250,8 +286698,8 @@ rule SIGNATURE_BASE_Icyfox007V1_10_Rar_Folder_Asp
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8799-L8810"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8799-L8810"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2c412400b146b7b98d6e7755f7159bb9"
 		logic_hash = "3cc36668f0a2a6807b59c7da0b6e504b519a616ab63fb9f606eba5dc4a9e7e2f"
 		score = 75
@@ -286274,8 +286722,8 @@ rule SIGNATURE_BASE_Byshell063_Ntboot_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8812-L8823"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8812-L8823"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cb9eb5a6ff327f4d6c46aacbbe9dda9d"
 		logic_hash = "25df29000bb410c0ba1fec78920124f6eedbc2585541536239522d2b116270ab"
 		score = 75
@@ -286298,8 +286746,8 @@ rule SIGNATURE_BASE_U_Uay
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8824-L8836"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8824-L8836"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "abbc7b31a24475e4c5d82fc4c2b8c7c4"
 		logic_hash = "45e8938ce34fd5a253cee3867aa8c4429c6bf3fcc91098ed9df3f95656bc5f8f"
 		score = 75
@@ -286323,8 +286771,8 @@ rule SIGNATURE_BASE_Bin_Wuaus
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8837-L8853"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8837-L8853"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "46a365992bec7377b48a2263c49e4e7d"
 		logic_hash = "0509ca39662430c3ababf65ca3a6e9af95250163980829d90eddf5341168c864"
 		score = 75
@@ -286352,8 +286800,8 @@ rule SIGNATURE_BASE_Pwreveal
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8854-L8868"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8854-L8868"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b4e8447826a45b76ca45ba151a97ad50"
 		logic_hash = "01c9582897c65e608d49a151fe9ade97b9a031d7d10f5fd4b4d0c2a3fd83e7b6"
 		score = 75
@@ -286379,8 +286827,8 @@ rule SIGNATURE_BASE_Shelltools_G0T_Root_Xwhois
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8869-L8883"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8869-L8883"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0bc98bd576c80d921a3460f8be8816b4"
 		logic_hash = "75ee56dae5fde75ae4dc4bba835a96016781b747f3cff0dc6d52e665463a6070"
 		score = 75
@@ -286406,8 +286854,8 @@ rule SIGNATURE_BASE_Vanquish_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8884-L8895"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8884-L8895"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2dcb9055785a2ee01567f52b5a62b071"
 		logic_hash = "428dc4e6d8bcc888e6f99f69ee9f211aa029d3486b99b9716d09709dc391d9a2"
 		score = 75
@@ -286430,8 +286878,8 @@ rule SIGNATURE_BASE_Down_Rar_Folder_Down
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8896-L8907"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8896-L8907"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "db47d7a12b3584a2e340567178886e71"
 		logic_hash = "bc666d6333d49a2b01553e1946fc304195193b9be92e26805474e64da61455da"
 		score = 75
@@ -286454,8 +286902,8 @@ rule SIGNATURE_BASE_Cmdshell
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8908-L8919"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8908-L8919"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8a9fef43209b5d2d4b81dfbb45182036"
 		logic_hash = "5e7c7537b355b162d58b8bce570b1f94a8e6b479856685a245ffaed8f9482680"
 		score = 75
@@ -286478,8 +286926,8 @@ rule SIGNATURE_BASE_Zxshell2_0_Rar_Folder_Nc
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8920-L8934"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8920-L8934"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2cd1bf15ae84c5f6917ddb128827ae8b"
 		logic_hash = "6106758aedb33f8983f387a58fcd815c47f793cd2a7ea3b0ebed13dd1d5b6e83"
 		score = 75
@@ -286505,8 +286953,8 @@ rule SIGNATURE_BASE_Portlessinst
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8935-L8948"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8935-L8948"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "74213856fc61475443a91cd84e2a6c2f"
 		logic_hash = "72ca80de2ad2048d1fcbbffeebd0e4fd7d9d47d6736360674e6a85ef9943abe8"
 		score = 75
@@ -286531,8 +286979,8 @@ rule SIGNATURE_BASE_Setupbdoor
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8949-L8960"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8949-L8960"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "41f89e20398368e742eda4a3b45716b6"
 		logic_hash = "b4b6a0e4b9f8975d769d340a420af37dbc344d32c72447a8c56b05e985e6d806"
 		score = 75
@@ -286555,8 +287003,8 @@ rule SIGNATURE_BASE_Phpshell_3
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8961-L8973"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8961-L8973"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e8693a2d4a2ffea4df03bb678df3dc6d"
 		logic_hash = "b86fa40fd7bbcae86926182882faa226530e44c20bc611b8433a7da7f012106c"
 		score = 75
@@ -286580,8 +287028,8 @@ rule SIGNATURE_BASE_BIN_Server
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8974-L8990"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8974-L8990"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1d5aa9cbf1429bb5b8bf600335916dcd"
 		logic_hash = "34f9d78e0f61717fae2945e7a833c2c6d59e28035ee95da2c5d32b4e196bc957"
 		score = 75
@@ -286609,8 +287057,8 @@ rule SIGNATURE_BASE_Hytop2006_Rar_Folder_2006
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L8991-L9002"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L8991-L9002"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c19d6f4e069188f19b08fa94d44bc283"
 		logic_hash = "536232bbdd21bddb88eefe06a82927abcdd3ed10404c052957896960a6d10932"
 		score = 75
@@ -286633,8 +287081,8 @@ rule SIGNATURE_BASE_R57Shell_3
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9003-L9014"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9003-L9014"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "87995a49f275b6b75abe2521e03ac2c0"
 		logic_hash = "0fdca080c7ce57b7bd818a968840aebf3c5c74f188ed062fec794bfadb4e75b0"
 		score = 75
@@ -286657,8 +287105,8 @@ rule SIGNATURE_BASE_Hdconfig
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9015-L9030"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9015-L9030"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7d60e552fdca57642fd30462416347bd"
 		logic_hash = "9001f79db15548cf3ca931d0043d078db7d900ab26093afbf5cd44d0a85800f4"
 		score = 60
@@ -286685,8 +287133,8 @@ rule SIGNATURE_BASE_FSO_S_Ajan_2
 		date = "2025-07-07"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9031-L9043"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9031-L9043"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "22194f8c44524f80254e1b5aec67b03e"
 		logic_hash = "0ac31ee735c94289932369dfba5b408cbf71cc23fd48ce3e09dc7ce640a0d733"
 		score = 75
@@ -286710,8 +287158,8 @@ rule SIGNATURE_BASE_Webshell_And_Exploit_CN_APT_HK : WEBSHELL
 		date = "2014-10-10"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9045-L9060"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9045-L9060"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ec3f1e985585e1bf77a46e971a20cd127064a64467761a5a570548dd63ec57e2"
 		score = 50
 		quality = 85
@@ -286735,8 +287183,8 @@ rule SIGNATURE_BASE_JSP_Browser_APT_Webshell
 		date = "2014-10-10"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9062-L9076"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9062-L9076"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a352bf394f1b4f70218650758db39225a5a505656299405ccd077592d29480a7"
 		score = 60
 		quality = 85
@@ -286760,8 +287208,8 @@ rule SIGNATURE_BASE_JSP_Jfigueiredo_APT_Webshell
 		date = "2014-12-10"
 		modified = "2025-07-07"
 		reference = "http://ceso.googlecode.com/svn/web/bko/filemanager/Browser.jsp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9078-L9091"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9078-L9091"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7efaca469d09ce7ecba4ed38cb0b07d1b9fc4f45172d2ffb6f5d3259c000fdc5"
 		score = 60
 		quality = 85
@@ -286783,8 +287231,8 @@ rule SIGNATURE_BASE_JSP_Jfigueiredo_APT_Webshell_2
 		date = "2014-12-10"
 		modified = "2025-07-07"
 		reference = "http://ceso.googlecode.com/svn/web/bko/filemanager/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9093-L9108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9093-L9108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f7fa5872d8eb4ba1d0b26d966d7650d70b1a10c56945d5a5340b8e1cb5d0f5f0"
 		score = 60
 		quality = 85
@@ -286808,8 +287256,8 @@ rule SIGNATURE_BASE_Webshell_Insomnia
 		date = "2014-12-09"
 		modified = "2025-07-07"
 		reference = "http://www.darknet.org.uk/2014/12/insomniashell-asp-net-reverse-shell-bind-shell/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9110-L9131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9110-L9131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e0cfb2ffaa1491aeaf7d3b4ee840f72d42919d22"
 		logic_hash = "d170c60f94092a38ba4af92283debd059eef2e4c683fd7737ffd60d1a2581d9c"
 		score = 80
@@ -286839,8 +287287,8 @@ rule SIGNATURE_BASE_Hawkeye_PHP_Panel : FILE
 		date = "2014-12-14"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9133-L9148"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9133-L9148"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e29b6df4e3aa3892b10e68218320ac76cecb5a1bbe6c48f2276014b972cbbdd8"
 		score = 60
 		quality = 85
@@ -286865,8 +287313,8 @@ rule SIGNATURE_BASE_Soaksoak_Infected_Wordpress
 		date = "2014-12-15"
 		modified = "2025-07-07"
 		reference = "http://goo.gl/1GzWUX"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9150-L9165"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9150-L9165"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4cba18a0d14be2795d71a1973265a1742beda57636f64c1974001ecf70e3e91d"
 		score = 60
 		quality = 85
@@ -286890,8 +287338,8 @@ rule SIGNATURE_BASE_Pastebin_Webshell
 		date = "2015-01-13"
 		modified = "2025-07-07"
 		reference = "http://goo.gl/7dbyZs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9167-L9189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9167-L9189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e71429e9280c37a90ee77be888ae743a86521d3632afc4eeec480b82a22a1445"
 		score = 70
 		quality = 85
@@ -286920,8 +287368,8 @@ rule SIGNATURE_BASE_Aspxspy2
 		date = "2015-01-24"
 		modified = "2025-07-07"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9191-L9217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9191-L9217"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5642387d92139bfe9ae11bfef6bfe0081dcea197"
 		logic_hash = "59c88f8e2542dcde4bf5123147ea2c1ca408925ca966f3f34a4692a3ba7a0935"
 		score = 75
@@ -286957,8 +287405,8 @@ rule SIGNATURE_BASE_Webshell_27_9_C66_C99 : FILE
 		date = "2016-01-11"
 		modified = "2025-07-07"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9228-L9253"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9228-L9253"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "71ae0a3843151a2eec913f62167b23cf9e0c759b18ebe0759174d3503fb23717"
 		score = 70
 		quality = 85
@@ -286992,8 +287440,8 @@ rule SIGNATURE_BASE_Webshell_Acid_Antisecshell_3 : FILE
 		date = "2016-01-11"
 		modified = "2025-07-07"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9255-L9287"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9255-L9287"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c8c3fcde7afdafe8ead59e24e432fdd4ccae99f96f67b4be3e5a9cd74ff9b2e7"
 		score = 70
 		quality = 85
@@ -287034,8 +287482,8 @@ rule SIGNATURE_BASE_Webshell_C99_4 : FILE
 		date = "2016-01-11"
 		modified = "2025-07-07"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9289-L9320"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9289-L9320"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa095d8da737e24a913eeadaca2882475366bf5cf0911dd9ff44aaa04871cc0f"
 		score = 70
 		quality = 85
@@ -287075,8 +287523,8 @@ rule SIGNATURE_BASE_Webshell_R57Shell_2 : FILE
 		date = "2016-01-11"
 		modified = "2025-07-07"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9322-L9349"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9322-L9349"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2af51c3d181801b14d5dbb3107cd78cf7ab4a590b7967f231ec707b7ee03fa26"
 		score = 70
 		quality = 85
@@ -287112,8 +287560,8 @@ rule SIGNATURE_BASE_Webshell_27_9_Acid_C99_Locus7S : FILE
 		date = "2016-01-11"
 		modified = "2025-07-07"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9351-L9373"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9351-L9373"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3005c09dfcb1f2e33a09ed73e28ef889c74e1f5daf619dd272e0b9b30cdb0f94"
 		score = 70
 		quality = 85
@@ -287144,8 +287592,8 @@ rule SIGNATURE_BASE_Webshell_Backdoor_PHP_Agent_R57_Mod_Bizzz_Shell_R57 : FILE
 		date = "2016-01-11"
 		modified = "2025-07-07"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9375-L9400"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9375-L9400"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "51660ea25d1b2290c0ca30377dbf378cac8d7b7650603f1dbe5b7914c530d5cf"
 		score = 70
 		quality = 85
@@ -287179,8 +287627,8 @@ rule SIGNATURE_BASE_Webshell_C100 : FILE
 		date = "2016-01-11"
 		modified = "2025-07-07"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9402-L9426"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9402-L9426"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cc8c59f70f5ec6c89812b1597e9b864e358593ea5782e359cd483dee1a84b28b"
 		score = 70
 		quality = 85
@@ -287213,8 +287661,8 @@ rule SIGNATURE_BASE_Webshell_Acidpoison : FILE
 		date = "2016-01-11"
 		modified = "2025-07-07"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9428-L9451"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9428-L9451"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "31add38bcdc33d5e4b825bfa18ff1a47d5aa5aaeebd8e3adac533c471aa30629"
 		score = 70
 		quality = 85
@@ -287246,8 +287694,8 @@ rule SIGNATURE_BASE_Webshell_Acid_Fatalisticz_Fx_Fx_P0Ison_Sh3Ll_X0Rg_Byp4Ss_256
 		date = "2016-01-11"
 		modified = "2025-07-07"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9453-L9472"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9453-L9472"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "07cd255247c9a77b1c9b6049a2b96632252ea9572880b10991c6797c14a05d48"
 		score = 70
 		quality = 85
@@ -287275,8 +287723,8 @@ rule SIGNATURE_BASE_Webshell_Ayyildiz : FILE
 		date = "2016-01-11"
 		modified = "2025-07-07"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9474-L9493"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9474-L9493"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8441b7d730e337e002eeb7ae8f489e405409ddbe62f45bbc9a74c935d1d9fe66"
 		score = 70
 		quality = 85
@@ -287304,8 +287752,8 @@ rule SIGNATURE_BASE_Webshell_Zehir : FILE
 		date = "2016-01-11"
 		modified = "2025-07-07"
 		reference = "https://github.com/nikicat/web-malware-collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9495-L9514"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9495-L9514"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c8fda66ada3581d2471b322ae65032b68c69b882c29f7469dd2ed78800c9c5f7"
 		score = 70
 		quality = 85
@@ -287333,8 +287781,8 @@ rule SIGNATURE_BASE_Uploadshell_98038F1Efa4203432349Badabad76D44337319A6 : FILE
 		date = "2016-09-10"
 		modified = "2025-07-07"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9525-L9540"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9525-L9540"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "68f0de84a387a9af1a32dd8d38c66b002e16e1c954a51e6bc307580180faedbf"
 		score = 75
 		quality = 85
@@ -287359,8 +287807,8 @@ rule SIGNATURE_BASE_Dkshell_F0772Be3C95802A2D1E7A4A3F5A45Dcdef6997F3 : FILE
 		date = "2016-09-10"
 		modified = "2025-07-07"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9542-L9556"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9542-L9556"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "81b0a08d1b9d3640e656a5cd08b79c0a2f940a2db5c2d939d19509f993514e86"
 		score = 75
 		quality = 85
@@ -287384,8 +287832,8 @@ rule SIGNATURE_BASE_Unknown_8Af033424F9590A15472A23Cc3236E68070B952E : FILE
 		date = "2016-09-10"
 		modified = "2025-07-07"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9558-L9573"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9558-L9573"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d7dc9a2a5e0800b5061cb2101d7cda023a6e637f1e7b14054fdb6a0b2cec6084"
 		score = 75
 		quality = 85
@@ -287410,8 +287858,8 @@ rule SIGNATURE_BASE_Dkshell_4000Bd83451F0D8501A9Dfad60Dce39E55Ae167D : FILE
 		date = "2016-09-10"
 		modified = "2025-07-07"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9575-L9593"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9575-L9593"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "26d586e32d1b0b7800b4b61f592dadc3dd0583628e4cd3fa4e24e02067077da5"
 		score = 75
 		quality = 85
@@ -287438,8 +287886,8 @@ rule SIGNATURE_BASE_Webshell_5786D7D9F4B0Df731D79Ed927Fb5A124195Fc901 : FILE
 		date = "2016-09-10"
 		modified = "2025-07-07"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9595-L9609"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9595-L9609"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "348ccdf997965fbea791d835f1dd4e2c16d37a17ff4195e585fa4226f18faad6"
 		score = 75
 		quality = 85
@@ -287463,8 +287911,8 @@ rule SIGNATURE_BASE_Webshell_E8Eaf8Da94012E866E51547Cd63Bb996379690Bf : FILE
 		date = "2016-09-10"
 		modified = "2025-07-07"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9611-L9626"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9611-L9626"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "044491f0b07ef606aa76e70a07d161565f9cecf73e8f9f8db63cacc1c475b056"
 		score = 75
 		quality = 85
@@ -287489,8 +287937,8 @@ rule SIGNATURE_BASE_Unknown_0F06C5D1B32F4994C3B3Abf8Bb76D5468F105167 : FILE
 		date = "2016-09-10"
 		modified = "2025-07-07"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9628-L9643"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9628-L9643"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6f4bdf8aecd527335c29a8e964c7d8688c3e77419595d3fd10a6cf3704711816"
 		score = 75
 		quality = 85
@@ -287515,8 +287963,8 @@ rule SIGNATURE_BASE_Wsoshell_0Bbebaf46F87718Caba581163D4Beed56Ddf73A7 : FILE
 		date = "2016-09-10"
 		modified = "2025-07-07"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9645-L9659"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9645-L9659"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bf5090fb909fea690c8a2af3cca35136eda3b9773976189158c25fb8877cc266"
 		score = 75
 		quality = 85
@@ -287540,8 +287988,8 @@ rule SIGNATURE_BASE_Webshell_Generic_1609_A : FILE
 		date = "2016-09-10"
 		modified = "2025-07-07"
 		reference = "https://github.com/bartblaze/PHP-backdoors"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9661-L9676"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9661-L9676"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e5a4bba3a7b1c712203fcc8b85e4089b0ff18a26e96f5a04529616dbfb9de651"
 		score = 75
 		quality = 85
@@ -287566,8 +288014,8 @@ rule SIGNATURE_BASE_Nishang_Webshell : FILE
 		date = "2016-09-11"
 		modified = "2025-07-07"
 		reference = "https://github.com/samratashok/nishang"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9678-L9693"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9678-L9693"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b8a3c8e80a4e41e556e2d65df4126d84723ded6ca623302afc4cc328bded346c"
 		score = 75
 		quality = 85
@@ -287592,8 +288040,8 @@ rule SIGNATURE_BASE_PHP_Webshell_1_Feb17 : FILE
 		date = "2017-02-28"
 		modified = "2025-07-07"
 		reference = "https://isc.sans.edu/diary/Analysis+of+a+Simple+PHP+Backdoor/22127"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9705-L9726"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9705-L9726"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c8576b20ec3f81b3ef0aa5a508c94e07d591d68767cb4598ad10778b4305915d"
 		score = 75
 		quality = 85
@@ -287621,8 +288069,8 @@ rule SIGNATURE_BASE_Webshell_Tiny_JSP_2 : FILE
 		date = "2015-12-05"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9728-L9740"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9728-L9740"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6fd514df9d53293a8cfd4b9c807f993558e39979592aa221f18cd76079c00fb7"
 		score = 100
 		quality = 85
@@ -287644,8 +288092,8 @@ rule SIGNATURE_BASE_Wordpress_Config_Webshell_Preprend : FILE
 		date = "2017-06-25"
 		modified = "2025-07-07"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9752-L9774"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9752-L9774"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "97d7b85fa191380fe8b26ea60c8735a8f7179acc3a496ff0fc0dc5eefde2fe8a"
 		score = 65
 		quality = 85
@@ -287670,8 +288118,8 @@ rule SIGNATURE_BASE_PAS_Webshell_Encoded : FILE
 		date = "2017-07-11"
 		modified = "2025-07-07"
 		reference = "http://blog.talosintelligence.com/2017/07/the-medoc-connection.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9785-L9820"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9785-L9820"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "59f4f8caa60c2367b46f6af1aefa62e03e228b382ff58be3a27dad527a685eca"
 		score = 80
 		quality = 85
@@ -287703,8 +288151,8 @@ rule SIGNATURE_BASE_ALFA_SHELL : FILE
 		date = "2017-09-21"
 		modified = "2025-07-07"
 		reference = "Internal Research - APT33"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9832-L9850"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9832-L9850"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "651568b2b95c9e5c2b60fb3245e5afe4290235979e3df15bad96ccd08ae234ef"
 		score = 75
 		quality = 85
@@ -287732,8 +288180,8 @@ rule SIGNATURE_BASE_Webshell_FOPO_Obfuscation_APT_ON_Nov17_1 : FILE
 		date = "2017-11-17"
 		modified = "2025-07-07"
 		reference = "Internal Research - ON"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9852-L9871"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9852-L9871"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3c5bc3ee0218d4ce6902e49d7f938264ecd158f1f458e2fcef878f06f003ed08"
 		score = 75
 		quality = 85
@@ -287758,8 +288206,8 @@ rule SIGNATURE_BASE_Webshell_Jexboss_JSP_1 : FILE
 		date = "2018-11-08"
 		modified = "2025-07-07"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9873-L9890"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9873-L9890"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f540bbc88bffd0c961837416bd5166fd3cb54b6124ffffbf1cd60e49ab01bd30"
 		score = 75
 		quality = 85
@@ -287785,8 +288233,8 @@ rule SIGNATURE_BASE_Webshell_Jexboss_WAR_1 : FILE
 		date = "2018-11-08"
 		modified = "2025-07-07"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9892-L9915"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9892-L9915"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ee9cb22496d2e36d215caa9c7e295b41cb8434322a0097bbc3d1a365dce0c156"
 		score = 75
 		quality = 85
@@ -287819,8 +288267,8 @@ rule SIGNATURE_BASE_Webshell_Tinyasp : FILE
 		date = "2019-01-09"
 		modified = "2025-07-07"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9917-L9928"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9917-L9928"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d8b7db89ea623d5bcf14476779df727827cfc752d4c6ba4208445fd7305e6943"
 		score = 75
 		quality = 83
@@ -287842,8 +288290,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Mar21_1 : FILE
 		date = "2021-03-12"
 		modified = "2025-07-07"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-webshells.yar#L9930-L9955"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-webshells.yar#L9930-L9955"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "acc0d67326d1f764d6fc54681b38f491c55968ec34e40d181426cfcf418eeb21"
 		score = 75
 		quality = 83
@@ -287876,8 +288324,8 @@ rule SIGNATURE_BASE_Indetectables_RAT : FILE
 		date = "2015-10-01"
 		modified = "2023-12-05"
 		reference = "http://www.sekoia.fr/blog/when-a-brazilian-string-smells-bad/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_indetectables_rat.yar#L8-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_indetectables_rat.yar#L8-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "840a0c92ac731d9e88d0bdccb39598e4ff476e8630ec08f6c4024a31e258ebd0"
 		score = 75
 		quality = 85
@@ -287912,8 +288360,8 @@ rule SIGNATURE_BASE_Bergsilva_Malware : FILE
 		date = "2015-10-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_indetectables_rat.yar#L35-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_indetectables_rat.yar#L35-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "03b823040a057ffbef9bcb3094a672fd75e141f3e82c77548adbe1c465d329fb"
 		score = 75
 		quality = 85
@@ -287944,8 +288392,8 @@ rule SIGNATURE_BASE_Apt28_Win_Zebrocy_Golang_Loader_Modified : FILE
 		date = "2018-12-25"
 		modified = "2023-12-05"
 		reference = "https://www.vkremez.com/2018/12/lets-learn-progression-of-apt28sofacy.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_zebrocy.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_zebrocy.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "799f4457eb2bdeeb7c9383e2b4e9572a41d9adbfe4a1a9c3b0fa1c9fc6077e40"
 		score = 75
 		quality = 79
@@ -287976,8 +288424,8 @@ rule SIGNATURE_BASE_Silence_Malware_1 : FILE
 		date = "2017-11-01"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/the-silence/83009/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_silence.yar#L13-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_silence.yar#L13-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b88795268c080fe19f7e185d1542b520616fe6c00bae23a99981aa1ee8abacb3"
 		score = 75
 		quality = 85
@@ -288008,8 +288456,8 @@ rule SIGNATURE_BASE_Silence_Malware_2 : FILE
 		date = "2017-11-01"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/the-silence/83009/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_silence.yar#L40-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_silence.yar#L40-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8cb6320eac984b7a332c1c84582a7ca7e90d409e518106c4e7655948f6863889"
 		score = 75
 		quality = 85
@@ -288038,8 +288486,8 @@ rule SIGNATURE_BASE_SUSP_Bad_PDF : FILE
 		date = "2018-05-03"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_bad_pdf.yar#L1-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_bad_pdf.yar#L1-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "59b159aaccf5c3b64fee17831c1e3a1ca99b60dbb725ad25a4ddad47cdc442d7"
 		score = 65
 		quality = 85
@@ -288063,8 +288511,8 @@ rule SIGNATURE_BASE_EXPL_Manageengine_CVE_2022_47966_Jan23_1
 		date = "2023-01-13"
 		modified = "2023-12-05"
 		reference = "https://www.horizon3.ai/manageengine-cve-2022-47966-iocs/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_manageengine_jan23.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_manageengine_jan23.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a62064e4f12632ba6c14cbbd9369ee919536334f19021a177c126b5dff7e568c"
 		score = 75
 		quality = 85
@@ -288085,8 +288533,8 @@ rule SIGNATURE_BASE_Apt_CN_Tetris_JS_Advanced_1 : FILE
 		date = "2020-09-06"
 		modified = "2023-12-05"
 		reference = "https://imp0rtp3.wordpress.com/2021/08/12/tetris"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_tetris.yar#L2-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_tetris.yar#L2-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ec4ba53fea05c5331ed900b8c7da4cddd4ab64e87dfc165ac18d72d22f754d87"
 		score = 75
 		quality = 85
@@ -288113,8 +288561,8 @@ rule SIGNATURE_BASE_Apt_CN_Tetrisplugins_JS : FILE
 		date = "2020-09-06"
 		modified = "2023-12-05"
 		reference = "https://imp0rtp3.wordpress.com/2021/08/12/tetris"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_tetris.yar#L34-L114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_tetris.yar#L34-L114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa77d622584e79c86139b9c0f0b8ff46fc10461d0776e46c93490b6bb667afcf"
 		score = 75
 		quality = 60
@@ -288175,8 +288623,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Implantstrings : FILE
 		date = "2015-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hellsing_kaspersky.yar#L2-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hellsing_kaspersky.yar#L2-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d62dc766a40d1dc7044cc5c9f07a78d36e231b771fafb52442b26514f4c603db"
 		score = 75
 		quality = 85
@@ -288213,8 +288661,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Installer : FILE
 		date = "2015-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hellsing_kaspersky.yar#L31-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hellsing_kaspersky.yar#L31-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "556898e9507835d93e2cf7e21e997b6e64dc154ac675b429f5f8226bf929309c"
 		score = 75
 		quality = 85
@@ -288248,8 +288696,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Proxytool : FILE
 		date = "2015-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hellsing_kaspersky.yar#L56-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hellsing_kaspersky.yar#L56-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8f2656e7b4e6fb5336fb4e39bcec3e99531db532f757b65e3aa12cd2a4334840"
 		score = 50
 		quality = 85
@@ -288277,8 +288725,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Xkat : FILE
 		date = "2015-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hellsing_kaspersky.yar#L76-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hellsing_kaspersky.yar#L76-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ba74ca11c96e59a04f1cb57b4866df7a581ad94ca81230f2ca5068c8808297aa"
 		score = 75
 		quality = 85
@@ -288312,8 +288760,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Msgertype2 : FILE
 		date = "2015-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hellsing_kaspersky.yar#L99-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hellsing_kaspersky.yar#L99-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "232e4dfd8d236da223240d9a4ec3f8bfa635d51d7376ff19dfa5579af31fc47f"
 		score = 75
 		quality = 85
@@ -288341,8 +288789,8 @@ rule SIGNATURE_BASE_Apt_Hellsing_Irene : FILE
 		date = "2015-04-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hellsing_kaspersky.yar#L119-L137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hellsing_kaspersky.yar#L119-L137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e7da04083468dba7045b55181642d7cd57d543fbeda24685ba2ac63799740798"
 		score = 75
 		quality = 85
@@ -288370,8 +288818,8 @@ rule SIGNATURE_BASE_Win_Privesc_Gp3Finder_V4_0 : FILE
 		date = "2016-06-02"
 		modified = "2023-12-05"
 		reference = "http://grimhacker.com/2015/04/10/gp3finder-group-policy-preference-password-finder/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_win_privesc.yar#L10-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_win_privesc.yar#L10-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7d5618315ae5293ce1aea18d255d08bb007f39a466021fb636605684433da158"
 		score = 80
 		quality = 60
@@ -288396,8 +288844,8 @@ rule SIGNATURE_BASE_Win_Privesc_Folderperm
 		date = "2016-06-02"
 		modified = "2023-12-05"
 		reference = "http://www.greyhathacker.net/?p=738"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_win_privesc.yar#L28-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_win_privesc.yar#L28-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "899fda75e4c6d9f588767e5170dbd30241a492ba89f7cc1b0ad4adb2fcd173cb"
 		score = 80
 		quality = 85
@@ -288422,8 +288870,8 @@ rule SIGNATURE_BASE_Win_Privesc_Adaclscan4_3
 		date = "2016-06-02"
 		modified = "2023-12-05"
 		reference = "https://adaclscan.codeplex.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_win_privesc.yar#L46-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_win_privesc.yar#L46-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ca657e5c4172d240f46a890fc112ee89d5bdf9e35e7d412332ee11bdaf166215"
 		score = 60
 		quality = 85
@@ -288449,8 +288897,8 @@ rule SIGNATURE_BASE_MAL_Cryprat_Jan19_1 : FILE
 		date = "2019-01-07"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_cryp_rat.yar#L3-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_cryp_rat.yar#L3-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "69f8a581bae1a2c411e09e8fe01a979645ef897038af868d8e9f2a2ce9188080"
 		score = 90
 		quality = 85
@@ -288472,8 +288920,8 @@ rule SIGNATURE_BASE_Git_CVE_2017_9800_Poc : CVE_2017_9800 FILE
 		date = "2017-08-11"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/mzbat/status/895811803325898753"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2017_9800.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2017_9800.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1cfd0c5cb255d3ca63917c41c092df70d68b04f5d210a66abd5e35e509ff4beb"
 		score = 60
 		quality = 85
@@ -288497,8 +288945,8 @@ rule SIGNATURE_BASE_Mal_Dropper_Httpexe_From_CAB : FILE
 		date = "2016-05-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/13Wgy1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_danti_svcmondr.yar#L10-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_danti_svcmondr.yar#L10-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d114a3ab348bba49a78852b87b712908bc974bf35a2b841099a232e761cad8f2"
 		score = 60
 		quality = 85
@@ -288522,8 +288970,8 @@ rule SIGNATURE_BASE_Mal_Http_EXE : FILE
 		date = "2016-05-25"
 		modified = "2023-01-27"
 		reference = "https://goo.gl/13Wgy1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_danti_svcmondr.yar#L27-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_danti_svcmondr.yar#L27-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0e28b64bbfd2b6d40f4bd82373624d22df3d5c45c22d7155747f0ff33976207d"
 		score = 80
 		quality = 85
@@ -288561,8 +289009,8 @@ rule SIGNATURE_BASE_Mal_Potplayer_DLL : FILE
 		date = "2016-05-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/13Wgy1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_danti_svcmondr.yar#L60-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_danti_svcmondr.yar#L60-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1d1b68fa8de2e4ddfa71cbcd5e166181370172cc8a3167ade2da393e4f7998f1"
 		score = 70
 		quality = 85
@@ -288587,8 +289035,8 @@ rule SIGNATURE_BASE_Mywscript_Compiledscript : FILE
 		date = "2017-07-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_mywscript_dropper.yar#L10-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_mywscript_dropper.yar#L10-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5619de9589e3d34026bf4ec223f2c6b94fcb7362c8f3c26f7582030cfc4385cf"
 		score = 65
 		quality = 85
@@ -288613,8 +289061,8 @@ rule SIGNATURE_BASE_Win32_Buzus_Softpulse : FILE
 		date = "2015-05-13"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_buzus_softpulse.yar#L2-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_buzus_softpulse.yar#L2-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2f6df200e63a86768471399a74180466d2e99ea9"
 		logic_hash = "49625594db57e9d629860970c20493b76e554addc2edb41adba64673a820a94b"
 		score = 75
@@ -288643,8 +289091,8 @@ rule SIGNATURE_BASE_APT_UNC5221_Ivanti_Forensicartifacts_Jan24_1 : FILE
 		date = "2024-01-11"
 		modified = "2024-04-24"
 		reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_report_ivanti_mandiant_jan24.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_report_ivanti_mandiant_jan24.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7f485f41072f5584dc76e71564e13066d9fe41685f33bff9c2886fa7d2155f94"
 		score = 75
 		quality = 85
@@ -288667,8 +289115,8 @@ rule SIGNATURE_BASE_M_Hunting_Backdoor_ZIPLINE_1 : FILE
 		date = "2024-01-11"
 		modified = "2024-04-24"
 		reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_report_ivanti_mandiant_jan24.yar#L18-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_report_ivanti_mandiant_jan24.yar#L18-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "41857ba465dd1f2e1aa8c1eed36b73606385eeedf233fd480bb8a4ef15499174"
 		score = 75
 		quality = 85
@@ -288694,8 +289142,8 @@ rule SIGNATURE_BASE_M_Hunting_Dropper_WIREFIRE_1 : FILE
 		date = "2024-01-11"
 		modified = "2024-04-24"
 		reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_report_ivanti_mandiant_jan24.yar#L40-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_report_ivanti_mandiant_jan24.yar#L40-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6de651357a15efd01db4e658249d4981"
 		logic_hash = "c389a666bd093cdd7700385da43c8fa58b9f3d899e658c516df0f3aca439401d"
 		score = 75
@@ -288721,8 +289169,8 @@ rule SIGNATURE_BASE_M_Hunting_Webshell_LIGHTWIRE_2 : FILE
 		date = "2024-01-11"
 		modified = "2024-01-12"
 		reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_report_ivanti_mandiant_jan24.yar#L60-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_report_ivanti_mandiant_jan24.yar#L60-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3d97f55a03ceb4f71671aa2ecf5b24e9"
 		logic_hash = "37b22a6c45dd53bc7b3f0c75cc5072e990246fea24591d192176c0b496e92084"
 		score = 75
@@ -288748,8 +289196,8 @@ rule SIGNATURE_BASE_M_Hunting_Dropper_THINSPOOL_1 : FILE
 		date = "2024-01-11"
 		modified = "2024-04-24"
 		reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_report_ivanti_mandiant_jan24.yar#L83-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_report_ivanti_mandiant_jan24.yar#L83-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "677c1aa6e2503b56fe13e1568a814754"
 		logic_hash = "a8043822cd36a802ba6656c42085f09d67cedb0689c9da48438d788b320bd6c0"
 		score = 75
@@ -288774,8 +289222,8 @@ rule SIGNATURE_BASE_M_Hunting_Credtheft_WARPWIRE_1 : FILE
 		date = "2024-01-11"
 		modified = "2024-04-24"
 		reference = "https://www.mandiant.com/resources/blog/suspected-apt-targets-ivanti-zero-day"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_report_ivanti_mandiant_jan24.yar#L102-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_report_ivanti_mandiant_jan24.yar#L102-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d0c7a334a4d9dcd3c6335ae13bee59ea"
 		logic_hash = "8029df5998166ab3db3319b0dd765ef3356b4b44dc16d2d418015a0f7ffac97e"
 		score = 75
@@ -288801,8 +289249,8 @@ rule SIGNATURE_BASE_PUP_Computraceagent : FILE
 		date = "2018-05-01"
 		modified = "2023-12-05"
 		reference = "https://asert.arbornetworks.com/lojack-becomes-a-double-agent/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fancybear_computrace_agent.yar#L1-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fancybear_computrace_agent.yar#L1-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "65e964e68be1e286ab3aa39677e250cf5994a7a08d0f6db286c0260cf77d6c48"
 		score = 75
 		quality = 85
@@ -288825,8 +289273,8 @@ rule SIGNATURE_BASE_Trojan_Win32_Adupib_1 : PLATINUM
 		date = "2016-04-12"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ms_platinum.yara#L101-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ms_platinum.yara#L101-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d3ad0933e1b114b14c2b3a2c59d7f8a95ea0bcbd"
 		logic_hash = "4d93b6a041468b51763d9497acf3d01ee59ac05f1807a6b140c557ef96d26df9"
 		score = 75
@@ -288855,8 +289303,8 @@ rule SIGNATURE_BASE_Apt_Win32_Dll_Rat_1A53B0Cp32E46G0Qio7 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_inocnation.yar#L1-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_inocnation.yar#L1-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "824997d8c8845838420f226b60de544f33a50327fa67aea472de6eaf1b6b4492"
 		score = 75
 		quality = 85
@@ -288888,8 +289336,8 @@ rule SIGNATURE_BASE_MAL_Backdoor_DLL_Nov23_1 : CVE_2023_4966 FILE
 		date = "2023-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6788d37301bb82bd4d9584e192e2fb14d4f6c77801b70299097d8ba139219394"
 		score = 80
 		quality = 85
@@ -288917,8 +289365,8 @@ rule SIGNATURE_BASE_MAL_Trojan_DLL_Nov23 : CVE_2023_4966 FILE
 		date = "2023-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L24-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L24-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9be42742711b4d0440244b507945e074b61c456588580b3263f899a7eb84d8aa"
 		score = 80
 		quality = 85
@@ -288942,8 +289390,8 @@ rule SIGNATURE_BASE_MAL_DLL_Stealer_Nov23 : CVE_2023_4966 FILE
 		date = "2023-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L41-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L41-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7d0c46d855973cb2c0636aed9c67cfbe47ca260ab1bc842fef1d532725c26910"
 		score = 80
 		quality = 85
@@ -288965,8 +289413,8 @@ rule SIGNATURE_BASE_MAL_Python_Backdoor_Script_Nov23 : CVE_2023_4966 FILE
 		date = "2023-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L56-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L56-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b336f6438a420af49b1b0144039f1051f12c0c54f77a94e2f947f71d1f6230b3"
 		score = 80
 		quality = 85
@@ -288990,8 +289438,8 @@ rule SIGNATURE_BASE_APT_RANSOM_Lockbit_Forensicartifacts_Nov23
 		date = "2023-11-22"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-325a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L73-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ransom_lockbit_citrixbleed_nov23.yar#L73-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6ba1d47e2cac72143c4612c420777024f114afc007c7b15251a58819654aeff1"
 		score = 75
 		quality = 85
@@ -289013,8 +289461,8 @@ rule SIGNATURE_BASE_SUSP_Deviceguard_WDS_Evasion : FILE
 		date = "2015-01-01"
 		modified = "2023-01-06"
 		reference = "http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_deviceguard_evasion.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_deviceguard_evasion.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4be9d7c34f7bafeb53db4fc1262a3692493b2253b0de7dc97480b01b62a9f12c"
 		score = 70
 		quality = 85
@@ -289037,8 +289485,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Csharpsetthreadcontext : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/djhohnstein/CSharpSetThreadContext"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L6-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L6-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1fab70ce4bb1a00d8e8155ce7d859aa2f8d193dd40378a8fff0fdfb1c94f9a76"
 		score = 75
 		quality = 85
@@ -289061,8 +289509,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_DLL_Injection : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/ihack4falafel/DLL-Injection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L22-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L22-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a9ad0c7a68602214cf31d9b065b9b2c5f7eb616bcec0f3428e958c0f762282b2"
 		score = 75
 		quality = 85
@@ -289084,8 +289532,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Limeusb_Csharp : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/LimeUSB-Csharp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L37-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L37-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cd5b12c43046e56ebef78104fd7a9389476686bd4adca4964fc8b559432ae236"
 		score = 75
 		quality = 85
@@ -289107,8 +289555,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ladon : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/k8gege/Ladon"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L52-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L52-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1a2c6d3bb2964847aaff4828bbd7b75301e287bcff3f27324bc7767c0f73820f"
 		score = 75
 		quality = 85
@@ -289130,8 +289578,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Whitelistevasion : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/khr0x40sh/WhiteListEvasion"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L67-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L67-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "38838b45c3c7359e49f890f5f7608e5a6026421e83b0ef7371c8558c571395a6"
 		score = 75
 		quality = 85
@@ -289153,8 +289601,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lime_Downloader : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Lime-Downloader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L82-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L82-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8086f6be648bcb5535b98aafc5fd898dc975273eec3c19a54263f74bb7c0f629"
 		score = 75
 		quality = 85
@@ -289176,8 +289624,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Darkeye : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/K1ngSoul/DarkEye"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L97-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L97-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7571ed93fd3ea690549ab35682b0073e1c2b9ac57e36394d35794aba7c50b79e"
 		score = 75
 		quality = 85
@@ -289199,8 +289647,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpkatz : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/b4rtik/SharpKatz"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L112-L125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L112-L125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8899192a8006bb31ce4277fc371a30b301ffc1a42030ca3a4059a2b53c889bae"
 		score = 75
 		quality = 85
@@ -289222,8 +289670,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Externalc2 : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/ryhanson/ExternalC2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L127-L141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L127-L141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "81042972411ab82da8460f9e263614f563bc67e3ce585f1a955b565b066ee8c9"
 		score = 75
 		quality = 85
@@ -289246,8 +289694,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Povlsomware : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/povlteksttv/Povlsomware"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L143-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L143-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f8e246080ffcaa73ad727d2d9a1f2b75f2d413b49dff0c3b50831a41e1f14a2f"
 		score = 75
 		quality = 85
@@ -289269,8 +289717,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Runshellcode : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/zerosum0x0/RunShellcode"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L158-L171"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L158-L171"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5df20e170651f32e41a905992d0bb52542638e2d0a56841db900b70e324c9afe"
 		score = 75
 		quality = 85
@@ -289292,8 +289740,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharploginprompt : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/shantanu561993/SharpLoginPrompt"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L173-L186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L173-L186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e8abbc67d568956bf98e733b1e98910d0501225d4a0dc0bec6be9b572fcc2b36"
 		score = 75
 		quality = 85
@@ -289315,8 +289763,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Adamantium_Thief : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/LimerBoy/Adamantium-Thief"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L188-L201"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L188-L201"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "37303dd37952d08ca2f85d03b4a9a8d52a3c55870e1350bca7ac84749942dfd8"
 		score = 75
 		quality = 85
@@ -289338,8 +289786,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Psbypassclm : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/padovah4ck/PSByPassCLM"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L203-L216"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L203-L216"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a2646ff961b5fc94035fae0b7e5afedc054dfcfe710701dbf9ba17674c2bb6c8"
 		score = 75
 		quality = 85
@@ -289361,8 +289809,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Physmem2Profit : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/FSecureLABS/physmem2profit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L218-L231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L218-L231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "57e6159bc047c372bb7fa9ac0f77183fe06fe3f41b83039f8b0185f2743cc774"
 		score = 75
 		quality = 85
@@ -289384,8 +289832,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Noamci : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/med0x2e/NoAmci"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L233-L246"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L233-L246"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7d934503bab7318930f958b1818037f00d3d5be7f5f89f3b519c5072bb4fee03"
 		score = 75
 		quality = 85
@@ -289407,8 +289855,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpblock : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/CCob/SharpBlock"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L248-L261"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L248-L261"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7bc689efc6f89ac685f1066da4e9735a0e2b985008679c51e14664cebdaebe4a"
 		score = 75
 		quality = 85
@@ -289430,8 +289878,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Nopowershell : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/bitsadmin/nopowershell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L263-L276"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L263-L276"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5e4088d451cdc939608fb82f0259d3b60ce8247dfd2f76de839681c9e3d60414"
 		score = 75
 		quality = 85
@@ -289453,8 +289901,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Limelogger : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/LimeLogger"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L278-L291"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L278-L291"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "58588726f5f548b9aa948eac6d752404aa43fed18ccd4340422a652b9b061c9b"
 		score = 75
 		quality = 85
@@ -289476,8 +289924,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Aggressorscripts : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/harleyQu1nn/AggressorScripts"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L293-L306"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L293-L306"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b5d84b6dea0290b901f1d911f341a2b15ab42cf9197775d9bb2f613f4baeb69d"
 		score = 75
 		quality = 85
@@ -289499,8 +289947,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Gopher : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/EncodeGroup/Gopher"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L308-L321"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L308-L321"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "430727d064ae07a4ca4411ee78fe74c684ce21d287283467c1afb9795545003e"
 		score = 75
 		quality = 85
@@ -289522,8 +289970,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Aviator : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Ch0pin/AVIator"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L323-L336"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L323-L336"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9101444f7d9306058a42b0325fefc0a088d1669932e4a6ba23b387829f01a097"
 		score = 75
 		quality = 85
@@ -289545,8 +289993,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Njcrypter : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xPh0enix/njCrypter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L338-L352"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L338-L352"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2e3c616b75e15ad082cf0871b7ef8e04f0c2a937000f4bea6927962451ac7f12"
 		score = 75
 		quality = 85
@@ -289569,8 +290017,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpminidump : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/b4rtik/SharpMiniDump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L354-L367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L354-L367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eea9a60c5d0acb1ffa7cbfec59f2a3f7f29b507fba2c3694480627c583d24c97"
 		score = 75
 		quality = 85
@@ -289592,8 +290040,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Cinarat : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/wearelegal/CinaRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L369-L383"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L369-L383"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d3e006450f3bd35d9d8b0d5c74470f555917d8b3583285ac3ac925ce2a83972b"
 		score = 75
 		quality = 85
@@ -289616,8 +290064,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Toxiceye : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/LimerBoy/ToxicEye"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L385-L398"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L385-L398"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "58070408e4c08d20a3f37a2bf59f4b125ef4608e9ee3e7ed5fe1e26ad51b6c88"
 		score = 75
 		quality = 85
@@ -289639,8 +290087,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Disable_Windows_Defender : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Disable-Windows-Defender"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L400-L413"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L400-L413"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "65cc86433a3c4cb22ad54065b90010a0f3eb18ad8791c45343d103deea880195"
 		score = 75
 		quality = 85
@@ -289662,8 +290110,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dinvoke_Poc : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/dtrizna/DInvoke_PoC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L415-L428"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L415-L428"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "51299abecf7244d150e7c148b5896cd64bcf5817a9a962013d6a986891bd321f"
 		score = 75
 		quality = 85
@@ -289685,8 +290133,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Reverseshell : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/chango77747/ReverseShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L430-L444"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L430-L444"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cf8220444b6ffe810451e4754f8561e80acd99f8b5fbb013e8eef488b3c4243e"
 		score = 75
 		quality = 85
@@ -289709,8 +290157,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpc2 : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/SharpC2/SharpC2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L446-L464"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L446-L464"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5439cbe057d5735e3d35ac01966fc65ca0727e1c1c353564d38d1c20bb04484a"
 		score = 75
 		quality = 85
@@ -289737,8 +290185,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sneakyexec : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/HackingThings/SneakyExec"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L466-L479"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L466-L479"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cb2d505666c4395c9e43607468332c7559807d4da063eb69b31638f2520fee0e"
 		score = 75
 		quality = 85
@@ -289760,8 +290208,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Urbanbishoplocal : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/slyd0g/UrbanBishopLocal"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L481-L494"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L481-L494"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cd0ded2fbfbf0fb8c53928e3f1bc4425bfa6112b92b609f421d517f931814faa"
 		score = 75
 		quality = 85
@@ -289783,8 +290231,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpshell : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/cobbr/SharpShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L496-L510"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L496-L510"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9d49e6a85514fb47bd6875372cbbc8fc1d30e8572ce6e5caa594da07f58d4c06"
 		score = 75
 		quality = 85
@@ -289807,8 +290255,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Evilwmiprovider : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/sunnyc7/EvilWMIProvider"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L512-L525"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L512-L525"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "431aa788d1cd192803ad7a5cc66ea48b7a83d47e009c42280e3e77c6ffb8662c"
 		score = 75
 		quality = 85
@@ -289830,8 +290278,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Gadgettojscript : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/med0x2e/GadgetToJScript"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L527-L541"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L527-L541"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b072024bc927eaff8bb81bc660dd55a126f9b78e5db591042137b59647631544"
 		score = 75
 		quality = 85
@@ -289854,8 +290302,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Azurecli_Extractor : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/0x09AL/AzureCLI-Extractor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L543-L556"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L543-L556"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6c55a291ba3475a7c7faa2a0152c04b01066a3b3569a5fb052c092b08a8e75ae"
 		score = 75
 		quality = 85
@@ -289877,8 +290325,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_UAC_Escaper : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/UAC-Escaper"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L558-L571"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L558-L571"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8b7315970124c7997ca7d7d21e6c26ac9c905cdbc1ee009f7800b6bc98f9c3d4"
 		score = 75
 		quality = 85
@@ -289900,8 +290348,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Httpsbeaconshell : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/limbenjamin/HTTPSBeaconShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L573-L586"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L573-L586"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4e51832b9a5f7b82da2f11bcb34664b0a8d0308b0e823436f4339233c07213b3"
 		score = 75
 		quality = 85
@@ -289923,8 +290371,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Amsiscanbufferbypass : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/rasta-mouse/AmsiScanBufferBypass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L588-L601"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L588-L601"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "227b9878e11d1e14aa216cc9d46364cff727b1443f4c18f083971be8dd5e603c"
 		score = 75
 		quality = 85
@@ -289946,8 +290394,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Shellcodeloader : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Hzllaga/ShellcodeLoader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L603-L616"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L603-L616"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3461e21a0a0661be9830023d56ecdd0434ab9f32328118ad87b2216061851127"
 		score = 75
 		quality = 85
@@ -289969,8 +290417,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Keystrokeapi : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/fabriciorissetto/KeystrokeAPI"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L618-L632"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L618-L632"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "36690992d1e5f3df52ad3a3fc218335ee78ce5e1bf7433fa769c8ee618f00b9e"
 		score = 75
 		quality = 85
@@ -289993,8 +290441,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Shellcoderunner : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/antman1p/ShellCodeRunner"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L634-L648"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L634-L648"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fecb1562fe42fa512ab3dd932019fa9ba2c09d574e909361c3af9e190cd5db17"
 		score = 75
 		quality = 85
@@ -290017,8 +290465,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Offensivecsharp : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/diljith369/OffensiveCSharp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L650-L674"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L650-L674"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "64beb345845aeb7083a2c35d94fa433e95dd810b82c0cf392dd5e3de3bb5b110"
 		score = 75
 		quality = 85
@@ -290051,8 +290499,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_SHAPESHIFTER : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/matterpreter/SHAPESHIFTER"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L676-L689"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L676-L689"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "87804b4f657dd838e969e41320d08455470611688f1624632df03868d204490d"
 		score = 75
 		quality = 85
@@ -290074,8 +290522,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Evasor : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/cyberark/Evasor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L691-L704"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L691-L704"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "883dcb8214c036d4a81ee09f97f206f19f24c6a6526437ba61145cb01cb2b1ba"
 		score = 75
 		quality = 85
@@ -290097,8 +290545,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Stracciatella : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/mgeeky/Stracciatella"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L706-L719"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L706-L719"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ca28e325cd98f2c9793c434dfd57404e17ed80e57023095d877993a01ee718ee"
 		score = 75
 		quality = 85
@@ -290120,8 +290568,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Logger : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/xxczaki/logger"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L721-L734"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L721-L734"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bf77dcb7fccad566e998df42e9a8248a117a8636500b80fe885d756cfa999f37"
 		score = 75
 		quality = 85
@@ -290143,8 +290591,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Internal_Monologue : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/eladshamir/Internal-Monologue"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L736-L750"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L736-L750"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "983273ebcba36e8a22d5bda8bdbba0e1fb31fb128a76a7b39aa012bc83873aff"
 		score = 75
 		quality = 85
@@ -290167,8 +290615,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_GRAT2 : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/r3nhat/GRAT2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L752-L765"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L752-L765"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "535f24d46b317dc5c74779931deb92dd922a79cba4f48588763a3d717bbdec82"
 		score = 75
 		quality = 85
@@ -290190,8 +290638,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Powershdll : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/p3nt4/PowerShdll"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L767-L780"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L767-L780"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0c2b4a2e3008605c35296d2064d4ab3dbb62230db57d1756f0c11e47a303c007"
 		score = 75
 		quality = 85
@@ -290213,8 +290661,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Csharpamsibypass : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/WayneJLee/CsharpAmsiBypass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L782-L795"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L782-L795"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "65daf297f51dd75ed3616504df96aea9b7a61aebd5a3b43c208f1709daedc193"
 		score = 75
 		quality = 85
@@ -290236,8 +290684,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Hastyseries : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/obscuritylabs/HastySeries"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L797-L819"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L797-L819"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4987c7afbf339a6a21634eb4647a0b09bfa149d330b7fb2aea2467a25e629c62"
 		score = 75
 		quality = 85
@@ -290268,8 +290716,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dreamprotectorfree : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Paskowsky/DreamProtectorFree"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L821-L834"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L821-L834"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bd8a6373695b9ab69fdf9e7f4a65c2db4e7a5f6f04f6d308ec352322a396aa44"
 		score = 75
 		quality = 85
@@ -290291,8 +290739,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Redsharp : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/padovah4ck/RedSharp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L836-L849"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L836-L849"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b751bedba84e8fc253686a7acd33e46a96140f2903f99ce1df6b4932d475bf30"
 		score = 75
 		quality = 85
@@ -290314,8 +290762,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_ESC : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NetSPI/ESC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L851-L865"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L851-L865"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0a8244145b25260912c8b1d2968fe33fb8497762a6d8f2bbb88a734346990d55"
 		score = 75
 		quality = 85
@@ -290338,8 +290786,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Csharp_Loader : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Csharp-Loader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L867-L880"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L867-L880"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aa1a176ce3dbf6ae43d921822d2ab1689a4bf74077fa2a9aa72534ab3cfa3ecc"
 		score = 75
 		quality = 85
@@ -290361,8 +290809,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Bantam : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/gellin/bantam"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L882-L895"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L882-L895"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2dce37cd31fa359658519bd50fbb335fc6fd82af5e78a4d86d173d3628e0951f"
 		score = 75
 		quality = 85
@@ -290384,8 +290832,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharptask : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/jnqpblc/SharpTask"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L897-L910"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L897-L910"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c3f4ddf4ea9389e01611880a47f2a199938e9a5e0f05df4e7f772f7a9acedc61"
 		score = 75
 		quality = 85
@@ -290407,8 +290855,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Windowsplague : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/RITRedteam/WindowsPlague"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L912-L925"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L912-L925"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "01ad0621f2bb129fd963093b65cd054bc2a2e185f21041c779b02b1e63475a1c"
 		score = 75
 		quality = 85
@@ -290430,8 +290878,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Misc_Csharp : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/jnqpblc/Misc-CSharp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L927-L941"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L927-L941"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "32893d4396842c3df3756d7090a1e86bf73c5ad2476aab5d6c53db8bdae9c31a"
 		score = 75
 		quality = 85
@@ -290454,8 +290902,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpspray : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/jnqpblc/SharpSpray"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L943-L956"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L943-L956"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "15ad567589656894f0da6ee56c26f48868936db015d0b41c04ccd6fd56f5753e"
 		score = 75
 		quality = 85
@@ -290477,8 +290925,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Obfuscator : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/3xpl01tc0d3r/Obfuscator"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L958-L971"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L958-L971"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "523ce9e83bd6cd7152d86fe77a441a3f721d79f8df45c4041e47cae4b15673d5"
 		score = 75
 		quality = 85
@@ -290500,8 +290948,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Safetykatz : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/SafetyKatz"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L973-L986"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L973-L986"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "08b1e8ee951140dc6ac07f2646e0bf84bb22bea9948d231e1ba8d4cf0a28a2e8"
 		score = 75
 		quality = 85
@@ -290523,8 +290971,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dropless_Malware : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Dropless-Malware"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L988-L1001"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L988-L1001"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "833b7758aea58d3065c2c3153f0ab21b7b6a54f7e7083655f2a52c2861080f7d"
 		score = 75
 		quality = 85
@@ -290546,8 +290994,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_UAC_Silentclean : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/EncodeGroup/UAC-SilentClean"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1003-L1016"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1003-L1016"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "32d331148578923e7f5017ce874f9daa234a759ea5a87cbddc1e111834acf920"
 		score = 75
 		quality = 85
@@ -290569,8 +291017,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Desktopgrabber : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/DesktopGrabber"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1018-L1031"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1018-L1031"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1937fa6b9e5af3c12a2eef6356aed2c93e6534db492ebc7a8955c4cac240a840"
 		score = 75
 		quality = 85
@@ -290592,8 +291040,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Wsmanager : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/guillaC/wsManager"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1033-L1046"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1033-L1046"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cbcdcf8c4895263b881f45f54df01b6a6a3d76cf1be195475217ccffa9eedfed"
 		score = 75
 		quality = 85
@@ -290615,8 +291063,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Uglyexe : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/fashionproof/UglyEXe"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1048-L1061"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1048-L1061"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "caf7c8ae7060822e0014710e521020e5d502eedb505165374b7600b11dea7bad"
 		score = 75
 		quality = 85
@@ -290638,8 +291086,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpdump : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/SharpDump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1063-L1076"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1063-L1076"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "95217122df1b56132e7774c10c0e993d914cdf8e2463f949cfbab59cb0d99ca4"
 		score = 75
 		quality = 85
@@ -290661,8 +291109,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Educationalrat : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/securesean/EducationalRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1078-L1091"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1078-L1091"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c46fee5ff948537fb1defe636f3987b3de52b2e37a1130b4b425c6645d74b11b"
 		score = 75
 		quality = 85
@@ -290684,8 +291132,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Stealth_Kid_RAT : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/ctsecurity/Stealth-Kid-RAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1093-L1107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1093-L1107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9a885a48053d501273fc8043e990166558458239781feb9e09f972c52d57e8da"
 		score = 75
 		quality = 85
@@ -290708,8 +291156,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcradle : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/anthemtotheego/SharpCradle"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1109-L1122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1109-L1122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4213877aaf5606c9e5f3f38a1f057f8068e0fa062a5f1eb4389d83c6032df6c3"
 		score = 75
 		quality = 85
@@ -290731,8 +291179,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Bypassuac : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/cnsimo/BypassUAC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1124-L1138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1124-L1138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "05dbd4d443664735a10bd48dbbda4edf7ba3756c9dd3f53cb25e066e8f5f1b61"
 		score = 75
 		quality = 85
@@ -290755,8 +291203,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Hanzoinjection : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/P0cL4bs/hanzoInjection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1140-L1153"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1140-L1153"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "692e5288fffb8eb65b6f84017c31bb3d5d7320c141cd5a60eef6d9482385bb88"
 		score = 75
 		quality = 85
@@ -290778,8 +291226,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Clr_Meterpreter : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/OJ/clr-meterpreter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1155-L1173"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1155-L1173"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5d48897457c5f3ea7a9c24a24ab63207c3841bc3ac444d1c42987cb291f05941"
 		score = 75
 		quality = 85
@@ -290806,8 +291254,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_BYTAGE : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/KNIF/BYTAGE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1175-L1188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1175-L1188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2d295501a64515a68bbd9a3c7f0f5ca0bbf59df5f6c91dd66d2ce6e744ce3fc1"
 		score = 75
 		quality = 85
@@ -290829,8 +291277,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Multios_Reverseshell : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/belane/MultiOS_ReverseShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1190-L1203"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1190-L1203"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a0b7f881aee1097dcbbd39a832073aada103b23ebc5b167052e9483083fec02d"
 		score = 75
 		quality = 85
@@ -290852,8 +291300,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Hidefromamsi : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/0r13lc0ch4v1/HideFromAMSI"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1205-L1218"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1205-L1218"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "05fccd4c7346c1ac1830984f945f5d37ca3e44a479287d681dfdb06d200764f1"
 		score = 75
 		quality = 85
@@ -290875,8 +291323,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dotnetavbypass_Master : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/lockfale/DotNetAVBypass-Master"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1220-L1233"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1220-L1233"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3382613db4970475922fb7db70b6ce4f9c247f083a2164b86ba9e81a770e0e36"
 		score = 75
 		quality = 85
@@ -290898,8 +291346,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpdpapi : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/SharpDPAPI"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1235-L1249"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1235-L1249"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "70f40bc48eeba3f835a280e7e2ce06b2a16179be9914d5c2548c820b02f4c837"
 		score = 75
 		quality = 85
@@ -290922,8 +291370,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Telegra_Csharp_C2 : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/sf197/Telegra_Csharp_C2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1251-L1264"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1251-L1264"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ebdec8d1781ffc106f93f3686eb96e6b79810fbb0c7b1eb7cbbb161397298adc"
 		score = 75
 		quality = 85
@@ -290945,8 +291393,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcompile : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/SpiderLabs/SharpCompile"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1266-L1279"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1266-L1279"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a8b46bf3017f336dc669b6c81a339953cc8931df49283b67172f45d1715ef422"
 		score = 75
 		quality = 85
@@ -290968,8 +291416,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Carbuncle : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/checkymander/Carbuncle"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1281-L1294"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1281-L1294"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f792c3ed1f62915635dc9090cc608475701d1a4ec60810946336a5d72280af48"
 		score = 75
 		quality = 85
@@ -290991,8 +291439,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ossfiletool : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/B1eed/OSSFileTool"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1296-L1309"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1296-L1309"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0dda05d0a53babdf83a2edf9ac0ed21954c059baa73963c79fb840c737865df1"
 		score = 75
 		quality = 85
@@ -291014,8 +291462,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Rubeus : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/Rubeus"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1311-L1324"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1311-L1324"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3d2df79b86b2c1eb4721ee9b6fce920db3e48f9cf96fa693876a6d7d8dad54e6"
 		score = 75
 		quality = 85
@@ -291037,8 +291485,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Simple_Loader : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/cribdragg3r/Simple-Loader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1326-L1339"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1326-L1339"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0dff8268f2c0c0764736727c78c648567b42cd3e177a7b73aa47a5afdf2f6d4a"
 		score = 75
 		quality = 85
@@ -291060,8 +291508,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Minidump : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/3xpl01tc0d3r/Minidump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1341-L1354"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1341-L1354"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "798c1c569b224442c2f7b98254062e8cd3b008cb6d7aefef3063d9d57dbfbaee"
 		score = 75
 		quality = 85
@@ -291083,8 +291531,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpbypassuac : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/FatRodzianko/SharpBypassUAC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1356-L1369"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1356-L1369"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa9aae20fc35bba3b88e32f03e832579ee48d03303e789a13949a859a6da1a3d"
 		score = 75
 		quality = 85
@@ -291106,8 +291554,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharppack : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Lexus89/SharpPack"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1371-L1391"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1371-L1391"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "43701a68c6bbb5fc1217f9b47096dcc87d2b1ffa9399ba50df9f7e99cec2c0d8"
 		score = 75
 		quality = 85
@@ -291136,8 +291584,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Salsa_Tools : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Hackplayers/Salsa-tools"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1393-L1407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1393-L1407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "086108496c5ff6df15a26453da7f0922c29132fd4136cca9a02c21afc9c55ad5"
 		score = 75
 		quality = 85
@@ -291160,8 +291608,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Windowsdefender_Payload_Downloader : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/notkohlrexo/WindowsDefender-Payload-Downloader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1409-L1422"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1409-L1422"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "587784216f3cf47e291219e08dc2b38bd43b11519d612eaccc631539ecc27c60"
 		score = 75
 		quality = 85
@@ -291183,8 +291631,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Privilege_Escalation : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Mrakovic-ORG/Privilege_Escalation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1424-L1437"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1424-L1437"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "18f5d4f917e1e3f0902ab50d6ae2c249782c65d0fc1ed4bc4d06ffae4d286598"
 		score = 75
 		quality = 85
@@ -291206,8 +291654,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Marauder : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/maraudershell/Marauder"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1439-L1452"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1439-L1452"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b1a14c6dd80beedd1f385f3b85cec44a443020a76d4da03ea3a53e1c7c0a7b82"
 		score = 75
 		quality = 85
@@ -291229,8 +291677,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_AV_Evasion_Tool : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/1y0n/AV_Evasion_Tool"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1454-L1468"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1454-L1468"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9962ed855d43e12ecfcb38337e20db714315d0ec9d83f74d115765a973939b5c"
 		score = 75
 		quality = 85
@@ -291253,8 +291701,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Fenrir : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/nccgroup/Fenrir"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1470-L1483"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1470-L1483"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9b62914aea33db4027c62ecf57854d20942197d1b9212245d1932c0a6b80fe5f"
 		score = 75
 		quality = 85
@@ -291276,8 +291724,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Stormkitty : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/LimerBoy/StormKitty"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1485-L1499"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1485-L1499"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e346a56a555fe8fae6d5f3704a39b97e82de79160da93cba7646eb7d6a98d5a8"
 		score = 75
 		quality = 85
@@ -291300,8 +291748,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Crypter_Runtime_AV_S_Bypass : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/netreverse/Crypter-Runtime-AV-s-bypass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1501-L1514"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1501-L1514"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4427fdd90b88576b05bc47c0a24a6daa92e066868e3c738007bfcf9c29058b2e"
 		score = 75
 		quality = 85
@@ -291323,8 +291771,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Runasuser : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/atthacks/RunAsUser"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1516-L1529"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1516-L1529"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8ac64be85ae1a55c3390dace5e43580453568758a712bdca0a5e81817d0a7fb0"
 		score = 75
 		quality = 85
@@ -291346,8 +291794,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Hwidbypass : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/yunseok/HWIDbypass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1531-L1544"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1531-L1544"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1b19d3560fdf5bfbfd3c4fb434474cdde5efa42de611fb97e76312664b8cedb7"
 		score = 75
 		quality = 85
@@ -291369,8 +291817,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Xoredreflectivedll : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/r3nhat/XORedReflectiveDLL"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1546-L1560"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1546-L1560"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "92df3b5c8d1b531dd4b4d04ba53aa6ae5ebf9d1f6869a0d46cd972b082fa1b9f"
 		score = 75
 		quality = 85
@@ -291393,8 +291841,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharp_Suite : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/FuzzySecurity/Sharp-Suite"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1562-L1596"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1562-L1596"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cffb4eae9fe3f2034fb03defcd0e0f3f1abaaa2638b137bdfdf67d071e055d42"
 		score = 75
 		quality = 83
@@ -291436,8 +291884,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Rat_Shell : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/stphivos/rat-shell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1598-L1612"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1598-L1612"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3d88c891393c914b4b1520bbdb575e78740f21bd361fe4187fdd08aeed708540"
 		score = 75
 		quality = 85
@@ -291460,8 +291908,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dotnet_Gargoyle : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/countercept/dotnet-gargoyle"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1614-L1629"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1614-L1629"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c7ad2c6c775ed6355dd93b06e31e04916277564301b45fe13b69d3e25dcd7bad"
 		score = 75
 		quality = 85
@@ -291485,8 +291933,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Aresskit : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/BlackVikingPro/aresskit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1631-L1644"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1631-L1644"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3f7c2cb5dee0d77f70ea1fe231e498d1a16c11f92a8b930c9a603fa64a54cec0"
 		score = 75
 		quality = 85
@@ -291508,8 +291956,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_DLL_Injector : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/tmthrgd/DLL-Injector"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1646-L1660"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1646-L1660"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fe92cb643d8ddbc0d8d09a88e90655965001375d05c799d6c2437e6c94b26c7a"
 		score = 75
 		quality = 85
@@ -291532,8 +291980,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Trufflesnout : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/dsnezhkov/TruffleSnout"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1662-L1675"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1662-L1675"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "03b340ccf4b314ec5d3c33e83e5a47b55e935a8e55acbd6bd9daba43443d53a1"
 		score = 75
 		quality = 85
@@ -291555,8 +292003,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Anti_Analysis : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Anti-Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1677-L1690"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1677-L1690"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1a4141b376afbf36a7a9aa340ea5514b85dd6b0fab003554bae06c0240c98a79"
 		score = 75
 		quality = 85
@@ -291578,8 +292026,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Backnet : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/valsov/BackNet"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1692-L1708"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1692-L1708"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "82ab970de2e27e711c502903cc2ede47da296df3ea346c870698c920a4ece282"
 		score = 75
 		quality = 85
@@ -291604,8 +292052,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Allthethings : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/johnjohnsp1/AllTheThings"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1710-L1723"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1710-L1723"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a4a562e4db2477be34fa4ccf2c83afafc7aafead3a9eae434b4bc0a5ea6430f7"
 		score = 75
 		quality = 85
@@ -291627,8 +292075,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Addreferencedotredteam : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/ceramicskate0/AddReferenceDotRedTeam"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1725-L1738"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1725-L1738"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ec7e0c39db13d212ff9aac4ec8d7d9b4274f3a404997f9291dcbfeaf311f31b4"
 		score = 75
 		quality = 85
@@ -291650,8 +292098,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lime_Crypter : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Lime-Crypter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1740-L1753"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1740-L1753"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ab4243f5e4efcadc9d1a9a34bdb4d5aedcf500accf4cb3681a73015c7f3f6900"
 		score = 75
 		quality = 85
@@ -291674,8 +292122,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Browserghost : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/QAX-A-Team/BrowserGhost"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1755-L1770"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1755-L1770"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "448177aae4b0b2f17faefb22599649b7264c85e3af96b1d78bab6ada891b7a82"
 		score = 75
 		quality = 85
@@ -291697,8 +292145,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpshot : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/tothi/SharpShot"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1772-L1785"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1772-L1785"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "65bbe20eb2aac648648b828c176e418648ebdc6372d287e4bc3b0d3edf233e86"
 		score = 75
 		quality = 85
@@ -291720,8 +292168,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Offensive__NET : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/mrjamiebowman/Offensive-.NET"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1787-L1800"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1787-L1800"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dddbee2e6d1cd4046f91192fe26841cc6c359dd9188d472c8b2acca691c15a34"
 		score = 75
 		quality = 85
@@ -291743,8 +292191,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ruralbishop : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/rasta-mouse/RuralBishop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1802-L1815"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1802-L1815"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8dfa8652507851305da814b1410a7854be2c1c78cac325881118829be3456776"
 		score = 75
 		quality = 85
@@ -291766,8 +292214,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Deviceguardbypasses : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/tyranid/DeviceGuardBypasses"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1817-L1835"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1817-L1835"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aff1a0236c532d5822a440f1d9a0a0265b422ebe0b53d799d53e838aef5f64ad"
 		score = 75
 		quality = 85
@@ -291794,8 +292242,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_AMSI_Handler : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/two06/AMSI_Handler"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1837-L1853"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1837-L1853"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3b27157331b3b9f6897134172f7dd9198fad7747c12d1020cb3e2d924c2910ce"
 		score = 75
 		quality = 85
@@ -291820,8 +292268,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_RAT_Telegramspybot : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/SebastianEPH/RAT.TelegramSpyBot"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1855-L1868"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1855-L1868"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9fc671ef600548d962a2d5ab12ba3111ed19e83ef96d2d536eb343bb8fb4b0d2"
 		score = 75
 		quality = 85
@@ -291843,8 +292291,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Thehacktoolboxteek : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/teeknofil/TheHackToolBoxTeek"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1870-L1889"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1870-L1889"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f18d6be2789371f3db649d0df3fc31a2e97604b399873c9843c1e08c981be0da"
 		score = 75
 		quality = 85
@@ -291872,8 +292320,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Usbtrojan : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/mashed-potatoes/USBTrojan"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1891-L1904"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1891-L1904"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2280803c42311b8b78a51f0917d9fb4cdd8ca427ce2361372914e5922a1a0b68"
 		score = 75
 		quality = 85
@@ -291895,8 +292343,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_IIS_Backdoor : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/WBGlIl/IIS_backdoor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1906-L1920"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1906-L1920"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "61fcba7e59ac005db140d8eee1d8a1fd4ce8cd18c069053270e0195ee9d63ccc"
 		score = 75
 		quality = 85
@@ -291919,8 +292367,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Shellgen : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/jasondrawdy/ShellGen"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1922-L1935"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1922-L1935"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "80c7291653e6cb5d7ef4d69390f7508cd95149d92b59aa3b5c8e6e0fe3723bfe"
 		score = 75
 		quality = 85
@@ -291942,8 +292390,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Mass_RAT : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Mass-RAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1937-L1952"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1937-L1952"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "53ef9b1d44e6497bafe0982f2e6be65240fcf5684a7b5a6c32a704ab3b7e085c"
 		score = 75
 		quality = 85
@@ -291967,8 +292415,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Browser_Externalc2 : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/mdsecactivebreach/Browser-ExternalC2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1954-L1967"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1954-L1967"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1a0027775fb2a06d01cfe30c85ce03e11cf43976abe9bf7b2c61895a55d26404"
 		score = 75
 		quality = 85
@@ -291990,8 +292438,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Offensivepowershelltasking : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/leechristensen/OffensivePowerShellTasking"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1969-L1983"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1969-L1983"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "21d7192eaefeeed030b1ef1be29b54c12826914dc6f0945789f3690a39bee217"
 		score = 75
 		quality = 85
@@ -292014,8 +292462,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dohc2 : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/SpiderLabs/DoHC2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L1985-L1998"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L1985-L1998"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1601c438c4359d3daa1b5b3cc36a82e049a5ed379ec7a52cdd4a9bca83518dd3"
 		score = 75
 		quality = 85
@@ -292037,8 +292485,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Syscallpoc : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/SolomonSklash/SyscallPOC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2000-L2014"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2000-L2014"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a12628052d5c1043b3aae0bedb62908a35cb27871e329f84b0fc22e29149f89e"
 		score = 75
 		quality = 85
@@ -292061,8 +292509,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Pen_Test_Tools : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/awillard1/Pen-Test-Tools"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2016-L2040"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2016-L2040"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dc124d65fd724a2e73c708925f44fd87dcd067c121f2875a15ed790c84405899"
 		score = 50
 		quality = 85
@@ -292095,8 +292543,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_The_Collection : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Tlgyt/The-Collection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2042-L2059"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2042-L2059"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d8e28d972aaf44caff35bf982788a6e9b69d0acce4b11c8cfa00c65466412305"
 		score = 75
 		quality = 85
@@ -292122,8 +292570,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Change_Lockscreen : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/nccgroup/Change-Lockscreen"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2061-L2074"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2061-L2074"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6b3cd265c6ccdae529a52c3609610f0e633f0112180afd63a5d9892e78d12ef1"
 		score = 75
 		quality = 85
@@ -292145,8 +292593,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_LOLBITS : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/Kudaes/LOLBITS"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2076-L2089"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2076-L2089"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa5978a49940cef63308ae228607eff22d19ea05373b2c4a3a293074af422b20"
 		score = 75
 		quality = 85
@@ -292168,8 +292616,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Keylogger : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/BlackVikingPro/Keylogger"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2091-L2104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2091-L2104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "490fb06375b32c70041754e8855cc1d26b76531d24a58bb0b719a998fdb809d6"
 		score = 75
 		quality = 85
@@ -292191,8 +292639,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_CVE_2020_1337 : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/neofito/CVE-2020-1337"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2106-L2119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2106-L2119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "05d557a3592845030880c3b87d8134565c2858db89218e1c38edbb025b945d72"
 		score = 75
 		quality = 85
@@ -292214,8 +292662,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharplogger : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/djhohnstein/SharpLogger"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2121-L2134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2121-L2134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9f63dc6bf41b6a062e80b6726c86bbeb7db68e319a78d1bd0187eef234a1c090"
 		score = 75
 		quality = 85
@@ -292237,8 +292685,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Asyncrat_C_Sharp : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/AsyncRAT-C-Sharp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2136-L2159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2136-L2159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ac6319ecfbfc2ddb096b8674a9b494d9460181ebaa2b32ee337d46f6dd33f21d"
 		score = 75
 		quality = 85
@@ -292270,8 +292718,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Darkfender : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xyg3n/DarkFender"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2161-L2174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2161-L2174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2afa4ff5719cb5b3a53b45a880e08e2cac6df8bb1ff053ee290ad6b025f9a6b5"
 		score = 75
 		quality = 85
@@ -292293,8 +292741,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Minerdropper : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/DylanAlloy/MinerDropper"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2194-L2208"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2194-L2208"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1a604745a0d95c54be0d1b183486aad0751aee825574500fbff6380571565a18"
 		score = 75
 		quality = 85
@@ -292317,8 +292765,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpdomainspray : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/HunnicCyber/SharpDomainSpray"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2210-L2223"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2210-L2223"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "da8a964691758e8179199b5725b0811a5b37de964f6a5fa01d6adac286bc544a"
 		score = 75
 		quality = 85
@@ -292340,8 +292788,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ispykeylogger : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/mwsrc/iSpyKeylogger"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2225-L2241"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2225-L2241"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0c0b0a8d53efc5e922f73eec7550e6927f19aaef950921fde95b7bd651adeec7"
 		score = 75
 		quality = 85
@@ -292366,8 +292814,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Solarflare : FILE
 		date = "2020-12-15"
 		modified = "2025-08-15"
 		reference = "https://github.com/mubix/solarflare"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2243-L2256"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2243-L2256"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9968c4f65672e98ec1ced26e2344e9b12141e3ea7e58be650d077089c9f6bd1c"
 		score = 75
 		quality = 85
@@ -292389,8 +292837,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Snaffler : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/SnaffCon/Snaffler"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2258-L2272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2258-L2272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a99f8012e45bbc7b689c49d2f6b5e86918b3984ce211fc4b459b6297d75c233a"
 		score = 75
 		quality = 85
@@ -292413,8 +292861,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpshares : FILE
 		date = "2020-12-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/djhohnstein/SharpShares/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2274-L2287"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2274-L2287"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "09151f0ee360aaa74ebd0fe809ee45135705475a8559f78762ea80e261d173f3"
 		score = 75
 		quality = 85
@@ -292436,8 +292884,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpedrchecker : FILE
 		date = "2020-12-18"
 		modified = "2025-08-15"
 		reference = "https://github.com/PwnDexter/SharpEDRChecker"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2289-L2302"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2289-L2302"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9a5a192bb5aedf801465760fd362e0917c7a68c97058c82d0954ce44d3632c43"
 		score = 75
 		quality = 85
@@ -292459,8 +292907,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcliphistory : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/FSecureLABS/SharpClipHistory"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2304-L2317"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2304-L2317"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "18558f9c446847d2021c3f2a99315c490fc26b1c585dd8a7a0ba4470be8d1e45"
 		score = 75
 		quality = 85
@@ -292482,8 +292930,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpgpo_Remoteaccesspolicies : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/FSecureLABS/SharpGPO-RemoteAccessPolicies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2319-L2332"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2319-L2332"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e2e3168f733ce8a3e6129e4f2faa6a90a47f6cfc683c840032c0323170720a1b"
 		score = 75
 		quality = 85
@@ -292505,8 +292953,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Absinthe : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/cameronhotchkies/Absinthe"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2334-L2347"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2334-L2347"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "54040db5bdcfc711a26401d082693471c3f98fc043a550d1253f72a2d2611ae4"
 		score = 75
 		quality = 85
@@ -292528,8 +292976,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Exploitremotingservice : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/tyranid/ExploitRemotingService"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2349-L2364"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2349-L2364"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b22513722be15f582d06c23fb6db53722c0edf2f89f17e28ca067f431ffd4616"
 		score = 75
 		quality = 85
@@ -292553,8 +293001,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Xploit : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/shargon/Xploit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2366-L2389"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2366-L2389"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0b622acce9ff8186266c69d4ca097902027f5ca652408bfa4ec36fa145e14737"
 		score = 75
 		quality = 85
@@ -292586,8 +293034,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Poc : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/thezdi/PoC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2391-L2404"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2391-L2404"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f3001a60ce4b6415de2cb035ab56023cd2ee5f4c73e745d87409e5fef1fc9e8a"
 		score = 75
 		quality = 85
@@ -292609,8 +293057,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpgpoabuse : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/FSecureLABS/SharpGPOAbuse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2406-L2419"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2406-L2419"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "683be1b4cee3ba705146f62cdc36c99ce5e4711cd38aec8103584321afd934f1"
 		score = 75
 		quality = 85
@@ -292632,8 +293080,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Watson : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/rasta-mouse/Watson"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2421-L2434"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2421-L2434"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0fa1d96e9c9fdd612f092dbdcde980956cf4bf24b384991d77737af43637bb34"
 		score = 75
 		quality = 85
@@ -292655,8 +293103,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Standin : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/FuzzySecurity/StandIn"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2436-L2449"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2436-L2449"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "db008e841cef47916e06167661b3825d1272357a347f522ccea25cc887438480"
 		score = 75
 		quality = 85
@@ -292678,8 +293126,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Azure_Password_Harvesting : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/guardicore/azure_password_harvesting"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2451-L2464"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2451-L2464"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eac946e4110f9e7fdcc69ca562ed37a5e77216a325ccd11e29ec7348c2dd12d4"
 		score = 75
 		quality = 85
@@ -292701,8 +293149,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Powerops : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/fdiskyou/PowerOPS"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2466-L2479"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2466-L2479"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7afb5a5c5eaaba574f31d2041ec2e23f969508bac76aeb58a98714b06b8e6ae7"
 		score = 75
 		quality = 85
@@ -292724,8 +293172,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Random_Csharptools : FILE
 		date = "2020-12-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/xorrior/Random-CSharpTools"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2481-L2500"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2481-L2500"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "633cfdc2f1950f36474e15cb186fc4673e7cbc9417fdbee61409b14be94bc6cb"
 		score = 75
 		quality = 85
@@ -292753,8 +293201,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_CVE_2020_0668 : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/RedCursorSecurityConsulting/CVE-2020-0668"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2502-L2515"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2502-L2515"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ac81e20fa9e5a4f701172d3e68c016b33e5cbda6053505d46f761337fb374161"
 		score = 75
 		quality = 85
@@ -292776,8 +293224,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Windowsrpcclients : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/tyranid/WindowsRpcClients"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2517-L2536"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2517-L2536"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2e99c98514bde102450b119cda3cc3c20d7680de5ccbbf64124b719fb8333e8d"
 		score = 75
 		quality = 85
@@ -292805,8 +293253,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpfruit : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rvrsh3ll/SharpFruit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2538-L2551"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2538-L2551"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "da59a7c8fb038171a560d337a49f33a28a2ea88e4c7b08df12eaeb85906c0753"
 		score = 75
 		quality = 85
@@ -292828,8 +293276,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpwitness : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rasta-mouse/SharpWitness"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2553-L2566"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2553-L2566"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9a9bc18362347f55b77ec275ad377da9e72ac8a65cab06a867ae55b61b69e7cd"
 		score = 75
 		quality = 85
@@ -292851,8 +293299,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Rexcrypter : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/syrex1013/RexCrypter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2568-L2581"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2568-L2581"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fc8bd8eaa3561431bc8886de74b1d569d5fa1f2de7f866146669b4e918a3bf30"
 		score = 75
 		quality = 85
@@ -292874,8 +293322,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpersist : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/fireeye/SharPersist"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2583-L2596"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2583-L2596"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "265f42a83973cacb82d4ff12db210ad6cb10265acc38724ed895dc772cf7855e"
 		score = 75
 		quality = 85
@@ -292897,8 +293345,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_CVE_2019_1253 : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/padovah4ck/CVE-2019-1253"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2598-L2611"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2598-L2611"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f365dcec83696032370192d95312999d3baa950379472b99af17687a501dfa9c"
 		score = 75
 		quality = 85
@@ -292920,8 +293368,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Scout : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/jaredhaight/scout"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2613-L2626"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2613-L2626"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b677eb07dde231e1d6d542aaafcc0350ce51a66c5396949dd0f1d41311a822b5"
 		score = 75
 		quality = 85
@@ -292943,8 +293391,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Grouper2 : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/l0ss/Grouper2/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2628-L2641"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2628-L2641"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b89180f81c4231ea03bb49631b0931b2b7e4ff9e97f44798dd50f6fa4d12b75f"
 		score = 75
 		quality = 85
@@ -292966,8 +293414,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Casperstager : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/ustayready/CasperStager"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2643-L2657"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2643-L2657"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "556dd774b6ba38371951ca416133573b0539d699671200e3accfe5bc6fbc979d"
 		score = 75
 		quality = 85
@@ -292990,8 +293438,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Tellmeyoursecrets : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xbadjuju/TellMeYourSecrets"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2659-L2672"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2659-L2672"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b606c11986ff26d279db58c088633f39eddb41c96c2510f7738cfcef5ff4941f"
 		score = 75
 		quality = 85
@@ -293013,8 +293461,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpexcel4_DCOM : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rvrsh3ll/SharpExcel4-DCOM"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2674-L2687"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2674-L2687"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "278eeabdfa26eec5f9e6d2fba093b4698a9813813f644b65e4e28791b600a5dc"
 		score = 75
 		quality = 85
@@ -293036,8 +293484,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpshooter : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/mdsecactivebreach/SharpShooter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2689-L2702"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2689-L2702"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "79a63f9a24b94327b5b720c415143977c7fba088930dd94f6f2f2784770d182d"
 		score = 75
 		quality = 85
@@ -293059,8 +293507,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Nomsbuild : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rvrsh3ll/NoMSBuild"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2704-L2718"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2704-L2718"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "df8bfecf2f983975a4885cbabc79d2b42c1281bdd918aa0fc9fa50ef75bbfe5d"
 		score = 75
 		quality = 85
@@ -293083,8 +293531,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Teleshadow2 : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/ParsingTeam/TeleShadow2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2720-L2734"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2720-L2734"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "df4f26856b5ee348393ddb41e53bdfc8e2bed58ed9fc7b4f758cd1746431d85c"
 		score = 75
 		quality = 85
@@ -293107,8 +293555,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Badpotato : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/BeichenDream/BadPotato"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2736-L2749"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2736-L2749"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b78b623666279dab22c263a5a925fc665646ddcc24d1638ebe54bad2ccd5ed4c"
 		score = 75
 		quality = 85
@@ -293130,8 +293578,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lethalhta : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/codewhitesec/LethalHTA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2751-L2765"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2751-L2765"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ebcf9df0cdbab82ee2eea25479058366651746990b32e5af7cbf4da7dae8fafe"
 		score = 75
 		quality = 85
@@ -293154,8 +293602,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpstat : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/Raikia/SharpStat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2767-L2780"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2767-L2780"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b163520c47d593244a66ee64071147824486bde4174a5276972a3329b0271a73"
 		score = 75
 		quality = 85
@@ -293177,8 +293625,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sneakyservice : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/malcomvetter/SneakyService"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2782-L2795"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2782-L2795"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3f9e4a9666875e8b70ced55924f7dae661e9be6e033bafe4efc1614fb65a7f08"
 		score = 75
 		quality = 85
@@ -293200,8 +293648,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpexec : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/anthemtotheego/SharpExec"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2797-L2810"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2797-L2810"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "099c18601efc20cb50e7e463755ebda5898cce5d4a0253216a72018337da07f4"
 		score = 75
 		quality = 85
@@ -293223,8 +293671,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcom : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rvrsh3ll/SharpCOM"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2812-L2825"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2812-L2825"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f409d4390fbf8eea8b288e02fbe75d4ecf338a239d8015511f4a9979a1e8a7df"
 		score = 75
 		quality = 85
@@ -293246,8 +293694,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Inception : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/two06/Inception"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2827-L2840"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2827-L2840"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "846dfe525380eae42905a3adfbfc56f6c0e6de8abfa4f92e5f02889448dbcc29"
 		score = 75
 		quality = 85
@@ -293270,8 +293718,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpwmi_1 : FILE
 		modified = "2025-08-15"
 		old_rule_name = "HKTL_NET_GUID_sharpwmi"
 		reference = "https://github.com/QAX-A-Team/sharpwmi"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2842-L2856"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2842-L2856"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "295315b876579ee0d2eb60a44e4be643c143ec1331b155faf0ba61ab016df07f"
 		score = 75
 		quality = 85
@@ -293293,8 +293741,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_CVE_2019_1064 : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/RythmStick/CVE-2019-1064"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2858-L2871"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2858-L2871"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5f72f2569d7e3c1ee6fcd742e22d56331bcbf130b9f2bbc63fbc1504c6597e57"
 		score = 75
 		quality = 85
@@ -293316,8 +293764,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Tokenvator : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xbadjuju/Tokenvator"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2873-L2886"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2873-L2886"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "45e75eee8ece293a35ac385311994cf8b23fd4f38d84bf53bd724e03ec092e4e"
 		score = 75
 		quality = 85
@@ -293339,8 +293787,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Wheresmyimplant : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xbadjuju/WheresMyImplant"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2888-L2901"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2888-L2901"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e25816823669753dc475c059320634203e9f9450c320baac3af0d6c996a17264"
 		score = 75
 		quality = 85
@@ -293362,8 +293810,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Naga : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/byt3bl33d3r/Naga"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2903-L2917"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2903-L2917"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c579546957c1b05d5fff7ad914d4b6de22ccf216bda92972abd66b0dae89895b"
 		score = 75
 		quality = 85
@@ -293386,8 +293834,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpbox : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/P1CKLES/SharpBox"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2919-L2932"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2919-L2932"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1a52663ffad8b36d8e6be74c341fb26205b9605df35530b19ab2f4a4c454eb16"
 		score = 75
 		quality = 85
@@ -293409,8 +293857,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Rundotnetdll32 : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xbadjuju/rundotnetdll32"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2934-L2947"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2934-L2947"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d0a0fa8604eaca14e2fc8545c5b008d26ef1a09f3d792b62549d76fb2d5155d1"
 		score = 75
 		quality = 85
@@ -293432,8 +293880,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Antidebug : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/malcomvetter/AntiDebug"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2949-L2962"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2949-L2962"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b665c72e191cc42307f6eecbf0a9ea9238da886e8d5d73b2d569cda2dabe2b1a"
 		score = 75
 		quality = 85
@@ -293455,8 +293903,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dinvisibleregistry : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/NVISO-BE/DInvisibleRegistry"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2964-L2977"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2964-L2977"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7703b24ca72770547d76ebfb8b94b5d13d9d7fa1c65cc8e2ffbf8eca30c1f8d0"
 		score = 75
 		quality = 85
@@ -293478,8 +293926,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Tikitorch : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rasta-mouse/TikiTorch"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L2979-L2998"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L2979-L2998"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "394b4e7ecb7333e7d0944690276de6d942dfa949ba04d28d5576da639a5489bc"
 		score = 75
 		quality = 85
@@ -293507,8 +293955,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Hivejack : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/Viralmaniar/HiveJack"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3000-L3013"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3000-L3013"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "46eb7b01deb14eb7a9e1b59f04844b442a47a5c3545fa9925448349ef50e317e"
 		score = 75
 		quality = 85
@@ -293530,8 +293978,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Decryptautologon : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/securesean/DecryptAutoLogon"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3015-L3028"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3015-L3028"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "122f265f812e81aef554c1907c8397ac4ad03ff85f53254806abe36049c9b746"
 		score = 75
 		quality = 85
@@ -293553,8 +294001,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Unstoppableservice : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/malcomvetter/UnstoppableService"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3030-L3043"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3030-L3043"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ad88047730485852c1d051f168b762da18a85242acf0850204dd5fc86b313390"
 		score = 75
 		quality = 85
@@ -293577,8 +294025,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpwmi_2 : FILE
 		modified = "2025-08-15"
 		old_rule_name = "HKTL_NET_GUID_SharpWMI"
 		reference = "https://github.com/GhostPack/SharpWMI"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3045-L3059"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3045-L3059"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "968eddc046e0629fed50d77c3b6c55a6d88d4fa68f05bab77f4b43bea6ad62fc"
 		score = 75
 		quality = 85
@@ -293600,8 +294048,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ewstoolkit : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rasta-mouse/EWSToolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3061-L3074"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3061-L3074"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d8e10bc2bc8dc0b526f919eed141660555334b97f528d3a74c5b91db05394fad"
 		score = 75
 		quality = 85
@@ -293623,8 +294071,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sweetpotato : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/CCob/SweetPotato"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3076-L3090"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3076-L3090"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "36430e0c2874aed1d86e061f9413c16bbb4527d0d04dfb8993214920083cc30a"
 		score = 75
 		quality = 85
@@ -293647,8 +294095,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Memscan : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/nccgroup/memscan"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3092-L3105"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3092-L3105"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9885512853fc46cc680b70ab26b40d4e51393b1f0b744565d4a4aa063cb78440"
 		score = 75
 		quality = 85
@@ -293670,8 +294118,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpstay : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xthirteen/SharpStay"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3107-L3120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3107-L3120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "91fe0fd4bea7678df8bdb0948a0952e01b6588e07836d535f5aaa3700294d838"
 		score = 75
 		quality = 85
@@ -293693,8 +294141,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharplocker : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/Pickfordmatt/SharpLocker"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3122-L3135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3122-L3135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "030b7a87042ce70c9de6031d0e03f07e508563f4ca2da4d6dc80e87f8bf483de"
 		score = 75
 		quality = 85
@@ -293716,8 +294164,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sauroneye : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/vivami/SauronEye"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3137-L3151"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3137-L3151"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "feeda6aec173cb13209559dc3a156bdc3d4be6e14cbe52ffb2e1bb7bf652441a"
 		score = 75
 		quality = 85
@@ -293740,8 +294188,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sitrep : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/mdsecactivebreach/sitrep"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3153-L3166"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3153-L3166"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "113e3a23c3f8258707f9d0c1baa143b3599e5da10928f275fca908c3a57f76e8"
 		score = 75
 		quality = 85
@@ -293763,8 +294211,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpclipboard : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/slyd0g/SharpClipboard"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3168-L3181"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3168-L3181"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5070ae56bb7f5df31e915104ce42e18dbf86b93a327c49dabddcfbd141d468ac"
 		score = 75
 		quality = 85
@@ -293786,8 +294234,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcookiemonster : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/m0rv4i/SharpCookieMonster"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3183-L3196"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3183-L3196"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1aac6d1c4e1d28805ec7e61ee00d105795ce355dce6238981b22b6f7cf9d4e29"
 		score = 75
 		quality = 85
@@ -293809,8 +294257,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_P0Wnedshell : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3198-L3211"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3198-L3211"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7c6d8dbcd1ff31a9b34c36b4db2867f0b9e3fac98c7039d2a51bfe5a45afcc71"
 		score = 75
 		quality = 85
@@ -293832,8 +294280,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpmove : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xthirteen/SharpMove"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3213-L3226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3213-L3226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4980a9b197479b2514e12b78aa5a3bf9825772f8578d3abd219607e39af7e470"
 		score = 75
 		quality = 85
@@ -293855,8 +294303,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_C_Sharp_R_A_T_Client : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/AdvancedHacker101/C-Sharp-R.A.T-Client"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3228-L3241"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3228-L3241"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a090996b8453fb41483888f433da57340a6509221439ffd8f17e546424686c55"
 		score = 75
 		quality = 85
@@ -293878,8 +294326,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpprinter : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rvrsh3ll/SharpPrinter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3243-L3256"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3243-L3256"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "86eb7194039aa8bb89f77041215a3421bb35acd790aa769156298f30a124e9b3"
 		score = 75
 		quality = 85
@@ -293901,8 +294349,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Evilfoca : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/ElevenPaths/EvilFOCA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3258-L3271"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3258-L3271"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f903e2552bdb75a985065e9b78229b56c8005041cf3a75be355192684582caee"
 		score = 75
 		quality = 85
@@ -293924,8 +294372,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Poshc2_Misc : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/nettitude/PoshC2_Misc"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3273-L3287"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3273-L3287"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2ad0da62428f8412c748418b44d943a143191bbe789394ffc7b21658f87c27b9"
 		score = 75
 		quality = 85
@@ -293948,8 +294396,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpire : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xbadjuju/Sharpire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3289-L3302"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3289-L3302"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c53b3205e58257292e34526ea4fd0e0550bbdcf4039f94d268a313ae28733182"
 		score = 75
 		quality = 85
@@ -293971,8 +294419,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharp_Smbexec : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/checkymander/Sharp-SMBExec"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3304-L3317"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3304-L3317"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d6938d7492904a202e80525ff8f1b95c19bd65b1450f2f7e4271ab01f2e25a50"
 		score = 75
 		quality = 85
@@ -293994,8 +294442,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Misctools : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/rasta-mouse/MiscTools"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3319-L3336"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3319-L3336"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ffa89aeac49c1652618def1b63506915ec6a364708eb805ef2d9abe710111edf"
 		score = 75
 		quality = 85
@@ -294021,8 +294469,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Memorymapper : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/jasondrawdy/MemoryMapper"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3338-L3351"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3338-L3351"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "691aae2ac0c6dec88c64fd1195f67e34235514037c54ebd1f1ac04d92aa3bbb1"
 		score = 75
 		quality = 85
@@ -294044,8 +294492,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Vanillarat : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/DannyTheSloth/VanillaRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3353-L3367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3353-L3367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7e3dd2e631b06201fa3065ebf10c1bb258839106443228af7f07706530a3070d"
 		score = 75
 		quality = 85
@@ -294068,8 +294516,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Unmanagedpowershell : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/leechristensen/UnmanagedPowerShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3369-L3382"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3369-L3382"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "027b0dcbbacaafe6709e18a29b0c001f17f14128648cb64afdcf946804aa8796"
 		score = 75
 		quality = 85
@@ -294091,8 +294539,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Quasar : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/quasar/Quasar"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3384-L3398"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3384-L3398"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "51eed0545b985c20db7aae64251a0e7513cb352f2ff76f64d7697d2767f95db2"
 		score = 75
 		quality = 85
@@ -294115,8 +294563,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpadidnsdump : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/b4rtik/SharpAdidnsdump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3400-L3413"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3400-L3413"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "edda1bb7a0a1702941fa35b38120f7e9ae64b6188a47e63a0939a864980b6281"
 		score = 75
 		quality = 85
@@ -294138,8 +294586,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dotnettojscript : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/tyranid/DotNetToJScript"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3415-L3428"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3415-L3428"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "07f220695607b5aa6cda9045c3bc1e434828cb5835154710969666482dbe09c4"
 		score = 75
 		quality = 85
@@ -294161,8 +294609,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Inferno : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/LimerBoy/Inferno"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3430-L3443"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3430-L3443"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6e286b28bdc490d16892926ba95227d39aebb151067896e740d497024c526c0e"
 		score = 75
 		quality = 85
@@ -294184,8 +294632,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsearch : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/djhohnstein/SharpSearch"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3445-L3458"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3445-L3458"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1a383fd8e4ec8fa9f1fbc01bdeb3d5b1e32ec825a24c1eaad6c42e86ac682530"
 		score = 75
 		quality = 85
@@ -294207,8 +294655,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsecdump : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/G0ldenGunSec/SharpSecDump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3460-L3473"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3460-L3473"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "749130efbcdbd068bf4711cc5e4960eb97a3ae2ddadde2beb0ff707429495484"
 		score = 75
 		quality = 85
@@ -294230,8 +294678,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Net_Gpppassword : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/outflanknl/Net-GPPPassword"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3475-L3488"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3475-L3488"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "46ae3156e5428c40278b124b7206b68922f955a297077df3288722c154d09fba"
 		score = 75
 		quality = 85
@@ -294253,8 +294701,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Filesearcher : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/NVISO-BE/FileSearcher"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3490-L3503"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3490-L3503"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b72d3a7104ca7718d3d490149483a5d2d30790fb6d2b00b10c69da43c491e577"
 		score = 75
 		quality = 85
@@ -294276,8 +294724,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Adfsdump : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/fireeye/ADFSDump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3505-L3518"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3505-L3518"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3735495d2c3a0b6f9de278014d5450f3d2e78dda9c04ede614550c75a05b43d2"
 		score = 75
 		quality = 85
@@ -294299,8 +294747,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharprdp : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/0xthirteen/SharpRDP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3520-L3533"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3520-L3533"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "96a5d82e8d03b6242d69cbd5bca2fcc3d4403e7a51099a37dcf9091a0bd53b6e"
 		score = 75
 		quality = 85
@@ -294322,8 +294770,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcall : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/jhalon/SharpCall"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3535-L3548"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3535-L3548"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4b4a8943e4fc07f41ce87d64266fd56af9912832b688f21769f4fe5a8152703b"
 		score = 75
 		quality = 85
@@ -294345,8 +294793,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ysoserial_Net : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/pwntester/ysoserial.net"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3550-L3564"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3550-L3564"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7d775864610e2e60faa3570746aa7a689bd719b02c3a47f43a2be097e4a81c5a"
 		score = 75
 		quality = 85
@@ -294369,8 +294817,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Managedinjection : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/malcomvetter/ManagedInjection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3566-L3581"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3566-L3581"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eac722f30fea497f98d75293514e0f6f4dd17263c7377211605b1ab2f13ddf2f"
 		score = 75
 		quality = 85
@@ -294394,8 +294842,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsocks : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/nettitude/SharpSocks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3583-L3597"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3583-L3597"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "477adf09ee9d04888ee5e352c11e95f855c433588771138ebb5970cae7aa044f"
 		score = 75
 		quality = 85
@@ -294418,8 +294866,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharp_Wmiexec : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/checkymander/Sharp-WMIExec"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3599-L3612"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3599-L3612"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "df683be102decfc65209195d0d2e640985dd7e7cf040fb074fb10c8749e98614"
 		score = 75
 		quality = 85
@@ -294441,8 +294889,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Keethief : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/KeeThief"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3614-L3632"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3614-L3632"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f91aeb1862b803ae44c398a71e6c6ed0017d28206deffa39e4e0bca8faae6701"
 		score = 75
 		quality = 85
@@ -294468,8 +294916,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Fakelogonscreen : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/bitsadmin/fakelogonscreen"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3634-L3647"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3634-L3647"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "93353997e52fda3cebb03c2c63afc16ea477d3d5d4a7cf8dee26940ccffecd7a"
 		score = 75
 		quality = 85
@@ -294491,8 +294939,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Poshsecframework : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/PoshSec/PoshSecFramework"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3649-L3663"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3649-L3663"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6af81da2f23a0ad87d918e4ecb5869e8113b03e175c114e553856c4eabfacb71"
 		score = 75
 		quality = 85
@@ -294515,8 +294963,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpattack : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/jaredhaight/SharpAttack"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3665-L3678"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3665-L3678"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eb2f706a8f91c0702472663d5c5672b0e0a9afa775668706377899b36bdb684c"
 		score = 75
 		quality = 85
@@ -294538,8 +294986,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Altman : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/keepwn/Altman"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3680-L3710"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3680-L3710"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4d7046ac7a0deebb33a33995f4c2b9c6b65d4821262d55aecd8e00379ba93b00"
 		score = 75
 		quality = 85
@@ -294578,8 +295026,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Browserpass : FILE
 		date = "2020-12-28"
 		modified = "2025-08-15"
 		reference = "https://github.com/jabiel/BrowserPass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3712-L3725"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3712-L3725"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ce5f5eaa71fd7358d99743e56a8518c1a852faa39c4a7d1888e0a218e9e7a8ef"
 		score = 75
 		quality = 85
@@ -294601,8 +295049,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Mythic : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/its-a-feature/Mythic"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3727-L3741"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3727-L3741"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3d3b942e110bbf181ecbda5d4b3c2f7775e8e9b4860722238fe686c36422d456"
 		score = 75
 		quality = 85
@@ -294625,8 +295073,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Nuages : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/p3nt4/Nuages"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3743-L3756"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3743-L3756"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a0d7d89449a6a21bd118ace6a7062ff8d1fa356cf2421cc8c53f2da3719e52fb"
 		score = 75
 		quality = 85
@@ -294648,8 +295096,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsniper : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/HunnicCyber/SharpSniper"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3758-L3771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3758-L3771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "52ae4a89b9cca9bee19e904617ed8c78857a9cee58d691f337fd4a736798aa1e"
 		score = 75
 		quality = 85
@@ -294671,8 +295119,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharphound3 : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/BloodHoundAD/SharpHound3"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3773-L3786"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3773-L3786"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9de8457f59133adb09df0c40ece45331ac716fd56d58bd37a40ce7f1d0a53378"
 		score = 75
 		quality = 85
@@ -294694,8 +295142,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Blocketw : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/Soledge/BlockEtw"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3788-L3801"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3788-L3801"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8953751277594d4075907e8371764d02307209a732bb05d7cfec8141e23c7765"
 		score = 75
 		quality = 85
@@ -294717,8 +295165,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpwifigrabber : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/r3nhat/SharpWifiGrabber"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3803-L3816"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3803-L3816"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6984510cbc43987fee53e5b164d973f56ecdd682d9263dc7cf560ab8728769d9"
 		score = 75
 		quality = 85
@@ -294740,8 +295188,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpmapexec : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/cube0x0/SharpMapExec"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3818-L3831"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3818-L3831"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cc155390b8c739b7c96f45b79a8a078128528d6c7d070161d67484880c51a714"
 		score = 75
 		quality = 85
@@ -294763,8 +295211,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_K8Fly : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/zzwlpx/k8fly"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3833-L3846"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3833-L3846"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "99fb07cefac5572180f5f66e9ebce39b8d17c3a2acc56dd8fea426452127be5a"
 		score = 75
 		quality = 85
@@ -294786,8 +295234,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Stealer : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/malwares/Stealer"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3848-L3863"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3848-L3863"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "37f829449b4f8a9524400d9409b985fab2ff70024a88fdd96ba391956a3398e3"
 		score = 75
 		quality = 85
@@ -294811,8 +295259,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Porttran : FILE
 		date = "2020-12-29"
 		modified = "2025-08-15"
 		reference = "https://github.com/k8gege/PortTran"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3865-L3879"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3865-L3879"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f8417a677e88bd923236855d6734cbf3db864c7e3ea60a1e500554fc5946f76a"
 		score = 75
 		quality = 85
@@ -294835,8 +295283,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Gray_Keylogger_2 : FILE
 		date = "2020-12-30"
 		modified = "2025-08-15"
 		reference = "https://github.com/graysuit/gray-keylogger-2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3882-L3896"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3882-L3896"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "92ab6b703064beeab4ef6811732ee76d187958bf4b16f70fa062a7a71ecfb289"
 		score = 75
 		quality = 85
@@ -294859,8 +295307,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lime_Miner : FILE
 		date = "2020-12-30"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Lime-Miner"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3898-L3911"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3898-L3911"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4b7f810efd907477736f40b9537d1ad99896e28c89bd571244256c385c387bfa"
 		score = 75
 		quality = 85
@@ -294882,8 +295330,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Blacknet : FILE
 		date = "2020-12-30"
 		modified = "2025-08-15"
 		reference = "https://github.com/BlackHacker511/BlackNET"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3913-L3929"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3913-L3929"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5e3c6e6e50888c942d541ad893b34c65f784614de7576e9a752822c433753d55"
 		score = 75
 		quality = 85
@@ -294908,8 +295356,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Plasmarat : FILE
 		date = "2020-12-30"
 		modified = "2025-08-15"
 		reference = "https://github.com/mwsrc/PlasmaRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3931-L3945"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3931-L3945"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "78d0da86cdef86b06fca37fb378297df26ca792ab6069e87c19c7b075687b07d"
 		score = 75
 		quality = 85
@@ -294932,8 +295380,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lime_RAT : FILE
 		date = "2020-12-30"
 		modified = "2025-08-15"
 		reference = "https://github.com/NYAN-x-CAT/Lime-RAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3947-L3980"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3947-L3980"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eee41a29dc6b336c14abedaad767b8a0a529917bbc9096829114f302ed93f53c"
 		score = 75
 		quality = 83
@@ -294975,8 +295423,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Njrat : FILE
 		date = "2020-12-30"
 		modified = "2025-08-15"
 		reference = "https://github.com/mwsrc/njRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L3982-L4000"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L3982-L4000"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fc54c34e2d908e617781ffe8b4c5538304830cfec317ed2eab4157f72bbbf059"
 		score = 75
 		quality = 85
@@ -295003,8 +295451,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Manager : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/TheWover/Manager"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4002-L4016"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4002-L4016"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3783108ecfa26ee1a8d0ecfced9e601a41a159777d56a237ae82ad7860b45d5f"
 		score = 75
 		quality = 85
@@ -295027,8 +295475,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Neo_Confuserex : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/XenocodeRCE/neo-ConfuserEx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4018-L4031"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4018-L4031"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c916b5443d5df0d58020aec6f3576e3d9cec50fa00b764d86ec7f3a49d0a8d93"
 		score = 75
 		quality = 85
@@ -295050,8 +295498,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpallowedtoact : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/pkb1s/SharpAllowedToAct"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4033-L4046"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4033-L4046"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "688c1e5944a96b3cc40deb3c3949da0391e9dbde8c78bcc05a1f48817ae7a0d4"
 		score = 75
 		quality = 85
@@ -295073,8 +295521,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Supersqlinjectionv1 : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/shack2/SuperSQLInjectionV1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4048-L4061"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4048-L4061"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cc4d7ac59d1092c357e0c1ac23eab1618a712cf846a65097c283ef62cfcb0c7d"
 		score = 75
 		quality = 85
@@ -295096,8 +295544,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Adsearch : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/tomcarver16/ADSearch"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4063-L4076"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4063-L4076"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d925d212b9474078cb3e8694048de22e56de94b33839647c187f3254149bf4ff"
 		score = 75
 		quality = 85
@@ -295119,8 +295567,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Privilege_Escalation_Awesome_Scripts_Suite : F
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4078-L4091"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4078-L4091"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1fdaa169213f31229973956cba064128ea6d256e339a8e3eb42cc9798ddf007f"
 		score = 75
 		quality = 85
@@ -295142,8 +295590,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_CVE_2020_1206_POC : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/ZecOps/CVE-2020-1206-POC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4093-L4108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4093-L4108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "26511510a1075457c8f133001fac18c8b44c997bd368b9336751bca714ec6ec3"
 		score = 75
 		quality = 85
@@ -295167,8 +295615,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dinvoke : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/TheWover/DInvoke"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4110-L4123"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4110-L4123"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4e7479d36ce78332d2224f16bc2f3059baa418f3035bca8b1ae1e5053dd4d3c3"
 		score = 75
 		quality = 85
@@ -295190,8 +295638,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpchisel : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/shantanu561993/SharpChisel"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4125-L4138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4125-L4138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b2efa0f3757bf93a677d1faea14a71d2e63f45de99b7c9e55a951e6c401f6bd8"
 		score = 75
 		quality = 85
@@ -295213,8 +295661,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpscribbles : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/V1V1/SharpScribbles"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4140-L4154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4140-L4154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e4cff3fb3540fa1e189c71584889d07111ccc4a340c78011213819f206631446"
 		score = 75
 		quality = 85
@@ -295237,8 +295685,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpreg : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/jnqpblc/SharpReg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4156-L4169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4156-L4169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d483e590310d69df4a0267ae3091067deb8698526dd8069862a944a6b1faed05"
 		score = 75
 		quality = 85
@@ -295260,8 +295708,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Memevm : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/TobitoFatitoRE/MemeVM"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4171-L4186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4171-L4186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "88f4b9d0b3050ad676a54a58ea8f6a02fb07041db404c9d84f25fdda6ff3df4a"
 		score = 75
 		quality = 85
@@ -295285,8 +295733,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpdir : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/jnqpblc/SharpDir"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4188-L4201"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4188-L4201"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a98ee516931d08d82fb28749130be7d8007a8ac2935fd6007bae27820e216a92"
 		score = 75
 		quality = 85
@@ -295308,8 +295756,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Atyourservice : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/mitchmoser/AtYourService"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4203-L4216"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4203-L4216"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c15c466ff048af2818cf9b59794786ba6d11f70d7dee5ef5ee5f050a9b547790"
 		score = 75
 		quality = 85
@@ -295331,8 +295779,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Lockless : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/LockLess"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4218-L4231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4218-L4231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "57e09a929cc90c399068fb00ddd00c462df34d285d51273aedf27220a0647a38"
 		score = 75
 		quality = 85
@@ -295354,8 +295802,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Easynet : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/TheWover/EasyNet"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4233-L4248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4233-L4248"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "75f69a226391fc6da86c6995295addbefe0a7e1a9ff972f211174a845816061f"
 		score = 75
 		quality = 85
@@ -295379,8 +295827,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpbyebear : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/S3cur3Th1sSh1t/SharpByeBear"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4250-L4264"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4250-L4264"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f39d756b6e0b8f9037d862bdfa9b14fc2eeddf0eafad805892b8b02410f78c63"
 		score = 75
 		quality = 85
@@ -295403,8 +295851,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharphide : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/outflanknl/SharpHide"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4266-L4279"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4266-L4279"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "62264aafeafe98ce23e7c03ce75be750ab95d77d3523c0748bdcb2f50d0c04cb"
 		score = 75
 		quality = 85
@@ -295426,8 +295874,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsvc : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/jnqpblc/SharpSvc"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4281-L4294"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4281-L4294"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cb91c4cd858a49f5cf437d3d1fb173afa7fe44442d41ea8533797007003c35d4"
 		score = 75
 		quality = 85
@@ -295449,8 +295897,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcrasheventlog : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/slyd0g/SharpCrashEventLog"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4296-L4309"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4296-L4309"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f53cfa44168a3ed81370ebb61153b6fab521801ffef33ace23aa8ed3376688eb"
 		score = 75
 		quality = 85
@@ -295472,8 +295920,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Dotnettojscript_Languagemodebreakout : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/FuzzySecurity/DotNetToJScript-LanguageModeBreakout"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4311-L4324"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4311-L4324"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "de83b8138f49fe6aced5d9ebe77104f780496630f35550fbf0244429a2cb4917"
 		score = 75
 		quality = 85
@@ -295495,8 +295943,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpermission : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/mitchmoser/SharPermission"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4326-L4339"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4326-L4339"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "061a7ba9fb838b59a96e480356309af0c4b02d3ba3f2e83944c8dd98b739f6b6"
 		score = 75
 		quality = 85
@@ -295518,8 +295966,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Registrystrikesback : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/mdsecactivebreach/RegistryStrikesBack"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4341-L4354"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4341-L4354"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1e2aa9ddf6cbf35cb636e35c18159468ec98eb2c30078c2a1a2a635d14599959"
 		score = 75
 		quality = 85
@@ -295541,8 +295989,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Clonevault : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/mdsecactivebreach/CloneVault"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4356-L4369"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4356-L4369"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "830802635e6fc9e364ec574bc9f04b062100c46bfbed7029f437c0392ce983bc"
 		score = 75
 		quality = 85
@@ -295564,8 +296012,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Donut : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/TheWover/donut"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4371-L4387"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4371-L4387"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aae1ca872f60ddc6919938e55d98d27bf88fb382e8d47c06cfc3d3e795ce9f2a"
 		score = 75
 		quality = 85
@@ -295590,8 +296038,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharphandler : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/jfmaes/SharpHandler"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4389-L4403"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4389-L4403"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3aee0d00306603786fdcf828dc2b1a2faed6c8e651b56eb1985c1b640966da20"
 		score = 75
 		quality = 85
@@ -295614,8 +296062,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Driver_Template : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/FuzzySecurity/Driver-Template"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4405-L4418"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4405-L4418"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6d8e59b58b7d9d15b9bbafd70a2e303e2b275f9a81fc66ea60b1ffd4a4601207"
 		score = 75
 		quality = 85
@@ -295637,8 +296085,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Nashavm : FILE
 		date = "2021-01-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/Mrakovic-ORG/NashaVM"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4420-L4433"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4420-L4433"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b472d072c39e35c476fa9f0fbca8bf0125ca9359f2e6aac7da58f66ea1b11ed6"
 		score = 75
 		quality = 85
@@ -295660,8 +296108,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsqlpwn : FILE
 		date = "2022-11-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/lefayjey/SharpSQLPwn.git"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4435-L4448"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4435-L4448"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e9210d12c7a8d5973e33aa7bb559ce1c744fd7a810979bec37f95d731c3b50ac"
 		score = 75
 		quality = 85
@@ -295683,8 +296131,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Group3R : FILE
 		date = "2022-11-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/Group3r/Group3r.git"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4450-L4464"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4450-L4464"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "898569553257991c3776835ec10d5fae697e55bca9c14667ff72c079a095bbf1"
 		score = 75
 		quality = 85
@@ -295707,8 +296155,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Tokenstomp : FILE
 		date = "2022-11-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/MartinIngesen/TokenStomp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4466-L4479"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4466-L4479"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "931950e70ecfd3e87e535b32bd8af43d70b36670d5e0142e2fb95ed92c85fbd9"
 		score = 75
 		quality = 85
@@ -295730,8 +296178,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Krbrelay : FILE
 		date = "2022-11-21"
 		modified = "2025-08-15"
 		reference = "https://github.com/cube0x0/KrbRelay"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4481-L4495"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4481-L4495"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b5f8a3f6ba7ba5fa59cdc52337f92256257ec0994ae16fce074d70ad5afa3bc6"
 		score = 75
 		quality = 85
@@ -295754,8 +296202,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sqlrecon : FILE
 		date = "2023-01-20"
 		modified = "2025-08-15"
 		reference = "https://github.com/skahwah/SQLRecon"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4497-L4510"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4497-L4510"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d1cf5a34a09ed323aeee69080e2f046b613f18294328529a4cca1c49c14da575"
 		score = 75
 		quality = 85
@@ -295777,8 +296225,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Certify : FILE
 		date = "2023-03-06"
 		modified = "2025-08-11"
 		reference = "https://github.com/GhostPack/Certify"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4512-L4527"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4512-L4527"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "da585a8d4985082873cb86204d546d3f53668e034c61e42d247b11e92b5e8fc3"
 		logic_hash = "cc31eb8f11f8c48d8c6d34c343c273ac085fdac214ffc7521d26b4a19edd0c4c"
 		score = 75
@@ -295802,8 +296250,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Aladdin : FILE
 		date = "2023-03-13"
 		modified = "2025-08-15"
 		reference = "https://github.com/nettitude/Aladdin"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4529-L4544"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4529-L4544"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e038ea5b2caed819df725e454ad31ba00b2b1b356875eecd73f2b8a0908c2e33"
 		score = 75
 		quality = 85
@@ -295827,8 +296275,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpldaprelayscan : FILE
 		date = "2023-03-15"
 		modified = "2025-08-15"
 		reference = "https://github.com/klezVirus/SharpLdapRelayScan"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4546-L4559"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4546-L4559"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d0b9573ee9893225c5621d02f99f67296193d93a42390125611fe0560bc95fa9"
 		score = 75
 		quality = 85
@@ -295850,8 +296298,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Ldapsigncheck : FILE
 		date = "2023-03-15"
 		modified = "2025-08-15"
 		reference = "https://github.com/cube0x0/LdapSignCheck"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4561-L4574"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4561-L4574"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ffeee319b4161611e3e792aaec2e74c8e368d69c7f5ba9738105f536590099e8"
 		score = 75
 		quality = 85
@@ -295873,8 +296321,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsccm : FILE
 		date = "2023-03-15"
 		modified = "2025-08-15"
 		reference = "https://github.com/Mayyhem/SharpSCCM"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4576-L4590"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4576-L4590"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a6650a1a2ad710b85363ea04d66f2467b835bc7bd1097404238f67e07cc3f719"
 		score = 75
 		quality = 85
@@ -295897,8 +296345,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Koh : FILE
 		date = "2023-03-18"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/Koh"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4592-L4605"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4592-L4605"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dbb36a1a8f559d10152d14459509408b14f3dc52a685d81f3a3d5e936f5e2a66"
 		score = 75
 		quality = 85
@@ -295920,8 +296368,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Forgecert : FILE
 		date = "2023-03-18"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/ForgeCert"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4607-L4620"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4607-L4620"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4cb79315afc5aae2b35a1d171e8cff34304534a8970b51831568d34135e5c5e6"
 		score = 75
 		quality = 85
@@ -295943,8 +296391,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Crassus : FILE
 		date = "2023-03-18"
 		modified = "2025-08-15"
 		reference = "https://github.com/vu-ls/Crassus"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4622-L4635"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4622-L4635"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c6442a8bd4737f0a874c388c74a632bea29c0c8b8c7cc132ad4f145d7a73446b"
 		score = 75
 		quality = 85
@@ -295966,8 +296414,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Restrictedadmin : FILE
 		date = "2023-03-18"
 		modified = "2025-08-15"
 		reference = "https://github.com/GhostPack/RestrictedAdmin"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4637-L4650"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4637-L4650"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "876d0a89429c3e504696a63056b154acacdfa44fddba23298c2432accb71dfd2"
 		score = 75
 		quality = 85
@@ -295989,8 +296437,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_P2P : FILE
 		date = "2023-03-19"
 		modified = "2025-08-15"
 		reference = "https://github.com/miroslavpejic85/p2p"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4652-L4665"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4652-L4665"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5cdbf5555f4a0dbcbd206708e8678d69ed64f20f734425becd5809396fcfa4b4"
 		score = 75
 		quality = 85
@@ -296012,8 +296460,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpwsus : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/nettitude/SharpWSUS"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4667-L4680"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4667-L4680"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e42a5341d03da8b7efedb6bb71b2d908881a7b0df9101e8ad56984a3372915fe"
 		score = 75
 		quality = 85
@@ -296035,8 +296483,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpimpersonation : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/S3cur3Th1sSh1t/SharpImpersonation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4682-L4695"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4682-L4695"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1fd989607bb22f903ad85905ae4fe9f84aa429f75cedd482a318d8cb6c37af19"
 		score = 75
 		quality = 85
@@ -296058,8 +296506,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcloud : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/chrismaddalena/SharpCloud"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4697-L4710"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4697-L4710"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b57f9577edcc15aef82f4fb7ceaf33bce73ae5e9d94b33152da49663a9a8f0c9"
 		score = 75
 		quality = 85
@@ -296081,8 +296529,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpssdp : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/rvrsh3ll/SharpSSDP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4712-L4725"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4712-L4725"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3bb849d481b4db321374e084c5bc83fef683fab5f70a429d79d72988f77d8403"
 		score = 75
 		quality = 85
@@ -296104,8 +296552,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Wiretap : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/djhohnstein/WireTap"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4727-L4740"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4727-L4740"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8dfe01e827fca5b6a2abb847b1615bf71c9d98ea7213b02aa94bb8691d085ac5"
 		score = 75
 		quality = 85
@@ -296127,8 +296575,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Kittylitter : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/djhohnstein/KittyLitter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4742-L4757"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4742-L4757"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e0cfb39be4d51d2a929712e4f82851b9cafb46643e1403cd4ea8414624a0a2b6"
 		score = 75
 		quality = 85
@@ -296152,8 +296600,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpview : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/tevora-threat/SharpView"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4759-L4772"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4759-L4772"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b87f7c5c4d72a5d9d0f493720388f4328dc519677cc8cc218c4f0f95cc970a1e"
 		score = 75
 		quality = 85
@@ -296175,8 +296623,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Farmer : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/mdsecactivebreach/Farmer"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4774-L4790"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4774-L4790"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3e8559dd84fdc698c47acdf19a3f28fe094c96a36d645422f69ad905df5b2263"
 		score = 75
 		quality = 85
@@ -296201,8 +296649,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Aesshellcodeinjector : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/san3ncrypt3d/AESShellCodeInjector"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4792-L4805"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4792-L4805"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "38858c4e5f13eea32d47178a9221a35be92c9fbb408a542a712ce9b708591e42"
 		score = 75
 		quality = 85
@@ -296224,8 +296672,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpchromium : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/djhohnstein/SharpChromium"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4807-L4820"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4807-L4820"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f675d60987e5791550dff9cccc00109a2e30971de12c7f4c77288cf34122f7f2"
 		score = 75
 		quality = 85
@@ -296247,8 +296695,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Get_RBCD_Threaded : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/FatRodzianko/Get-RBCD-Threaded"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4822-L4835"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4822-L4835"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a3cb7097f5fd5a2e5eac5ace774ea4e7f845989ee953f5aa140b0e05f3d04380"
 		score = 75
 		quality = 85
@@ -296270,8 +296718,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Whisker : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/eladshamir/Whisker"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4837-L4850"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4837-L4850"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2d0e0436f83b5e4c4e2e7ef7237d5769a901f35b0462d5396bb5e398a72176dd"
 		score = 75
 		quality = 85
@@ -296293,8 +296741,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Shadowspray : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/Dec0ne/ShadowSpray"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4852-L4865"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4852-L4865"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d45c8c20a782dbcb80db5c990ce02f6227e40a8b6d9875b1158735c5a53d4771"
 		score = 75
 		quality = 85
@@ -296316,8 +296764,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Malsccm : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/nettitude/MalSCCM"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4867-L4880"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4867-L4880"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "064835e594c8e28903e5e18aa63c8bda53e74ddb3b8eda813ac62c7677b4e3fc"
 		score = 75
 		quality = 85
@@ -296339,8 +296787,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Spoolsample : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/leechristensen/SpoolSample"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4882-L4895"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4882-L4895"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8633b34f478b3d581f9403909d2ee20e7049d3ea02ecaf4fcb5dd61909681ba4"
 		score = 75
 		quality = 85
@@ -296362,8 +296810,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpoxidresolver : FILE
 		date = "2023-03-22"
 		modified = "2025-08-15"
 		reference = "https://github.com/S3cur3Th1sSh1t/SharpOxidResolver"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4897-L4910"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4897-L4910"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "168d2d817fecdb9a457af26668f6e543556901151b025d322a4cfd63106cafed"
 		score = 75
 		quality = 85
@@ -296385,8 +296833,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpcat : FILE
 		date = "2023-11-30"
 		modified = "2025-08-18"
 		reference = "https://github.com/theart42/Sharpcat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4912-L4924"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4912-L4924"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "143757610d66c5d7bbba96ef810d518f38ad8ea0e924be23aa59e8c514154fe0"
 		score = 75
 		quality = 83
@@ -296408,8 +296856,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpnamedpipepth : FILE
 		date = "2023-11-30"
 		modified = "2025-08-18"
 		reference = "https://github.com/S3cur3Th1sSh1t/SharpNamedPipePTH"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4926-L4938"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4926-L4938"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "437a8a41073174e86f642717537bdeeb5343cc8683c95477a52d6801a46aac21"
 		score = 75
 		quality = 83
@@ -296431,8 +296879,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharptokenfinder : FILE
 		date = "2023-12-06"
 		modified = "2025-08-18"
 		reference = "https://github.com/HuskyHacks/SharpTokenFinder"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4940-L4952"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4940-L4952"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f9681a13b094b6e05cab69f0684d52e3bb3b465cfcdb1c83a890c9c8fda79169"
 		score = 75
 		quality = 83
@@ -296454,8 +296902,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharprodc : FILE
 		date = "2023-12-06"
 		modified = "2025-08-18"
 		reference = "https://github.com/wh0amitz/SharpRODC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4954-L4966"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4954-L4966"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3d24237804509d2bf241f7310843591608a9d7e8abb38eb324aa5909995ebfaf"
 		score = 75
 		quality = 83
@@ -296477,8 +296925,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Gmsapasswordreader : FILE
 		date = "2023-12-06"
 		modified = "2025-08-18"
 		reference = "https://github.com/rvazarkar/GMSAPasswordReader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4968-L4980"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4968-L4980"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8db260b15b8b8158e5f66268b9086b456386af017e4351025ea27b9f994e5bf5"
 		score = 75
 		quality = 83
@@ -296500,8 +296948,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Sharpsharefinder : FILE
 		date = "2023-12-19"
 		modified = "2025-08-18"
 		reference = "https://github.com/mvelazc0/SharpShareFinder"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4982-L4994"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4982-L4994"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "72b2c6c9f4da68ba8e9656ff2d9da962f9d791f031c1d7fb74d74ddd17ba49de"
 		score = 75
 		quality = 83
@@ -296523,8 +296971,8 @@ rule SIGNATURE_BASE_HKTL_NET_GUID_Postdump : FILE
 		date = "2023-12-19"
 		modified = "2025-08-18"
 		reference = "https://github.com/YOLOP0wn/POSTDump"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_net_redteam_tools_guids.yar#L4997-L5009"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_net_redteam_tools_guids.yar#L4997-L5009"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e5bbef2fe7122855d7e5300ebf78631149e60b08793a4a21a4ac8b337f4bee60"
 		score = 75
 		quality = 83
@@ -296546,8 +296994,8 @@ rule SIGNATURE_BASE_Mimikatz_Kirbi_Ticket : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_kirbi_mimkatz.yar#L10-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_kirbi_mimkatz.yar#L10-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2a62c24954d64346e419985ef5bf2b357b2aee41ac6b33d379dbd65cf5c9f92b"
 		score = 75
 		quality = 85
@@ -296569,8 +297017,8 @@ rule SIGNATURE_BASE_Bluenoroffpos_DLL
 		date = "2018-06-07"
 		modified = "2023-12-05"
 		reference = "http://blog.trex.re.kr/3?category=737685"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_bluenoroff_pos.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_bluenoroff_pos.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "39f23045b3e5ef60c199091b7f01ac2a3a31bcb95219aebb9a4cfd0764886f19"
 		score = 75
 		quality = 73
@@ -296598,8 +297046,8 @@ rule SIGNATURE_BASE_Sofacy_Fybis_ELF_Backdoor_Gen1 : FILE
 		date = "2016-02-13"
 		modified = "2023-01-27"
 		reference = "http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_fysbis.yar#L9-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_fysbis.yar#L9-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fb5239aa75512c8c83b066e64b75469f90fb22cb0918af1e44edb29e7ab38206"
 		score = 80
 		quality = 85
@@ -296631,8 +297079,8 @@ rule SIGNATURE_BASE_Sofacy_Fysbis_ELF_Backdoor_Gen2 : FILE
 		date = "2016-02-13"
 		modified = "2023-12-05"
 		reference = "http://researchcenter.paloaltonetworks.com/2016/02/a-look-into-fysbis-sofacys-linux-backdoor/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_fysbis.yar#L37-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_fysbis.yar#L37-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1d50a789e9c43fce27f3ad390cbdd9533c61e4f263cec1aa1abfba6545e55c57"
 		score = 80
 		quality = 85
@@ -296659,8 +297107,8 @@ rule SIGNATURE_BASE_Zxshell_Related_Malware_CN_Group_Jul17_1 : FILE
 		date = "2017-07-08"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/cat-phishing/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_zxshell.yar#L12-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_zxshell.yar#L12-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "30195ff91bd62e32784040f9ec2cf72db90ef1c75056abfd9740f35ce1baccd9"
 		score = 75
 		quality = 85
@@ -296688,8 +297136,8 @@ rule SIGNATURE_BASE_Zxshell_Related_Malware_CN_Group_Jul17_2 : FILE
 		date = "2017-07-08"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/cat-phishing/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_zxshell.yar#L32-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_zxshell.yar#L32-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d7c9f2af3842d60cf4b0b64bdb687a32014b449b42b101394e0424c12fc2808e"
 		score = 75
 		quality = 85
@@ -296723,8 +297171,8 @@ rule SIGNATURE_BASE_Zxshell_Related_Malware_CN_Group_Jul17_3 : FILE
 		date = "2017-07-08"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/cat-phishing/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_zxshell.yar#L60-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_zxshell.yar#L60-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1d7dd59cf6ef24ce47431f9f3fbc980019880082b4e6162bae70b64abaa26db7"
 		score = 75
 		quality = 85
@@ -296748,8 +297196,8 @@ rule SIGNATURE_BASE_Zxshell_Jul17 : FILE
 		date = "2017-07-08"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/cat-phishing/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_zxshell.yar#L76-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_zxshell.yar#L76-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2c7467417ffc8b0ed3037ace9ce4183c9d4a90d1c087a420dd3c7a9c422621b1"
 		score = 75
 		quality = 85
@@ -296785,8 +297233,8 @@ rule SIGNATURE_BASE_Zxshell_20171211_Chrsben : FILE
 		date = "2017-12-11"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/snc85M"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_zxshell.yar#L115-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_zxshell.yar#L115-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "361441404582b0eaca25954f7fe1a3a3b9fefd15cac78d61408bc50aeb78bb61"
 		score = 75
 		quality = 85
@@ -296812,8 +297260,8 @@ rule SIGNATURE_BASE_KR_Target_Malware_Aug17 : FILE
 		date = "2017-08-23"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/eyalsela/status/900250203097354240"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_kr_malware.yar#L11-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_kr_malware.yar#L11-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "47c3350b489b023687f05f55a09f0092456c87b4beeda563756a99ccd5091b09"
 		score = 75
 		quality = 85
@@ -296843,8 +297291,8 @@ rule SIGNATURE_BASE_EXPL_Citrix_Netscaler_ADC_Forensicartifacts_CVE_2023_3519_Ju
 		date = "2023-07-21"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/sites/default/files/2023-07/aa23-201a_csa_threat_actors_exploiting_citrix-cve-2023-3519_to_implant_webshells.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L27-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L27-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "48d4225d0935084003f7a98c554d7c4722a91290dfe190001da52bce332b3f7d"
 		score = 70
 		quality = 85
@@ -296867,8 +297315,8 @@ rule SIGNATURE_BASE_EXPL_Citrix_Netscaler_ADC_Forensicartifacts_CVE_2023_3519_Ju
 		date = "2023-07-24"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/citrix-zero-day-espionage"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L43-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L43-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e78e1a788503b841ed0f4e5cd415eb35d8911092778120d7fd061ed20820da37"
 		score = 70
 		quality = 85
@@ -296895,11 +297343,11 @@ rule SIGNATURE_BASE_LOG_EXPL_Citrix_Netscaler_ADC_Exploitation_Attempt_CVE_2023_
 		date = "2023-07-27"
 		modified = "2023-12-05"
 		reference = "https://blog.assetnote.io/2023/07/24/citrix-rce-part-2-cve-2023-3519/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L63-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L63-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7ad3164c5b2616b12a513a2bb3736d530769e75fca03346a72351a27b8343b2a"
 		score = 65
-		quality = 60
+		quality = 85
 		tags = "CVE-2023-3519"
 
 	strings:
@@ -296918,8 +297366,8 @@ rule SIGNATURE_BASE_WEBSHELL_SECRETSAUCE_Jul23_1 : CVE_2023_3519 FILE
 		date = "2023-07-24"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/citrix-zero-day-espionage"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L79-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_citrix_netscaler_adc_exploitation_cve_2023_3519.yar#L79-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c762d46ae43a3e10453c2ee17039812a06086ac85bdb000cf8308f5196a9dee2"
 		score = 85
 		quality = 85
@@ -296945,8 +297393,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Metasploitpayload : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L10-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L10-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1399818f71544245a7b689a7eb4da794b10814590e4c5f545fc28237ffa3d0f6"
 		score = 75
 		quality = 85
@@ -296970,8 +297418,8 @@ rule SIGNATURE_BASE_Empire_Exploit_Jenkins : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L26-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L26-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "caf65814a1aeb0e14ec6430f7d5692b9c090bdc0d453566f0b0abd703f74bac7"
 		score = 75
 		quality = 85
@@ -296996,8 +297444,8 @@ rule SIGNATURE_BASE_Empire_Get_Securitypackages : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L43-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L43-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2d63fdcc6713d2f7645b16cf3e79a6e951c7751a10bfa0e2853def47ea9547d2"
 		score = 75
 		quality = 85
@@ -297021,8 +297469,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Powerdump : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L59-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L59-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e460d015be54a88d0eb5741a9c32cf6d7a410e0beb5356402af0dd19d1b4c6f2"
 		score = 75
 		quality = 85
@@ -297047,8 +297495,8 @@ rule SIGNATURE_BASE_Empire_Install_SSP : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L76-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L76-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bf0966d0141d4606983f267face635ef5fddbc73282f02f0a0ae6fcf89f2e6dc"
 		score = 75
 		quality = 85
@@ -297071,8 +297519,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Shellcodemsil : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L91-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L91-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eb556fb8b558145e7e981ab3c3ccfb2656512498b917c705e53bc5b9f3650155"
 		score = 75
 		quality = 85
@@ -297098,8 +297546,8 @@ rule SIGNATURE_BASE_HKTL_Empire_Powerup : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L109-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L109-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d55674866a1a14d4f4c2b5529e47e005ca4b433383bf112af6da41d7f84afdb7"
 		score = 75
 		quality = 85
@@ -297122,8 +297570,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Mimikatz_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L124-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L124-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a28297025b9b0178ab437996ffd3e0c28526f1edaf61db659093fe41a356cf40"
 		score = 75
 		quality = 85
@@ -297147,8 +297595,8 @@ rule SIGNATURE_BASE_Empire_Get_Gpppassword : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L140-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L140-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3c879e50805e8b89fc8f3a7c7da2c8e906c89f210ab74194daca6b0ba2d312ba"
 		score = 75
 		quality = 85
@@ -297173,8 +297621,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Smbscanner : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L157-L171"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L157-L171"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5feb32dd0fc5271256dc4a088b9b02b591dbe584759db7ee4f5a6c99f42c3c0c"
 		score = 75
 		quality = 85
@@ -297198,8 +297646,8 @@ rule SIGNATURE_BASE_Empire_Exploit_Jboss : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L173-L190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L173-L190"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a0eef14c3966745a0f2b7eb404eed122a11eea2fb82884ebd2087b3ab90bff93"
 		score = 75
 		quality = 85
@@ -297226,8 +297674,8 @@ rule SIGNATURE_BASE_Empire_Dumpcredstore : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L192-L207"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L192-L207"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7136920e531d7ab621e743c5c89c0d817fe453108878e3c808814ca48ad57fb3"
 		score = 75
 		quality = 85
@@ -297252,8 +297700,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Egresscheck : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L209-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L209-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "693564e0bd98ebd03cd433d8ba1003051a5cf6b1f0c05d3c5a4682e6d667327e"
 		score = 75
 		quality = 85
@@ -297276,8 +297724,8 @@ rule SIGNATURE_BASE_Empire_Reflectivepick_X64_Orig : FILE
 		date = "2016-11-05"
 		modified = "2022-12-21"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L224-L240"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L224-L240"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a87c5f1da9c490887cba5e9837ca40ac92b63d8c36b682f4be770ac061b5acdf"
 		score = 75
 		quality = 85
@@ -297301,8 +297749,8 @@ rule SIGNATURE_BASE_Empire_Out_Minidump : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L242-L256"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L242-L256"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7ce4ac95ac942a2ad758b1d9034e6ec50d25d195ba1c2ae95a90a7490708e485"
 		score = 75
 		quality = 85
@@ -297326,8 +297774,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Psexec : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L258-L273"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L258-L273"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "86af63a3be5b4940966932b129edbe4cca5ac1a31d120ba44fdca739e9c97ad4"
 		score = 75
 		quality = 85
@@ -297352,8 +297800,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Postexfil : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L275-L289"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L275-L289"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "74602d1c4986e6392df8845e0ed713499aa3b93c64e9d68e95f9dbaf60fe4299"
 		score = 75
 		quality = 85
@@ -297377,8 +297825,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Smbautobrute : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L291-L305"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L291-L305"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dd87a5d3a710017953c8c19862e4daee25de0e57175cab8246eea6d067fcb4d1"
 		score = 75
 		quality = 85
@@ -297402,8 +297850,8 @@ rule SIGNATURE_BASE_Empire_Get_Keystrokes : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L307-L320"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L307-L320"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "710e1bbf517c6683bd3082786e605cb8e6a52460f9c96609610e5ab38800dc79"
 		score = 75
 		quality = 85
@@ -297426,8 +297874,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Dllinjection : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L322-L335"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L322-L335"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "450ca96dd7c80275d7e4eaf07a7229e27530c373b8d79af5be8f4a741daef448"
 		score = 75
 		quality = 85
@@ -297450,8 +297898,8 @@ rule SIGNATURE_BASE_Empire_Keepassconfig : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L337-L350"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L337-L350"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "044c8a326ee6cc74a918e6c28100032bfd2fb396ddab8683ab11e00f9370ab2a"
 		score = 75
 		quality = 85
@@ -297474,8 +297922,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Sshcommand : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L352-L367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L352-L367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3749c3d58335cb08bff66fe3126fc4977261576a9fbedbd7da673e3921364850"
 		score = 75
 		quality = 85
@@ -297500,8 +297948,8 @@ rule SIGNATURE_BASE_Empire_Powershell_Framework_Gen1 : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L371-L390"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L371-L390"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "074423d30c5ef419d1ca9433477d8a896086cec84eb939270ce51d3965b6b1a2"
 		score = 75
 		quality = 85
@@ -297530,8 +297978,8 @@ rule SIGNATURE_BASE_Empire_Powerup_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L392-L407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L392-L407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4086b057b46cac85bb871d2d4363d4ae4c99a160e5c9625e4d41e3df55fece2d"
 		score = 75
 		quality = 85
@@ -297556,8 +298004,8 @@ rule SIGNATURE_BASE_Empire_Powershell_Framework_Gen2 : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L409-L428"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L409-L428"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e3cb63d0c3278ee4d04cb4b1d6ebe817fb3da97d25e2581f95bd43ecd5142b30"
 		score = 75
 		quality = 85
@@ -297586,8 +298034,8 @@ rule SIGNATURE_BASE_Empire_Agent_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L430-L447"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L430-L447"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ed8aee7ac6c1d93b21cc1aa5c3c18df1566692c63a010715a3aae65e18fffa60"
 		score = 75
 		quality = 85
@@ -297614,8 +298062,8 @@ rule SIGNATURE_BASE_Empire_Powershell_Framework_Gen3 : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L449-L467"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L449-L467"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "933fe27c54e90806a21082b4d2e4cbb3491374e48834a64c0d6a520c537d145e"
 		score = 75
 		quality = 85
@@ -297643,8 +298091,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Inveighrelay_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L469-L484"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L469-L484"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "183a0afa9233e380471ddfa8f85e6c6555d69c785c9a4e8791e19432b6849558"
 		score = 75
 		quality = 85
@@ -297669,8 +298117,8 @@ rule SIGNATURE_BASE_Empire_Keepassconfig_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L486-L500"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L486-L500"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "986f299d2b6e2ec47acae09d8a25b6c45caf83c964208c594433308cd11ad264"
 		score = 75
 		quality = 85
@@ -297694,8 +298142,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Portscan_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L502-L517"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L502-L517"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "05e786dc42ee5ec56197803577d104595ad6554e028b7633b2f7fdf55a63e27c"
 		score = 75
 		quality = 85
@@ -297720,8 +298168,8 @@ rule SIGNATURE_BASE_Empire_Powershell_Framework_Gen4 : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L519-L545"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L519-L545"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "314574a463f9cc772702d5e3358f5280b2805298fedb89c14786518a4832d63b"
 		score = 75
 		quality = 85
@@ -297757,8 +298205,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Credentialinjection_Invoke_Mimikatz_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L547-L563"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L547-L563"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3210b4407c3209a20d74c8c5af66077cc9b902912ae49253883b7acd87eef1f9"
 		score = 75
 		quality = 60
@@ -297784,8 +298232,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Gen : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L565-L582"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L565-L582"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "11d00ea1f40d34cfd3417db337a01eca39b0e77049f74f0c591cd1d388a8d194"
 		score = 75
 		quality = 85
@@ -297812,8 +298260,8 @@ rule SIGNATURE_BASE_Empire_Powershell_Framework_Gen5 : FILE
 		date = "2016-11-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/adaptivethreat/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_empire.yar#L584-L601"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_empire.yar#L584-L601"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "115fffabb09ed00ab46c6f980c3a7727070a303cafa900cc1ce04e3999b6b70e"
 		score = 75
 		quality = 85
@@ -297840,8 +298288,8 @@ rule SIGNATURE_BASE_SNOWGLOBE_Babar_Malware : FILE
 		date = "2015-02-18"
 		modified = "2023-12-05"
 		reference = "http://motherboard.vice.com/read/meet-babar-a-new-malware-almost-certainly-created-by-france"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_snowglobe_babar.yar#L4-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_snowglobe_babar.yar#L4-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "27a0a98053f3eed82a51cdefbdfec7bb948e1f36"
 		logic_hash = "a93425a95efe471b815e2daf0b5e290b3472b722c6a48f8c22f0a6e9c588ffc9"
 		score = 80
@@ -297878,8 +298326,8 @@ rule SIGNATURE_BASE_Reaver3_Malware_Nov17_1 : FILE
 		date = "2017-11-11"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_reaver_sunorcal.yar#L14-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_reaver_sunorcal.yar#L14-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa141a1d3868bd4a004794bf51dc20086eb2e1446e1fa374834a6f2d84940c0d"
 		score = 75
 		quality = 85
@@ -297903,8 +298351,8 @@ rule SIGNATURE_BASE_Reaver3_Malware_Nov17_2 : FILE
 		date = "2017-11-11"
 		modified = "2023-01-06"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_reaver_sunorcal.yar#L29-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_reaver_sunorcal.yar#L29-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f987876dae35d17fb3ac0d4d3cfe1e00f8977aa696194cc48e53ac1db9d55fca"
 		score = 75
 		quality = 85
@@ -297933,8 +298381,8 @@ rule SIGNATURE_BASE_Reaver3_Malware_Nov17_3 : FILE
 		date = "2017-11-11"
 		modified = "2023-01-06"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_reaver_sunorcal.yar#L55-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_reaver_sunorcal.yar#L55-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "32654255102aee872402b0910422701f3cd4d0b2b8fc6e83440f325923ab9e2f"
 		score = 75
 		quality = 85
@@ -297965,8 +298413,8 @@ rule SIGNATURE_BASE_Sunorcal_Malware_Nov17_1 : FILE
 		date = "2017-11-11"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/11/unit42-new-malware-with-ties-to-sunorcal-discovered/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_reaver_sunorcal.yar#L82-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_reaver_sunorcal.yar#L82-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "88e6280c04b12b1d8530bafb44afc180685550f1f6bcefb731b3247f6a9529a2"
 		score = 75
 		quality = 85
@@ -297998,8 +298446,8 @@ rule SIGNATURE_BASE_Tophat_Malware_Jan18_1 : FILE
 		date = "2018-01-29"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/#appendix"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_tophat.yar#L13-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_tophat.yar#L13-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "69a1e1105b28d66203f74e68038efacc926e501e28a73865485adf2fd7fc0ac0"
 		score = 75
 		quality = 85
@@ -298030,8 +298478,8 @@ rule SIGNATURE_BASE_Tophat_Malware_Jan18_2 : FILE
 		date = "2018-01-29"
 		modified = "2023-01-06"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/#appendix"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_tophat.yar#L38-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_tophat.yar#L38-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2321e89559363c04ef0e92a9c9e03d11ff27410103b3aaba954b544e33961b2f"
 		score = 75
 		quality = 85
@@ -298059,8 +298507,8 @@ rule SIGNATURE_BASE_Tophat_BAT : FILE
 		date = "2018-01-29"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-the-tophat-campaign-attacks-within-the-middle-east-region-using-popular-third-party-services/#appendix"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_tophat.yar#L62-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_tophat.yar#L62-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5dc58fa39d8b2aed95b39da575191fe5d10d5dd95b57c320cde8983505e7184f"
 		score = 75
 		quality = 85
@@ -298086,8 +298534,8 @@ rule SIGNATURE_BASE_MAL_Webmonitor_RAT : FILE
 		date = "2018-04-13"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/04/unit42-say-cheese-webmonitor-rat-comes-c2-service-c2aas/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_webmonitor_rat.yar#L1-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_webmonitor_rat.yar#L1-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fbf6368527a7bd841b7679d668d6b77ce720fd0f6bcbd5fa9ff6301ae72199ec"
 		score = 75
 		quality = 85
@@ -298124,8 +298572,8 @@ rule SIGNATURE_BASE_SUSP_Base64_Encoded_Hex_Encoded_Code
 		date = "2019-04-29"
 		modified = "2025-03-21"
 		reference = "https://www.nextron-systems.com/2019/04/29/spotlight-threat-hunting-yara-rule-example/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_obfuscation.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_obfuscation.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f1451e2dd0e4e70a0f39f609331762cce369642e9fadbef83d932da2a0a6c60b"
 		score = 65
 		quality = 85
@@ -298148,8 +298596,8 @@ rule SIGNATURE_BASE_SUSP_Reversed_Base64_Encoded_EXE : FILE
 		date = "2020-04-06"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_obfuscation.yar#L62-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_obfuscation.yar#L62-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0a2f1caf2235ee24f531c9f9a5ebdc0c97a90890218669749a4c83bede80a336"
 		score = 80
 		quality = 85
@@ -298178,8 +298626,8 @@ rule SIGNATURE_BASE_SUSP_Script_Base64_Blocks_Jun20_1
 		date = "2020-06-05"
 		modified = "2025-03-21"
 		reference = "https://posts.specterops.io/covenant-v0-5-eee0507b85ba"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_obfuscation.yar#L85-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_obfuscation.yar#L85-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7d456cbbbd76f543afe144a2876a02db834aa6b09ecd4d6aa2f25ce8eeac5de8"
 		score = 70
 		quality = 85
@@ -298201,8 +298649,8 @@ rule SIGNATURE_BASE_SUSP_Reversed_Hacktool_Author : FILE
 		date = "2020-06-10"
 		modified = "2025-03-21"
 		reference = "https://hackingiscool.pl/cmdhijack-command-argument-confusion-with-path-traversal-in-cmd-exe/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_obfuscation.yar#L100-L114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_obfuscation.yar#L100-L114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3681fb11dabf9905915d23f4198145b503a260d628415fd79ad71d7703ba9f6f"
 		score = 65
 		quality = 85
@@ -298224,8 +298672,8 @@ rule SIGNATURE_BASE_SUSP_Base64_Encoded_Hacktool_Dev : FILE
 		date = "2020-06-10"
 		modified = "2025-03-21"
 		reference = "https://twitter.com/cyb3rops/status/1270626274826911744"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_obfuscation.yar#L116-L136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_obfuscation.yar#L116-L136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7345a528a12f87e5cbcabccf649566a038dd2115e8aec4f39599e357c8c6d57f"
 		score = 65
 		quality = 85
@@ -298254,8 +298702,8 @@ rule SIGNATURE_BASE_Pirpi_1609_A : FILE
 		date = "2016-09-08"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_pirpi.yar#L10-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_pirpi.yar#L10-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "470745d0dd44c161ed6ec474f85531a3aca8ebb0adb98b902cb0b7465ca07d8b"
 		score = 75
 		quality = 85
@@ -298295,8 +298743,8 @@ rule SIGNATURE_BASE_Pirpi_1609_B : FILE
 		date = "2016-09-08"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_pirpi.yar#L45-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_pirpi.yar#L45-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4dafff80fb7bfcffccf96d991245c13b3208fd4f5a21488d7d6885758ef05078"
 		score = 75
 		quality = 85
@@ -298326,8 +298774,8 @@ rule SIGNATURE_BASE_APT_UA_Hermetic_Wiper_Feb22_1 : FILE
 		date = "2022-02-24"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/labs/hermetic-wiper-ukraine-under-attack/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ua_hermetic_wiper.yar#L2-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ua_hermetic_wiper.yar#L2-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1cf124f7533a060da8aff1a18f64a94b183502e58ffdfca012d72d99d30225ba"
 		score = 75
 		quality = 85
@@ -298369,8 +298817,8 @@ rule SIGNATURE_BASE_APT_UA_Hermetic_Wiper_Artefacts_Feb22_1
 		date = "2022-02-25"
 		modified = "2023-12-05"
 		reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ua_hermetic_wiper.yar#L40-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ua_hermetic_wiper.yar#L40-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5e917618a5172c68b4b32ba9e63402c2a98ccb027276b317ec169a4fef219de1"
 		score = 75
 		quality = 85
@@ -298403,8 +298851,8 @@ rule SIGNATURE_BASE_APT_UA_Hermetic_Wiper_Scheduled_Task_Feb22_1
 		date = "2022-02-25"
 		modified = "2023-12-05"
 		reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/ukraine-wiper-malware-russia"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ua_hermetic_wiper.yar#L72-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ua_hermetic_wiper.yar#L72-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "56368ba1c97fe3455312b6ee86dcd1a21677f7dfa3836e76ada4b236a5b2c171"
 		score = 85
 		quality = 85
@@ -298428,8 +298876,8 @@ rule SIGNATURE_BASE_MAL_OSX_Fancybear_Agent_Jul18_1 : FILE
 		date = "2018-07-15"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DrunkBinary/status/1018448895054098432"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fancybear_osxagent.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fancybear_osxagent.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "099235424f22f3591a891726ea0c13ebf831fae0456ab1b6baba329c090a9535"
 		score = 75
 		quality = 85
@@ -298457,8 +298905,8 @@ rule SIGNATURE_BASE_Bin_Ndisk : FILE
 		date = "2015-07-07"
 		modified = "2023-12-05"
 		reference = "https://www.virustotal.com/en/file/a03a6ed90b89945a992a8c69f716ec3c743fa1d958426f4c50378cca5bef0a01/analysis/1436184181/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hackingteam_rules.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hackingteam_rules.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cf5089752ba51ae827971272a5b761a4ab0acd84"
 		logic_hash = "d93147e9631065eab35cbbc4ce112cfef92f81063cf8570bc021fbfe72811ab6"
 		score = 100
@@ -298488,8 +298936,8 @@ rule SIGNATURE_BASE_Hackingteam_Elevator_DLL : FILE
 		date = "2015-07-07"
 		modified = "2023-12-05"
 		reference = "http://t.co/EG0qtVcKLh"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hackingteam_rules.yar#L33-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hackingteam_rules.yar#L33-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b7ec5d36ca702cc9690ac7279fd4fea28d8bd060"
 		logic_hash = "f2860c0bb6176f7cc57cb703e9d4235c4cf0b9cc1c0e7c47fb4c8ba47155a616"
 		score = 70
@@ -298521,8 +298969,8 @@ rule SIGNATURE_BASE_Hackingteam_Elevator_EXE : FILE
 		date = "2015-07-07"
 		modified = "2023-12-05"
 		reference = "Hacking Team Disclosure elevator.c"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hackingteam_rules.yar#L58-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hackingteam_rules.yar#L58-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9261693b67b6e379ad0e57598602712b8508998c0cb012ca23139212ae0009a1"
 		logic_hash = "58f3c28fa69da0329a4cd5451a86260056076a9d0094965e9c23a63ef72cfc98"
 		score = 70
@@ -298558,8 +299006,8 @@ rule SIGNATURE_BASE_Invoke_Mimikatz
 		date = "2016-08-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/clymb3r/PowerShell/tree/master/Invoke-Mimikatz"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_invoke_mimikatz.yar#L10-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_invoke_mimikatz.yar#L10-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b9bfa54a64d6f6b8af97ec62c9102ccf0912a19b65fbd25a4836480e63497a00"
 		score = 75
 		quality = 85
@@ -298583,8 +299031,8 @@ rule SIGNATURE_BASE_MAL_LNX_Camarodragon_Sheel_Oct23 : FILE
 		date = "2023-10-06"
 		modified = "2023-12-05"
 		reference = "https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_camaro_dragon_oct23.yar#L2-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_camaro_dragon_oct23.yar#L2-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b06f645b766a099adb71c144bdced70c130735e75d5be6451f71077c7d3a5d19"
 		score = 85
 		quality = 85
@@ -298610,8 +299058,8 @@ rule SIGNATURE_BASE_MAL_LNX_Camarodragon_Horseshell_Oct23 : FILE
 		date = "2023-10-06"
 		modified = "2023-12-05"
 		reference = "https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_camaro_dragon_oct23.yar#L27-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_camaro_dragon_oct23.yar#L27-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "73adaa286b345cffd35e6ba017b3204d8818dcaeea8a48ca93959566461ac3ca"
 		score = 85
 		quality = 85
@@ -298642,8 +299090,8 @@ rule SIGNATURE_BASE_VUL_Jquery_Fileupload_CVE_2018_9206 : CVE_2018_9206
 		date = "2018-10-19"
 		modified = "2023-12-05"
 		reference = "https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vul_jquery_fileupload_cve_2018_9206.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vul_jquery_fileupload_cve_2018_9206.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ef7cc13130c60ece346802cb6efec96065f84407fb84b89703628fdf32c0ee53"
 		score = 75
 		quality = 85
@@ -298666,8 +299114,8 @@ rule SIGNATURE_BASE_CACTUSTORCH : FILE
 		date = "2017-07-31"
 		modified = "2023-12-05"
 		reference = "https://github.com/mdsecactivebreach/CACTUSTORCH"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_gen_cactustorch.yar#L11-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_gen_cactustorch.yar#L11-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "265287b27aa13840366dbb51ea58b2fdd10e0a57ff27d8deb52ff77dd71c26ad"
 		score = 75
 		quality = 85
@@ -298704,8 +299152,8 @@ rule SIGNATURE_BASE_Backdoor_Redosdru_Jun17 : HIGHVOL FILE
 		date = "2017-06-04"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/OOB3mH"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eternalblue_non_wannacry.yar#L12-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eternalblue_non_wannacry.yar#L12-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "99218c4decf98f02eb75c3c41a56f857a07779c68d30c4d16ca605052c4f9c3e"
 		score = 75
 		quality = 85
@@ -298738,8 +299186,8 @@ rule SIGNATURE_BASE_Backdoor_Nitol_Jun17 : FILE
 		date = "2017-06-04"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/OOB3mH"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eternalblue_non_wannacry.yar#L38-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eternalblue_non_wannacry.yar#L38-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9035b8bd74c284f170f8c9767d96580dba243786abaa3b2e79e05a981f8fa204"
 		score = 75
 		quality = 85
@@ -298771,8 +299219,8 @@ rule SIGNATURE_BASE_SUSP_Xored_URL_In_EXE : FILE
 		date = "2020-03-09"
 		modified = "2022-09-16"
 		reference = "https://twitter.com/stvemillertime/status/1237035794973560834"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_xor.yar#L4-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_xor.yar#L4-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2113324ae04a9022be4cf5c615ad231206eeefb5aa87a2236ec3c9deee9e7ec2"
 		score = 50
 		quality = 85
@@ -298812,8 +299260,8 @@ rule SIGNATURE_BASE_HKTL_EXPL_POC_Libssh_Auth_Bypass_CVE_2023_2283_Jun23_1 : CVE
 		date = "2023-06-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/github/securitylab/tree/1786eaae7f90d87ce633c46bbaa0691d2f9bf449/SecurityExploits/libssh/pubkey-auth-bypass-CVE-2023-2283"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_libssh_cve_2023_2283_jun23.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_libssh_cve_2023_2283_jun23.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4c3d54d7f4902c1da664e41096b5931e6534aaaf63243f12e05b81af63d8b28f"
 		score = 85
 		quality = 85
@@ -298835,8 +299283,8 @@ rule SIGNATURE_BASE_MAL_Payload_F5_BIG_IP_Exploitations_Jul20_1 : CVE_2020_5902
 		date = "2020-06-07"
 		modified = "2023-12-05"
 		reference = "https://research.nccgroup.com/2020/07/05/rift-f5-networks-k52145254-tmui-rce-vulnerability-cve-2020-5902-intelligence/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_f5_bigip_expl_payloads.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_f5_bigip_expl_payloads.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a3651081bb09452d80cba9f673a7b61c8ee2f47a12fb64d975eb63867688ee3b"
 		score = 75
 		quality = 85
@@ -298864,8 +299312,8 @@ rule SIGNATURE_BASE_Sysinternals_Tool_Anomaly : FILE
 		date = "2016-12-06"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_sysinternals_anomaly.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_sysinternals_anomaly.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "760795a51965197bd101ffbf0f7c8cfbbb16d2f443d0941de4a75c8f33f4cad0"
 		score = 50
 		quality = 85
@@ -298893,8 +299341,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Darkside_May21_1 : FILE
 		date = "2021-05-10"
 		modified = "2023-12-05"
 		reference = "https://app.any.run/tasks/020c1740-717a-4191-8917-5819aa25f385/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ransom_darkside.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ransom_darkside.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "84de92b0b36e373aa61e314a04597bd0578a04af34c501ae9071e5f4fa27c07a"
 		score = 75
 		quality = 85
@@ -298922,8 +299370,8 @@ rule SIGNATURE_BASE_MAL_Ransomware_Win_DARKSIDE_V1_1 : FILE
 		date = "2021-03-22"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ransom_darkside.yar#L25-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ransom_darkside.yar#L25-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1a700f845849e573ab3148daef1a3b0b"
 		logic_hash = "b3612510bd1f2ca7543e217e97037b02d312bcda2b2df16d9be3216749ea4beb"
 		score = 75
@@ -298945,8 +299393,8 @@ rule SIGNATURE_BASE_MAL_Dropper_Win_Darkside_1 : FILE
 		date = "2021-05-11"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ransom_darkside.yar#L39-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ransom_darkside.yar#L39-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "131b3666ae444e0de043eafdf7cfd3324b927d18d8ad56d5004ea09b2da5610e"
 		score = 75
 		quality = 79
@@ -298973,8 +299421,8 @@ rule SIGNATURE_BASE_MAL_Backdoor_Win_C3_1 : FILE
 		date = "2021-05-11"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/05/shining-a-light-on-darkside-ransomware-operations.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ransom_darkside.yar#L58-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ransom_darkside.yar#L58-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7cdac4b82a7573ae825e5edb48f80be5"
 		logic_hash = "369c54b9426edb449004466d30e1010ecefe8cfbea106306eb8eb90b27610dbf"
 		score = 75
@@ -299003,8 +299451,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Revil_Oct20_1 : FILE
 		date = "2020-10-13"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ransom_revil.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ransom_revil.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "756e49362c01abbca3208967630f09ed957e5c51956e0e5210b0167590582a82"
 		score = 75
 		quality = 85
@@ -299033,8 +299481,8 @@ rule SIGNATURE_BASE_NK_Miner_Malware_Jan18_1 : FILE
 		date = "2018-01-09"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/PChE1z"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_nkminer.yar#L11-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_nkminer.yar#L11-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eb75fe7d70b547a4774b74c01e11479949dfccb8645af330f87b51daaf0d8dbf"
 		score = 75
 		quality = 85
@@ -299071,8 +299519,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Unit78020_Sep15 : FILE
 		modified = "2023-01-31"
 		old_rule_name = "Unit78020_Malware_Gen1"
 		reference = "http://threatconnect.com/camerashy/?utm_campaign=CameraShy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unit78020_malware.yar#L8-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unit78020_malware.yar#L8-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "85244d4e2b9e03fa4ab8268ffbedffb839bca598b1e863d3d0b3914294d3ddf0"
 		score = 80
 		quality = 83
@@ -299119,8 +299567,8 @@ rule SIGNATURE_BASE_Unit78020_Malware_1 : FILE
 		date = "2015-09-24"
 		modified = "2023-12-05"
 		reference = "http://threatconnect.com/camerashy/?utm_campaign=CameraShy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unit78020_malware.yar#L60-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unit78020_malware.yar#L60-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a93d01f1cc2d18ced2f3b2b78319aadc112f611ab8911ae9e55e13557c1c791a"
 		logic_hash = "589dfb39630fd396b1f8c5d9d0ecccfc058edfd8e74e3bd06d1bfb9f91ad1798"
 		score = 75
@@ -299148,8 +299596,8 @@ rule SIGNATURE_BASE_Unit78020_Malware_Gen2 : FILE
 		date = "2015-09-24"
 		modified = "2023-12-05"
 		reference = "http://threatconnect.com/camerashy/?utm_campaign=CameraShy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unit78020_malware.yar#L80-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unit78020_malware.yar#L80-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fd3cb904499a985830543174126761a3cdcff134d61b93b1105a489c00bd042f"
 		score = 75
 		quality = 85
@@ -299180,8 +299628,8 @@ rule SIGNATURE_BASE_Unit78020_Malware_Gen3 : FILE
 		date = "2015-09-24"
 		modified = "2023-12-05"
 		reference = "http://threatconnect.com/camerashy/?utm_campaign=CameraShy"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unit78020_malware.yar#L103-L132"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unit78020_malware.yar#L103-L132"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "304b3f429e144f1f4b0f7794e77f3059ec6b3e5c6fdf4c7b820a77db1cf8cfcb"
 		score = 75
 		quality = 85
@@ -299218,8 +299666,8 @@ rule SIGNATURE_BASE_Tempracer : FILE
 		date = "2016-03-30"
 		modified = "2023-12-05"
 		reference = "http://www.darknet.org.uk/2016/03/tempracer-windows-privilege-escalation-tool/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_tempracer.yar#L10-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_tempracer.yar#L10-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e17d80c4822d16371d75e1440b6ac44af490b71fbee1010a3e8a5eca94d22bb3"
 		logic_hash = "37355456e13ea9fa6429b68970e0450f4ddbd8da81c070a0383b1e048a05e35a"
 		score = 75
@@ -299246,8 +299694,8 @@ rule SIGNATURE_BASE_Typical_Malware_String_Transforms : FILE
 		date = "2016-07-31"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_transformed_strings.yar#L10-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_transformed_strings.yar#L10-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1d3813e0d20b82ceda56d03589bb944f747dfe931396ed514fb6b36f72f98c26"
 		score = 60
 		quality = 83
@@ -299291,8 +299739,8 @@ rule SIGNATURE_BASE_APT15_Malware_Mar18_Royalcli : FILE
 		date = "2018-03-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HZ5XMN"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt15.yar#L13-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt15.yar#L13-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "27fb5e8ff299201d1d13f4a45c401570f76ddfa4c3c1153eff50187170ada06e"
 		score = 75
 		quality = 85
@@ -299322,8 +299770,8 @@ rule SIGNATURE_BASE_APT15_Malware_Mar18_Royaldns : FILE
 		date = "2018-03-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HZ5XMN"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt15.yar#L34-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt15.yar#L34-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5d42f48d7d816c0b0ea05145e9dd43b1b2589f3131bf286e1b39c0efaf1c6fac"
 		score = 75
 		quality = 85
@@ -299353,8 +299801,8 @@ rule SIGNATURE_BASE_APT15_Malware_Mar18_BS2005 : FILE
 		date = "2018-03-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HZ5XMN"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt15.yar#L61-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt15.yar#L61-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "306903da4ecc9f5bf670d8c49039dee0ce5500c185acaef74786a2c109a4734b"
 		score = 75
 		quality = 85
@@ -299385,8 +299833,8 @@ rule SIGNATURE_BASE_APT15_Malware_Mar18_Msexchangetool : FILE
 		date = "2018-03-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HZ5XMN"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt15.yar#L89-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt15.yar#L89-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4e9e29bc69383ab6248241622394afddde6e18032ed6e2b64575362773f25a94"
 		score = 75
 		quality = 85
@@ -299413,8 +299861,8 @@ rule SIGNATURE_BASE_Clean_Apt15_Patchedcmd : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt15.yar#L118-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt15.yar#L118-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "90d1f65cfa51da07e040e066d4409dc8a48c1ab451542c894a623bc75c14bf8f"
 		logic_hash = "08a68e14793d2f44ee75e49a43521c7d8bc1fc5ddd005e1fb71cc844966e16ba"
 		score = 75
@@ -299439,8 +299887,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Royalcli_1 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt15.yar#L133-L152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt15.yar#L133-L152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6df9b712ff56009810c4000a0ad47e41b7a6183b69416251e060b5c80cd05785"
 		logic_hash = "3cc0cd81db58e20fbf31fbd9fe65d113b7160e7d2b6739c01987d9e317099b9b"
 		score = 75
@@ -299471,8 +299919,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Royalcli_2 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt15.yar#L154-L167"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt15.yar#L154-L167"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c57ae92ba84355652cd56c8eaad3f277a8f514f8d078f053f3e8208b8bec535f"
 		score = 75
 		quality = 85
@@ -299497,8 +299945,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Royaldll
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt15.yar#L196-L243"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt15.yar#L196-L243"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bc937f6e958b339f6925023bc2af375d669084e9551fd3753e501ef26e36b39d"
 		logic_hash = "2ed0d38993a072da189f02233bd7cc0bf1be02e926f687db224f52de9b3a44fc"
 		score = 75
@@ -299528,8 +299976,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Royaldll_2 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt15.yar#L245-L261"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt15.yar#L245-L261"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bc937f6e958b339f6925023bc2af375d669084e9551fd3753e501ef26e36b39d"
 		logic_hash = "94e2b61ff19b1377f461203cb22c607e718683691e54a3de3ed32bf6ed2897fa"
 		score = 75
@@ -299555,8 +300003,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Exchange_Tool : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt15.yar#L263-L283"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt15.yar#L263-L283"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d21a7e349e796064ce10f2f6ede31c71"
 		logic_hash = "e7b5ac97f3dcf125e64001be53aca73ee19c1be8b192a762f231106c47f76867"
 		score = 75
@@ -299588,8 +300036,8 @@ rule SIGNATURE_BASE_Malware_Apt15_Generic
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt15.yar#L285-L307"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt15.yar#L285-L307"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e939a5ab4a4b2b289d5809e18dd57dd85e3da19a176719adba4707dfd605fc81"
 		score = 75
 		quality = 85
@@ -299612,8 +300060,8 @@ rule SIGNATURE_BASE_MAL_JS_Efile_Apr23_1
 		date = "2023-04-06"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/Ax_Sharma/status/1643178696084271104/photo/1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_efile_apr23.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_efile_apr23.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6d94162e5719b92d9df349e7d48cd70e218998b0e120870a435a8073fa49c532"
 		score = 75
 		quality = 85
@@ -299635,8 +300083,8 @@ rule SIGNATURE_BASE_MAL_PHP_Efile_Apr23_1
 		date = "2023-04-06"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/malwrhunterteam/status/1642988428080865281?s=12&t=C0_T_re0wRP_NfKa27Xw9w"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_efile_apr23.yar#L18-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_efile_apr23.yar#L18-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ec4ac3f5c19f506a70eacb5fe3173cc06bf20567bbc9a96f3b269910382e5fa2"
 		score = 75
 		quality = 85
@@ -299659,8 +300107,8 @@ rule SIGNATURE_BASE_Beacon_K5Om : FILE
 		date = "2017-06-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2017/06/phished-at-the-request-of-counsel.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt19.yar#L10-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt19.yar#L10-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4b1ec0fc6c0ad4e76c526f7568153bca62f9bffdd38a3b1eaa51a37a1dcab226"
 		score = 75
 		quality = 85
@@ -299689,8 +300137,8 @@ rule SIGNATURE_BASE_FE_LEGALSTRIKE_MACRO
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt19.yar#L34-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt19.yar#L34-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b38edeedcc02168d3ba7e82c3f5c6963ffc8ce1688eeb424ce686484f3687512"
 		score = 75
 		quality = 85
@@ -299715,8 +300163,8 @@ rule SIGNATURE_BASE_FE_LEGALSTRIKE_RTF : FILE
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt19.yar#L52-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt19.yar#L52-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "af811694076f7d53ee76713538839c4ec82c591518d59d5988dcb893bfd32ffe"
 		score = 75
 		quality = 85
@@ -299744,8 +300192,8 @@ rule SIGNATURE_BASE_WEBSHELL_JAVA_Versamem_JAR_Aug24_1 : FILE
 		date = "2024-08-27"
 		modified = "2024-08-29"
 		reference = "https://x.com/ryanaraine/status/1828440883315999117"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_volttyphoon_versamem.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_volttyphoon_versamem.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d21558eb6c8e700b8a4cb86fdaa5487179828152af68828e878397859d6d3952"
 		score = 75
 		quality = 85
@@ -299774,8 +300222,8 @@ rule SIGNATURE_BASE_WEBSHELL_JAVA_Versamem_JAR_Aug24_2 : FILE
 		date = "2024-08-29"
 		modified = "2024-12-12"
 		reference = "https://x.com/craiu/status/1828687700884336990"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_volttyphoon_versamem.yar#L27-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_volttyphoon_versamem.yar#L27-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0bdf3bf5130c51c1355f179704933ca473a702595c580642035c8d3b9aad5725"
 		score = 75
 		quality = 60
@@ -299798,8 +300246,8 @@ rule SIGNATURE_BASE_SUSP_RAR_Ntdsdit : FILE
 		date = "2019-12-16"
 		modified = "2022-11-15"
 		reference = "https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rar_exfil.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rar_exfil.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "12e527b040e02f573f2a6e0fac4ff99ec441bf189c9bb7e1f763619c079a5bfa"
 		score = 70
 		quality = 85
@@ -299823,8 +300271,8 @@ rule SIGNATURE_BASE_Oilrig_Rgdoor_Gen1 : FILE
 		date = "2018-01-27"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-oilrig-uses-rgdoor-iis-backdoor-targets-middle-east/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig_rgdoor.yar#L13-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig_rgdoor.yar#L13-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "896900f788337327d444495ba0cd4c7c327bb4f9166bc2a981a348cf2c34cbdb"
 		score = 80
 		quality = 85
@@ -299854,8 +300302,8 @@ rule SIGNATURE_BASE_Remsec_Executable_Blob_32
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_strider.yara#L8-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_strider.yara#L8-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1cfc43ab15b3d220a636c150315c30f5654e53fad67d20534ce4d5c00295e35e"
 		score = 80
 		quality = 85
@@ -299876,8 +300324,8 @@ rule SIGNATURE_BASE_Remsec_Executable_Blob_64
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_strider.yara#L22-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_strider.yara#L22-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "957e5b6afabec3fb1b169dd85d0e950107e219f7dec8ef779a18bd90d9824a97"
 		score = 80
 		quality = 85
@@ -299898,8 +300346,8 @@ rule SIGNATURE_BASE_Remsec_Executable_Blob_Parser
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_strider.yara#L36-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_strider.yara#L36-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2f6db962807c07ff1bbe8b53eeb386d7b0ac88f95b76439c0d8b65d597739bdd"
 		score = 80
 		quality = 85
@@ -299920,8 +300368,8 @@ rule SIGNATURE_BASE_Remsec_Encrypted_Api
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_strider.yara#L50-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_strider.yara#L50-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4f10c24a8480c17c2939fe3fecba2820b22f8a47bc2b2e73ac1080a355025d7c"
 		score = 80
 		quality = 85
@@ -299942,8 +300390,8 @@ rule SIGNATURE_BASE_Remsec_Packer_A
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_strider.yara#L64-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_strider.yara#L64-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b46a41686fbf1c63e8a8b583859f23bf789bc9f11ee6b1fb01bb08e602772e76"
 		score = 80
 		quality = 85
@@ -299964,8 +300412,8 @@ rule SIGNATURE_BASE_Remsec_Packer_B
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "http://www.symantec.com/connect/blogs/strider-cyberespionage-group-turns-eye-sauron-targets"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_strider.yara#L78-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_strider.yara#L78-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9c63b5934d60b59a33364ef56c913220e59b9798a682a7f97e6755270adf4e4b"
 		score = 80
 		quality = 85
@@ -299986,8 +300434,8 @@ rule SIGNATURE_BASE_SUSP_Email_Redirection_Spoofing_Feb25
 		date = "2025-02-20"
 		modified = "2025-03-20"
 		reference = "https://any.run/cybersecurity-blog/cyber-attacks-january-2025/#fake-youtube-links-redirect-users-to-phishing-pages-11298"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/susp_email_redirection_spoofing.yar#L1-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/susp_email_redirection_spoofing.yar#L1-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9b196220b369c199a7e4d57cb5db18b32eb2565a6f9190929c5c01ac4fa04ac8"
 		hash = "c4eb35c1a1c10226bff9bb0c88ca516441208d193b4994eeb292a66e53a2cc04"
 		hash = "e3b8ea03a472348814c6ac81088234836e627a1878ec36e46ce62526e1390935"
@@ -300013,8 +300461,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V1 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L12-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L12-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4df04daf70da482877874c530a3ad76fddebec2946931b60f98aa6c4e31f21ae"
 		score = 85
 		quality = 85
@@ -300037,8 +300485,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V2 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L28-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L28-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c9bdf38303fadee3e2cfc99b70942a92ab382817a28401e8c8ab8035384c97c1"
 		score = 85
 		quality = 85
@@ -300062,8 +300510,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V3 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L45-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L45-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e418620b45bc11804eae24db3cba8421758c214fc9f660a17761bbf3395ad744"
 		score = 85
 		quality = 85
@@ -300084,8 +300532,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V4 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L60-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L60-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eb8e4ed38e2e4d3991543c526c7dc458eec78c517d2c5eaa06a3a3cfb48d770f"
 		score = 85
 		quality = 85
@@ -300107,8 +300555,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V5 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L75-L91"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L75-L91"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e9660dfe76bfe1eb17b434f2ddef4975495e952396212c41550d932dbb8e8205"
 		score = 85
 		quality = 85
@@ -300132,8 +300580,8 @@ rule SIGNATURE_BASE_IMPLANT_1_V7 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L112-L124"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L112-L124"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ff8443460e1818fd63e4dcf678bb592940b32978a70ab1633ebaa61c590d3916"
 		score = 85
 		quality = 85
@@ -300154,8 +300602,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V1 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L126-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L126-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6708239ea43fd36a7c9431cd2c6c185c0d406d65c4a31374c5e96bdc3e53de43"
 		score = 85
 		quality = 85
@@ -300176,8 +300624,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V3 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L140-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L140-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ebfedcec6f22d802a9980ad533f21e90b77fe929a813850be1b25304d3973c3b"
 		score = 85
 		quality = 85
@@ -300201,8 +300649,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V5 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L157-L171"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L157-L171"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b0929b808f62e3c59c0afbe959ebf67a3a985e0a0a72bcb112c9693a98351555"
 		score = 85
 		quality = 85
@@ -300225,8 +300673,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V6 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L173-L186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L173-L186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "93ce725a8af03d6f08eafe99ff3984e03a434b1f0071c6dbe560bafc3eefb576"
 		score = 85
 		quality = 85
@@ -300248,8 +300696,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V7 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L188-L208"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L188-L208"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dd65443065f044a2956ae51140423dab202effff5f12dd686f6c4fd54d8a4a0b"
 		score = 85
 		quality = 85
@@ -300278,8 +300726,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V9 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L210-L236"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L210-L236"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5947dbb08c9d0851b7993e5ccf177f97dcb330d4b390833843f69932c921ce7a"
 		score = 85
 		quality = 85
@@ -300313,8 +300761,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V10 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L238-L251"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L238-L251"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "62d47c1076b05bc9a531ef6e48f17f730932826b4b0f311887e3b14c639b937d"
 		score = 85
 		quality = 85
@@ -300336,8 +300784,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V11 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L253-L267"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L253-L267"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "72b9e4de0389df3a14f92660e91749dea4d31905eb7391163c3503bc953d661f"
 		score = 85
 		quality = 85
@@ -300360,8 +300808,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V14 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L269-L293"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L269-L293"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4abb1e1c68ced667f04a69c58c89187f9ccc0633c5dc5f396ba8d210bf405f93"
 		score = 85
 		quality = 85
@@ -300394,8 +300842,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V15 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L295-L310"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L295-L310"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fac61e80803941193c41ecf8b3fcbee21b5cc41542989ecd93542c32e87da983"
 		score = 85
 		quality = 85
@@ -300418,8 +300866,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V16 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L312-L329"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L312-L329"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "638cb66e5ff52ac5a1df0954969e7c54a3b25518228e4f8f344aafe6760985d2"
 		score = 85
 		quality = 85
@@ -300444,8 +300892,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V17 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L331-L347"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L331-L347"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ea2793e6ce9e9d97e70a9452a38eb4d5ddbcc275af6ae7f5d094dc77e112d278"
 		score = 85
 		quality = 85
@@ -300470,8 +300918,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V18 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L349-L376"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L349-L376"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d982b3b1407e140f586772ce409e47bd29e567af41e466cd94d0983c93aab917"
 		score = 85
 		quality = 85
@@ -300506,8 +300954,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V19 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L378-L404"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L378-L404"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "42bee6ddf0b13774efb6712135c3e0b4eae6364120f8973272820f5f669671d1"
 		score = 85
 		quality = 85
@@ -300541,8 +300989,8 @@ rule SIGNATURE_BASE_IMPLANT_2_V20 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L406-L423"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L406-L423"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "72c62a764c5c7c19a07957fd6fbfcffd689900cc2759d408d239fe08a3b76b9c"
 		score = 85
 		quality = 85
@@ -300567,8 +301015,8 @@ rule SIGNATURE_BASE_IMPLANT_3_V1
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L425-L442"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L425-L442"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4c7b6c76bc10784abf96cc71b34ffc9a9de569fd536505528752221d22b26629"
 		score = 85
 		quality = 85
@@ -300594,8 +301042,8 @@ rule SIGNATURE_BASE_IMPLANT_3_V2 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L444-L464"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L444-L464"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0a658888dcc7b7f4620f08449c6ec492756750e64f15b048f7cdee7de4fc0479"
 		score = 85
 		quality = 85
@@ -300623,8 +301071,8 @@ rule SIGNATURE_BASE_IMPLANT_3_V3 : FILE
 		date = "2017-02-10"
 		modified = "2021-03-15"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L466-L485"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L466-L485"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "313f837b90bcf09455427e4411acb5406f4dae9d69373d8d2c0cfc014e27ee96"
 		score = 65
 		quality = 85
@@ -300648,8 +301096,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V1 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L487-L503"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L487-L503"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "51135d9fe62f5fd1fb7ef6c386dcdd86525dd469064662c2314cfee6e952d6ec"
 		score = 85
 		quality = 85
@@ -300674,8 +301122,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V2 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L505-L520"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L505-L520"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dd4edd238cdc3d376c1d5bcea6c8df57f4ef03369c0ca22107241812e0a1bb94"
 		score = 85
 		quality = 85
@@ -300698,8 +301146,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V3_Alternativerule : HIGHVOL FILE
 		date = "2017-02-12"
 		modified = "2025-07-01"
 		reference = "US CERT Grizzly Steppe Report"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L788-L803"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L788-L803"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "35468f7699b96fcaaaa032eef7dae34ec314e9c652f9f8b2e8ca7343fb5cec50"
 		score = 75
 		quality = 85
@@ -300724,8 +301172,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V4 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L807-L822"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L807-L822"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "49c912f29f5ffbd90366a510285ef3f06c804af86829808c175c8be519ce01c4"
 		score = 85
 		quality = 85
@@ -300749,8 +301197,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V5 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L824-L838"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L824-L838"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9d4233ccf148919d0ad0be726b9dfa9e26a9afcebb7b26fa4db4c3da8c46d13e"
 		score = 85
 		quality = 85
@@ -300771,8 +301219,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V7 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L859-L881"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L859-L881"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "27ae70d384488660c1f80040503d3eb6541112fd6332edc5820bc6718d76b847"
 		score = 85
 		quality = 85
@@ -300803,8 +301251,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V8
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L883-L911"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L883-L911"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dd072702c59822587d7ede0bc59c5672fbaa9a05595940781554fadb32e109f7"
 		score = 85
 		quality = 85
@@ -300841,8 +301289,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V9
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L913-L933"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L913-L933"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c0e48bf0839965f9bda9cc475aba5b4934c27c426a8fa4423fb24aa9d792e2e4"
 		score = 85
 		quality = 77
@@ -300871,8 +301319,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V10 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L935-L966"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L935-L966"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f22fd45eb77ff1a8202f4bd0d0c43787c8184300e96aff021e13371ae7bd5553"
 		score = 85
 		quality = 81
@@ -300912,8 +301360,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V11 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L968-L985"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L968-L985"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7bdeddc4334ed6557175b5eefc78d69283d6c91f98970bd0cfe6365b3ab477f4"
 		score = 85
 		quality = 85
@@ -300938,8 +301386,8 @@ rule SIGNATURE_BASE_IMPLANT_4_V13 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1011-L1032"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1011-L1032"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "576c07c44105d2a38ca715d366f68058b2b3118f25e91d2d3e2d20e932fc9453"
 		score = 85
 		quality = 85
@@ -300968,8 +301416,8 @@ rule SIGNATURE_BASE_IMPLANT_5_V1
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1034-L1051"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1034-L1051"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d94192d408036bf02052dc5145b78fea61323810b2abdbba64c65e1f6387ea42"
 		score = 85
 		quality = 85
@@ -300995,8 +301443,8 @@ rule SIGNATURE_BASE_IMPLANT_5_V2
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1053-L1192"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1053-L1192"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "43e3df19ecd2068636b92c7a5c0399b22f8fa478e3e1562f392e78c5a268a1e5"
 		score = 85
 		quality = 60
@@ -301144,8 +301592,8 @@ rule SIGNATURE_BASE_IMPLANT_5_V3
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1194-L1207"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1194-L1207"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aec1314858732d30b62a033e85eea50b3375e4f5b0e1818a941979d5be672297"
 		score = 85
 		quality = 85
@@ -301167,8 +301615,8 @@ rule SIGNATURE_BASE_IMPLANT_5_V4
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1209-L1225"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1209-L1225"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "98a08860453496d9629f62c64fed50a24b8378dcfa39b8b654610c2ac9084fa8"
 		score = 85
 		quality = 85
@@ -301193,8 +301641,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V1 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1227-L1243"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1227-L1243"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c60402a029034545df302485c14e9485f806f2bc7d5fd759e84d1ecba9854837"
 		score = 85
 		quality = 85
@@ -301217,8 +301665,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V2 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1245-L1258"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1245-L1258"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7e81e8bcc305b9b7166db85d81278c96edf232bf60040ef15a2376f204ca3046"
 		score = 85
 		quality = 85
@@ -301239,8 +301687,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V3 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1260-L1275"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1260-L1275"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "833a6a3a4ff8ca43d4cf8053bfd1da49df96d9833dd3fe0f3ffbf6ce6c114681"
 		score = 85
 		quality = 85
@@ -301263,8 +301711,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V4 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1277-L1291"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1277-L1291"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f5388668e148223bc94680ea84e83b0f2896ccf433523d171c8f46d7069f9a4b"
 		score = 85
 		quality = 85
@@ -301286,8 +301734,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V5 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1293-L1327"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1293-L1327"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b3ba650818ddbc58ce272ae4851ae3151a8cf1c9cc6f8e234a50b52c95d951fe"
 		score = 85
 		quality = 85
@@ -301329,8 +301777,8 @@ rule SIGNATURE_BASE_IMPLANT_6_V6 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1329-L1343"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1329-L1343"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "77b5f95cd897c82c200ee6fa3970824adccfd7c56639d92361095f919781d731"
 		score = 85
 		quality = 85
@@ -301352,8 +301800,8 @@ rule SIGNATURE_BASE_IMPLANT_7_V1 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1368-L1381"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1368-L1381"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "996f81fe006e0ab15adab46275fdb60251e6c6616da33df600fadfc2684c24af"
 		score = 85
 		quality = 85
@@ -301375,8 +301823,8 @@ rule SIGNATURE_BASE_IMPLANT_8_V1 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1383-L1411"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1383-L1411"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "437bda331405f9203747ffbfb107ec26e33973ebfc9f02e153697f7b8c22ad4f"
 		score = 65
 		quality = 85
@@ -301407,8 +301855,8 @@ rule SIGNATURE_BASE_IMPLANT_9_V1 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1431-L1448"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1431-L1448"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1166ef923d39952f4131a693c58b8bab5dcbe87f6a6b548a706d1fa10a82e22c"
 		score = 85
 		quality = 85
@@ -301433,8 +301881,8 @@ rule SIGNATURE_BASE_IMPLANT_10_V2 : FILE
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1469-L1482"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1469-L1482"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dc201d25b1d6cf8f88ae3bee18057902c4d64316aa9debc9248b0d8aa7f6d170"
 		score = 85
 		quality = 85
@@ -301456,8 +301904,8 @@ rule SIGNATURE_BASE_Unidentified_Malware_Two
 		date = "2017-02-10"
 		modified = "2025-07-01"
 		reference = "https://www.us-cert.gov/ncas/current-activity/2017/02/10/Enhanced-Analysis-GRIZZLY-STEPPE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_grizzlybear_uscert.yar#L1521-L1543"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_grizzlybear_uscert.yar#L1521-L1543"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cd9adfb9e27e4d6b27498cc029e15132343f036cca60210528720a533fe20d9a"
 		score = 85
 		quality = 85
@@ -301486,8 +301934,8 @@ rule SIGNATURE_BASE_ATM_Malware_Javadispcash_1 : FILE
 		date = "2019-03-28"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/r3c0nst/status/1111254169623674882"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_atm_javadipcash.yar#L1-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_atm_javadipcash.yar#L1-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9a714571281844cfe7193b7c183b86b797ef5de5d1922eacaf45dad8d41cfc52"
 		score = 75
 		quality = 85
@@ -301515,8 +301963,8 @@ rule SIGNATURE_BASE_Brooxml_Hunting : HUNTING FILE
 		date = "2024-11-27"
 		modified = "2025-06-02"
 		reference = "https://x.com/threatinsight/status/1861817946508763480"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_brooxml_dec24.yar#L2-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_brooxml_dec24.yar#L2-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8a8d934fe9286c9d1c83a2a0676bb8a5f2501116b96cca32dc27136ecfb9325b"
 		score = 70
 		quality = 85
@@ -301545,8 +301993,8 @@ rule SIGNATURE_BASE_Brooxml_Phishing : PHISHING FILE
 		date = "2024-11-27"
 		modified = "2025-06-02"
 		reference = "https://x.com/threatinsight/status/1861817946508763480"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_brooxml_dec24.yar#L41-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_brooxml_dec24.yar#L41-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "884e0b65c6c8b916ca9bc28705134ae02d1705c13cf43bff78f0c9ada894b307"
 		score = 65
 		quality = 85
@@ -301568,8 +302016,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_APT : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_poisonivy.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_poisonivy.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b874b76ff7b281c8baa80e4a71fc9be514093c70"
 		logic_hash = "938df757d1f5ee1028d61dbc2ab76a33c788a44f87cb0d84626420e20bfb5fa4"
 		score = 70
@@ -301597,8 +302045,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_APT_2 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_poisonivy.yar#L24-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_poisonivy.yar#L24-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "333f956bf3d5fc9b32183e8939d135bc0fcc5770"
 		logic_hash = "58d62278d776c9f7c3ae0815aa4b248f85c5fc648405b8d1ba2b8eb2847e1e88"
 		score = 70
@@ -301641,8 +302089,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_APT_3 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_poisonivy.yar#L60-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_poisonivy.yar#L60-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "df3e1668ac20edecc12f2c1a873667ea1a6c3d6a"
 		logic_hash = "96f8324dcf85f5baa64178774abf17516a9e023dd6fa38e2bce0fe5159a4f704"
 		score = 70
@@ -301667,8 +302115,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_APT_4 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_poisonivy.yar#L79-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_poisonivy.yar#L79-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "558f0f0b728b6da537e2666fbf32f3c9c7bd4c0c"
 		logic_hash = "7ba10269d31e985dff582ae4103ef1179172ae475e078161864f185380bb5035"
 		score = 70
@@ -301699,8 +302147,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_5 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_poisonivy.yar#L103-L123"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_poisonivy.yar#L103-L123"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "545e261b3b00d116a1d69201ece8ca78d9704eb2"
 		logic_hash = "3f88b673b80b67a110915285a87ead265ad0176ea414426ba55e780e3aa396fe"
 		score = 70
@@ -301729,8 +302177,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_6 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_poisonivy.yar#L126-L164"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_poisonivy.yar#L126-L164"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0d77fd224b8d2dfd506faf0d3e359bf04172cc2854dc737e05c4bf99d0e1f3f7"
 		score = 70
 		quality = 85
@@ -301773,8 +302221,8 @@ rule SIGNATURE_BASE_Poisonivy_Sample_7 : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_poisonivy.yar#L166-L185"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_poisonivy.yar#L166-L185"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9480cf544beeeb63ffd07442233eb5c5f0cf03b3"
 		logic_hash = "28db3fb7fa5b5e60ad1d1cc2b6d3d9d30a1948491105439201574ca354eb8bd1"
 		score = 70
@@ -301802,8 +302250,8 @@ rule SIGNATURE_BASE_Poisonivy_RAT_Ssmuidll : FILE
 		date = "2016-04-22"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/WiwtYT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_poisonivy.yar#L196-L230"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_poisonivy.yar#L196-L230"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d048d88cac40f4fe3affee8d9dad35a7347a5459fbdd56b08a77ece4f6c2ac08"
 		score = 75
 		quality = 85
@@ -301832,8 +302280,8 @@ rule SIGNATURE_BASE_MAL_Xbash_PY_Sep18 : FILE
 		date = "2018-09-18"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_xbash.yar#L13-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_xbash.yar#L13-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d686c42e6bf440507735f846463f2df5fbf4f7bd5f5656883655a5278a1fc252"
 		score = 75
 		quality = 85
@@ -301855,8 +302303,8 @@ rule SIGNATURE_BASE_MAL_Xbash_SH_Sep18 : FILE
 		date = "2018-09-18"
 		modified = "2023-01-06"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_xbash.yar#L27-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_xbash.yar#L27-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b48cbd64002025d861e2fd381be5a68efd7f6fc5fd239850c940f887e2b01673"
 		score = 75
 		quality = 85
@@ -301886,8 +302334,8 @@ rule SIGNATURE_BASE_MAL_Xbash_JS_Sep18 : FILE
 		date = "2018-09-18"
 		modified = "2023-01-06"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_xbash.yar#L50-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_xbash.yar#L50-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cf2f9006e0ab07f6ff1a0ce4946af34468f7c74143c853c5d77c6db725bb590a"
 		score = 75
 		quality = 85
@@ -301913,8 +302361,8 @@ rule SIGNATURE_BASE_MAL_Floxif_Generic : FILE
 		date = "2018-05-11"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_floxif_flystudio.yar#L3-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_floxif_flystudio.yar#L3-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1996f717100d9f1abc2ed3f1e9d0c55daec09654c0f99987ddaea9e9f0d17008"
 		score = 80
 		quality = 85
@@ -301935,8 +302383,8 @@ rule SIGNATURE_BASE_MAL_CN_Flystudio_May18_1 : FILE
 		date = "2018-05-11"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_floxif_flystudio.yar#L21-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_floxif_flystudio.yar#L21-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8d03f02a270d8664175b65398c01ec4f0ea182437b31847f9bf4181edb0c36bb"
 		score = 75
 		quality = 85
@@ -301960,8 +302408,8 @@ rule SIGNATURE_BASE_EXPL_LOG_CVE_2021_27065_Exchange_Forensic_Artefacts_Mar21_1
 		date = "2021-03-02"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium_log_sigs.yar#L2-L13"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium_log_sigs.yar#L2-L13"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9306cf177928266ea921461e9da80ad5bb37e1e0848559898a414956cfbc2b49"
 		score = 75
 		quality = 85
@@ -301982,11 +302430,11 @@ rule SIGNATURE_BASE_EXPL_LOG_CVE_2021_26858_Exchange_Forensic_Artefacts_Mar21_1
 		date = "2021-03-02"
 		modified = "2021-03-04"
 		reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium_log_sigs.yar#L15-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium_log_sigs.yar#L15-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0a8296b7e990e52330412288e9ff71e08a5258fc63c4754e6d0e6d64302f55e6"
 		score = 65
-		quality = 60
+		quality = 85
 		tags = "LOG, CVE-2021-26858"
 
 	strings:
@@ -302004,8 +302452,8 @@ rule SIGNATURE_BASE_LOG_Exchange_Forensic_Artefacts_Cleanup_Activity_Mar21_1 : L
 		date = "2021-03-08"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/jdferrell3/status/1368626281970024448"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium_log_sigs.yar#L48-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium_log_sigs.yar#L48-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "12e5b76dafcae13f1eb21913ae0bde233152fd8b9d29f073893418ac9f742de3"
 		score = 70
 		quality = 85
@@ -302030,11 +302478,11 @@ rule SIGNATURE_BASE_EXPL_LOG_CVE_2021_27055_Exchange_Forensic_Artefacts : LOG
 		date = "2021-03-10"
 		modified = "2021-03-15"
 		reference = "https://www.praetorian.com/blog/reproducing-proxylogon-exploit/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium_log_sigs.yar#L67-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium_log_sigs.yar#L67-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "131ff0ce189dfeace0922000b0d15dfb5a1270bee8fba8e4d66aa75b1d3f864f"
 		score = 65
-		quality = 35
+		quality = 60
 		tags = "LOG"
 
 	strings:
@@ -302059,11 +302507,11 @@ rule SIGNATURE_BASE_LOG_CVE_2021_27065_Exchange_Forensic_Artefacts_Mar21_2 : LOG
 		date = "2021-03-10"
 		modified = "2023-12-05"
 		reference = "https://www.praetorian.com/blog/reproducing-proxylogon-exploit/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium_log_sigs.yar#L92-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium_log_sigs.yar#L92-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "13e2e46689bc0e87c3cf13dc2ce213c384afe6c03c21e62a467974a0518c12da"
 		score = 65
-		quality = 60
+		quality = 85
 		tags = "LOG"
 
 	strings:
@@ -302082,8 +302530,8 @@ rule SIGNATURE_BASE_EXPL_Exchange_Proxynotshell_Patterns_CVE_2022_41040_Oct22_1
 		modified = "2023-03-15"
 		old_rule_name = "EXPL_Exchange_ProxyNoShell_Patterns_CVE_2022_41040_Oct22_1"
 		reference = "https://github.com/kljunowsky/CVE-2022-41040-POC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cve_2022_41040_proxynoshell.yar#L2-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cve_2022_41040_proxynoshell.yar#L2-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "81b0f0fea2762beb47826ff95545c87e960e098b9d5f45eacfe07b3ecf319ac5"
 		score = 75
 		quality = 85
@@ -302110,8 +302558,8 @@ rule SIGNATURE_BASE_Gifcloaked_Webshell_A : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/yara_mixed_ext_vars.yar#L180-L201"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/yara_mixed_ext_vars.yar#L180-L201"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f1c95b13a71ca3629a0bb79601fcacf57cdfcf768806a71b26f2448f8c1d5d24"
 		logic_hash = "0c4570373d50c40745cd0523dcf8c34ee3cae1c298982b3a39d4a33e054aa779"
 		score = 60
@@ -302141,8 +302589,8 @@ rule SIGNATURE_BASE_APT_Lazarus_Aug18_Downloader_1 : FILE
 		date = "2018-08-24"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/operation-applejeus/87553/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_applejeus.yar#L13-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_applejeus.yar#L13-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f6bdaa8aa76da3e679094ae9759a67b5db33d0445f7204ff13e400fa6db60386"
 		score = 75
 		quality = 85
@@ -302174,8 +302622,8 @@ rule SIGNATURE_BASE_APT_Lazarus_Aug18_1 : FILE
 		date = "2018-08-24"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/operation-applejeus/87553/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_applejeus.yar#L39-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_applejeus.yar#L39-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "efd43e2d84ba964e7fc7e6c03eaba3dd5181c9cbe51b4a06a7a723dca95fab17"
 		score = 75
 		quality = 85
@@ -302203,8 +302651,8 @@ rule SIGNATURE_BASE_APT_Lazarus_Aug18_2 : FILE
 		date = "2018-08-24"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/operation-applejeus/87553/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_applejeus.yar#L62-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_applejeus.yar#L62-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "75d52ad829383392d9eb20a8308278d073d16f7624e60010356534bdc6acc81f"
 		score = 75
 		quality = 85
@@ -302232,8 +302680,8 @@ rule SIGNATURE_BASE_APT_Fallchill_RC4_Keys : FILE
 		date = "2018-08-21"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/operation-applejeus/87553/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_applejeus.yar#L84-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_applejeus.yar#L84-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "59861618dba256996d7bbcd94a6efccdb64589fc75086bfe7d980fa51761ef97"
 		score = 75
 		quality = 85
@@ -302258,8 +302706,8 @@ rule SIGNATURE_BASE_Dexter_Malware
 		date = "2015-02-10"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/oBvy8b"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_dexter_trojan.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_dexter_trojan.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3b05bccce63c1f7e8d6d3f654b611f33da5fc1dbcbd28ff28f817d00bf961e64"
 		score = 70
 		quality = 60
@@ -302284,8 +302732,8 @@ rule SIGNATURE_BASE_BTC_Miner_Lsass1_Chrome_2 : FILE
 		date = "2017-06-22"
 		modified = "2023-12-05"
 		reference = "Internal Research - CN Actor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cn_group_btc.yar#L10-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cn_group_btc.yar#L10-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ef80dba71c901d6e821b2e08a701a82f8147e41a8f14c5fd324d5e043b0ff322"
 		score = 60
 		quality = 85
@@ -302311,8 +302759,8 @@ rule SIGNATURE_BASE_CN_Actor_RA_Tool_Ammyy_Mscorsvw : FILE
 		date = "2017-06-22"
 		modified = "2023-12-05"
 		reference = "Internal Research - CN Actor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cn_group_btc.yar#L29-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cn_group_btc.yar#L29-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c4b64b3aa63d80fa1a73b021bf49539af5888f53090555555c1f3fd7fbb90230"
 		score = 75
 		quality = 85
@@ -302338,8 +302786,8 @@ rule SIGNATURE_BASE_CN_Actor_Ammyyadmin : FILE
 		date = "2017-06-22"
 		modified = "2023-12-05"
 		reference = "Internal Research - CN Actor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cn_group_btc.yar#L47-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cn_group_btc.yar#L47-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b628c7e6debdd2b21a321dc2ec5838fd56107f4cac21bda8b9faa1c1d5b23b71"
 		score = 60
 		quality = 85
@@ -302362,8 +302810,8 @@ rule SIGNATURE_BASE_Gazer_Certificate_1 : FILE
 		date = "2017-08-30"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_gazer.yar#L27-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_gazer.yar#L27-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ef248ac5cdde0034d940f80b32966fe64841dcf99923dfc0a7035354af963f56"
 		score = 75
 		quality = 85
@@ -302385,8 +302833,8 @@ rule SIGNATURE_BASE_Gazer_Logfile_Name_1 : FILE
 		date = "2017-08-30"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2017/08/30/eset-research-cyberespionage-gazer/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_gazer.yar#L41-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_gazer.yar#L41-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c893ec41884f106329350c079b087e41a5b9f1040ab0892c90c03972d49dc070"
 		score = 75
 		quality = 85
@@ -302409,8 +302857,8 @@ rule SIGNATURE_BASE_APT_MAL_VEILEDSIGNAL_Backdoor_Apr23 : FILE
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_tradingtech_apr23.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_tradingtech_apr23.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4fe1a1b09344cd84f981b193b480d23807893b59ad781868d82089a7306c042f"
 		score = 85
 		quality = 85
@@ -302434,8 +302882,8 @@ rule SIGNATURE_BASE_SUSP_APT_MAL_VEILEDSIGNAL_Backdoor_Apr23
 		date = "2023-04-20"
 		modified = "2023-04-21"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_tradingtech_apr23.yar#L19-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_tradingtech_apr23.yar#L19-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ccb482a7634dc24fde03b5730bf28a9e028f8d5a9ad46ba9663d1b520264d8f4"
 		score = 75
 		quality = 85
@@ -302459,8 +302907,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_1 : FILE
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_tradingtech_apr23.yar#L37-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_tradingtech_apr23.yar#L37-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "439a201e6a44a00a31fd13efc83a1acf858a52201e3ab48d5cf095bae1e48cf7"
 		score = 75
 		quality = 85
@@ -302487,8 +302935,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_2 : FILE
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_tradingtech_apr23.yar#L57-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_tradingtech_apr23.yar#L57-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "62f74faa8f136f4dc63a4b703cffcb97b438cc4f180d5d127d1fc4b86d3cd1d1"
 		score = 75
 		quality = 85
@@ -302516,8 +302964,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_3 : FILE
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_tradingtech_apr23.yar#L78-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_tradingtech_apr23.yar#L78-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c6441c961dcad0fe127514a918eaabd4"
 		logic_hash = "2109340edfb1891baef5bd92ba3c9da77f891341de9e8094060a649de62fade2"
 		score = 75
@@ -302544,8 +302992,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_4 : FILE
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_tradingtech_apr23.yar#L98-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_tradingtech_apr23.yar#L98-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2a875c39a43ff054ed5a6cf2fa1f17c2adc189452582763db8ceddfa652abfbf"
 		score = 75
 		quality = 85
@@ -302574,8 +303022,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_5 : FILE
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_tradingtech_apr23.yar#L120-L143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_tradingtech_apr23.yar#L120-L143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5d43b8198ad224bee8d290dd7031d73f76a7d957a2e3b44d89e7aaf5f2c94c65"
 		score = 75
 		quality = 85
@@ -302607,8 +303055,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_M_Hunting_VEILEDSIGNAL_6 : FILE
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_tradingtech_apr23.yar#L145-L164"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_tradingtech_apr23.yar#L145-L164"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d3b1e5f7a6b73fc4cdc5abe19a412130cde33c2d52c0ad78256b865e018e3794"
 		score = 75
 		quality = 85
@@ -302637,8 +303085,8 @@ rule SIGNATURE_BASE_SUSP_NK_MAL_M_Hunting_POOLRAT
 		modified = "2023-12-05"
 		old_rule_name = "APT_NK_MAL_M_Hunting_POOLRAT"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_tradingtech_apr23.yar#L166-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_tradingtech_apr23.yar#L166-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ac8db844a9c4ed961930417809afb706ea948c4509a4be1eaeed77f09c86069d"
 		score = 70
 		quality = 83
@@ -302665,8 +303113,8 @@ rule SIGNATURE_BASE_APT_NK_Tradingtech_Forensicartifacts_Apr23_1 : FILE
 		date = "2023-04-20"
 		modified = "2023-04-21"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_tradingtech_apr23.yar#L204-L225"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_tradingtech_apr23.yar#L204-L225"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "50329427e56b70335a12f0dde87a36ac95838377482eebab334d252332fe481b"
 		score = 60
 		quality = 85
@@ -302693,8 +303141,8 @@ rule SIGNATURE_BASE_SUSP_TH_APT_UNC4736_Tradingtech_Cert_Apr23_1
 		date = "2023-04-20"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_tradingtech_apr23.yar#L227-L242"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_tradingtech_apr23.yar#L227-L242"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "47941828b3c18ed39eddacbc73e147651a9bd48e1a0f7b9847ff1d4c6fea6afd"
 		score = 65
 		quality = 85
@@ -302717,8 +303165,8 @@ rule SIGNATURE_BASE_Revengerat_Sep17 : FILE
 		date = "2017-09-04"
 		modified = "2020-07-27"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_revenge_rat.yar#L11-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_revenge_rat.yar#L11-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "467133402d6898f325cfd8c18308fc2a4dafd06c8624f9347225f16afd4035ce"
 		score = 75
 		quality = 85
@@ -302749,8 +303197,8 @@ rule SIGNATURE_BASE_HKTL_Redmimicry_Agent
 		date = "2020-06-22"
 		modified = "2023-01-06"
 		reference = "https://redmimicry.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_redmimicry.yar#L2-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_redmimicry.yar#L2-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "645da2764ca911c4aae80b90622d2c61933dee929403858fc49f7bc0d44300c6"
 		score = 75
 		quality = 85
@@ -302781,8 +303229,8 @@ rule SIGNATURE_BASE_HKTL_Redmimicry_Winntiloader
 		date = "2020-06-22"
 		modified = "2023-01-10"
 		reference = "https://redmimicry.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_redmimicry.yar#L28-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_redmimicry.yar#L28-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d8ef457ac41a7c45cc7e97330bdd3de12eb3391c03d0a6a87ddc669c841c325d"
 		score = 75
 		quality = 85
@@ -302806,8 +303254,8 @@ rule SIGNATURE_BASE_SUSP_MAL_EXFIL_Stealer_Output_Characteristics_Sep22_1 : FILE
 		date = "2022-09-17"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cglyer/status/1570965878480719873"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_stealer_exfil_zip.yar#L2-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_stealer_exfil_zip.yar#L2-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "197bb4b837cdd635f9340547b10a90c3a2a17f0113076c5ccbc0a91b7ae18eeb"
 		score = 70
 		quality = 85
@@ -302841,8 +303289,8 @@ rule SIGNATURE_BASE_Slingshot_APT_Spork_Downloader : FILE
 		date = "2018-03-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/apt-slingshot/84312/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_slingshot.yar#L11-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_slingshot.yar#L11-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5dac11c595d838cb6b5f1e548307ea79d119c890c54e954453cf1a264e1d14ed"
 		score = 75
 		quality = 85
@@ -302865,8 +303313,8 @@ rule SIGNATURE_BASE_Slingshot_APT_Minisling : FILE
 		date = "2018-03-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/apt-slingshot/84312/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_slingshot.yar#L26-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_slingshot.yar#L26-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7d370271fea6c607c051eb49681600b4f59878c2fd2d43d71194bddda78d7b09"
 		score = 75
 		quality = 85
@@ -302888,8 +303336,8 @@ rule SIGNATURE_BASE_Slingshot_APT_Ring0_Loader : FILE
 		date = "2018-03-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/apt-slingshot/84312/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_slingshot.yar#L40-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_slingshot.yar#L40-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c231158e44de01585e9fb4bd9768b388016972e2026e049070cdc6cd35362609"
 		score = 75
 		quality = 85
@@ -302918,8 +303366,8 @@ rule SIGNATURE_BASE_Slingshot_APT_Malware_1 : FILE
 		date = "2018-03-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/apt-slingshot/84312/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_slingshot.yar#L60-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_slingshot.yar#L60-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "43cf94058fe3833a4623ecb784eea50e199536d4903fb9457843b7b5e9a244e3"
 		score = 75
 		quality = 85
@@ -302944,8 +303392,8 @@ rule SIGNATURE_BASE_Slingshot_APT_Malware_2 : FILE
 		date = "2018-03-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/apt-slingshot/84312/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_slingshot.yar#L81-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_slingshot.yar#L81-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d56dadf747c64cb518ddc9aaee38fd50c67fe7344d7569d9ef3169099e7f36c5"
 		score = 75
 		quality = 85
@@ -302974,8 +303422,8 @@ rule SIGNATURE_BASE_Slingshot_APT_Malware_3 : FILE
 		date = "2018-03-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/apt-slingshot/84312/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_slingshot.yar#L102-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_slingshot.yar#L102-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "420c54ce90a13258e0dd54524fe7df4dd97d3e8f1eeaa8ca14350670a87e87c6"
 		score = 75
 		quality = 85
@@ -303001,8 +303449,8 @@ rule SIGNATURE_BASE_Slingshot_APT_Malware_4 : FILE
 		date = "2018-03-09"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/apt-slingshot/84312/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_slingshot.yar#L124-L144"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_slingshot.yar#L124-L144"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a9f4b7b4079ebd5ffbee4c82032d28b0015968cb369fae2b0f19b054bf5a1c3c"
 		score = 75
 		quality = 85
@@ -303029,8 +303477,8 @@ rule SIGNATURE_BASE_EXT_APT_Bitter_Win32K_0Day_Feb21 : FILE
 		date = "2021-01-01"
 		modified = "2023-12-05"
 		reference = "https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_bitter.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_bitter.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "84a8d0ae14469eb6431e73295d821609c7a8b313630d645085ffd8faff6e5e43"
 		score = 75
 		quality = 85
@@ -303057,8 +303505,8 @@ rule SIGNATURE_BASE_SUSP_LNX_SH_Cryptominer_Indicators_Dec20_1 : FILE
 		date = "2020-12-31"
 		modified = "2023-12-05"
 		reference = "https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_crypto_miner.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_crypto_miner.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4acd1b77307dbf23f95f7a2024209bee714c6931182aff16455ea6b7e4a6f287"
 		score = 65
 		quality = 85
@@ -303083,8 +303531,8 @@ rule SIGNATURE_BASE_PUA_WIN_XMRIG_Cryptocoin_Miner_Dec20 : FILE
 		date = "2020-12-31"
 		modified = "2023-12-05"
 		reference = "https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_crypto_miner.yar#L19-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_crypto_miner.yar#L19-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c39aee669a98bcc9d07821aef248096e45a6c54ab22b8b98c0a393b445f3934e"
 		score = 75
 		quality = 85
@@ -303108,8 +303556,8 @@ rule SIGNATURE_BASE_Ce_Enfal_Cmstar_Debug_Msg : FILE
 		date = "2015-05-10"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/JucrP9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cmstar.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cmstar.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9b9cc7e2a2481b0472721e6b87f1eba4faf2d419d1e2c115a91ab7e7e6fc7f7c"
 		logic_hash = "31251b7ce33eb561aeb7405514df83dc1e00fdf184e3deeaa48505407d9567a0"
 		score = 75
@@ -303137,11 +303585,11 @@ rule SIGNATURE_BASE_SUSP_Autocad_Lsp_Malware : FILE
 		date = "2019-02-04"
 		modified = "2023-12-05"
 		reference = "http://cadablog.blogspot.com/2012/06/acadmedrea-malware-autocad-based-virus.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_autocad_lsp_malware.yar#L1-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_autocad_lsp_malware.yar#L1-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4a5fe7016e27431407435541ab71ab00e6fd53418e2ebc19f8764c98728b89a6"
 		score = 65
-		quality = 27
+		quality = 52
 		tags = "FILE"
 		hash1 = "1313398e2f39fcf17225c7e915b92bd74292d427163112d70b82f271359b84d5"
 		hash2 = "2382e6908e6b44c0676c537cb8caa239c8938cb01e62a45c7247d40ab7dbf0ad"
@@ -303188,8 +303636,8 @@ rule SIGNATURE_BASE_MAL_Go_Modbus_Jul24_1 : FILE
 		date = "2024-07-23"
 		modified = "2024-07-24"
 		reference = "https://hub.dragos.com/hubfs/Reports/Dragos-FrostyGoop-ICS-Malware-Intel-Brief-0724_.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_go_modbus.yar#L2-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_go_modbus.yar#L2-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d992c8159deca0ed2b2a33da3c31fdf0efa9a09ba941d059fa7fc1bad458aed1"
 		score = 75
 		quality = 85
@@ -303216,8 +303664,8 @@ rule SIGNATURE_BASE_Triton_Trilog : FILE
 		date = "2017-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/vtQoCQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_triton.yar#L70-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_triton.yar#L70-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6406e9e7651978a6817079945dc801afdb6c16dd107527cbfd9a946eca27a51a"
 		score = 75
 		quality = 85
@@ -303242,8 +303690,8 @@ rule SIGNATURE_BASE_MAL_Win_Amadey_Jun25 : FILE
 		date = "2025-06-18"
 		modified = "2025-07-24"
 		reference = "https://0x0d4y.blog/amadey-targeted-analysis/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_win_amadey_jun25.yar#L1-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_win_amadey_jun25.yar#L1-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "08dc17aa8f7e83bc349339a9a1b48184b094d8c66273d7199a15b206c6416946"
 		score = 80
 		quality = 85
@@ -303271,8 +303719,8 @@ rule SIGNATURE_BASE_APT_MAL_SLOTHFULMEDIA_Oct20_1 : FILE
 		date = "2020-10-01"
 		modified = "2023-12-05"
 		reference = "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-275a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_iamtheking.yar#L2-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_iamtheking.yar#L2-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e50bda40eb05767e0903c3d8dd62b4e0290d89740c82c8b7f391d5763dc35156"
 		score = 75
 		quality = 85
@@ -303325,8 +303773,8 @@ rule SIGNATURE_BASE_MAL_Wshrat_Dotnet_Packer_Feb21 : FILE
 		date = "2021-03-09"
 		modified = "2023-12-05"
 		reference = "https://yoroi.company/research/threatening-within-budget-how-wsh-rat-is-abused-by-cyber-crooks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_wsh_rat.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_wsh_rat.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "18159b140c314a00111fb9453e60d19c11633628a4fe2ad8299b839165b39424"
 		score = 75
 		quality = 85
@@ -303352,8 +303800,8 @@ rule SIGNATURE_BASE_APT_MAL_HP_Ilo_Firmware_Dec21_1 : FILE
 		date = "2021-12-28"
 		modified = "2023-12-05"
 		reference = "https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_mal_ilo_board_elf.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_mal_ilo_board_elf.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7e959d07d864a485b8cc7765f9e12869ff34747ab552e26244eb28f510d1051f"
 		score = 80
 		quality = 85
@@ -303377,8 +303825,8 @@ rule SIGNATURE_BASE_Keylogger_CN_APT : FILE
 		date = "2016-03-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_keylogger_cn.yar#L8-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_keylogger_cn.yar#L8-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3efb3b5be39489f19d83af869f11a8ef8e9a09c3c7c0ad84da31fc45afcf06e7"
 		logic_hash = "a5330d15ad7199212cec44ade401c224c40a468650abbc7bf282b26a21cdc22b"
 		score = 75
@@ -303414,8 +303862,8 @@ rule SIGNATURE_BASE_EXP_Drivecrypt_1 : FILE
 		date = "2018-08-21"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vul_drivecrypt.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vul_drivecrypt.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1959f2e4838e40f2abc26ee16b03089088c96cafb101125bdc346f69fe76d7a4"
 		score = 75
 		quality = 85
@@ -303440,8 +303888,8 @@ rule SIGNATURE_BASE_EXP_Drivecrypt_X64Passldr : FILE
 		date = "2018-08-21"
 		modified = "2023-01-06"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vul_drivecrypt.yar#L19-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vul_drivecrypt.yar#L19-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "573cd96f7f82788a3884cd4b4d91c739a890835c3ed1b3933af48ba5756cc5a6"
 		score = 75
 		quality = 85
@@ -303469,8 +303917,8 @@ rule SIGNATURE_BASE_VULN_Erlang_OTP_SSH_CVE_2025_32433_Apr25 : CVE_2025_32433 FI
 		date = "2025-04-18"
 		modified = "2025-04-28"
 		reference = "https://www.upwind.io/feed/cve-2025-32433-critical-erlang-otp-ssh-vulnerability-cvss-10"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vuln_erlang_otp_ssh_cve_2025_32433.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vuln_erlang_otp_ssh_cve_2025_32433.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "77d23956bd467a6eb56a91fa7a4bd939873363cd101a9d21b5b298c7b2e6c1ec"
 		score = 60
 		quality = 85
@@ -303496,8 +303944,8 @@ rule SIGNATURE_BASE_MAL_APT_Operation_Shadowhammer_Malsetup : FILE
 		date = "2019-03-25"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/operation-shadowhammer/89992/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_shadowhammer.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_shadowhammer.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dea31e401997b0aed1753754fd572a94df308229fccdf15ae6a907dcfd59b50a"
 		score = 80
 		quality = 85
@@ -303526,8 +303974,8 @@ rule SIGNATURE_BASE_HKTL_Buckeye_Osinfo : FILE
 		date = "2016-09-05"
 		modified = "2025-03-19"
 		reference = "http://www.symantec.com/connect/blogs/buckeye-cyberespionage-group-shifts-gaze-us-hong-kong"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_buckeye.yar#L10-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_buckeye.yar#L10-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "782ae4293db0839190a9533d2c45baff92527867bfcd048ccae82611f165601b"
 		score = 70
 		quality = 85
@@ -303555,8 +304003,8 @@ rule SIGNATURE_BASE_HKTL_Remotecmd : FILE
 		date = "2016-09-08"
 		modified = "2022-12-21"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_buckeye.yar#L31-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_buckeye.yar#L31-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "873cc02674e386577e86cb9b702265c25dd24b1f203741e8628e30c191dc99e0"
 		score = 70
 		quality = 85
@@ -303584,8 +304032,8 @@ rule SIGNATURE_BASE_HKTL_Chromepass : FILE
 		date = "2016-09-08"
 		modified = "2025-03-10"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_buckeye.yar#L53-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_buckeye.yar#L53-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bda90d2718be5cf9ddb95b88171c937c5fad5729aa1717a13a34a8b48dd1865c"
 		score = 75
 		quality = 85
@@ -303617,8 +304065,8 @@ rule SIGNATURE_BASE_MAL_Enfal_Nov22 : FILE
 		modified = "2023-01-06"
 		old_rule_name = "Enfal_Malware"
 		reference = "https://malpedia.caad.fkie.fraunhofer.de/details/win.enfal"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_enfal.yar#L1-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_enfal.yar#L1-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bf349ba2b7bd635808b4ee23c6286e7dd403fbc185c6b59f0bb1fbf47ba7d9bb"
 		score = 75
 		quality = 85
@@ -303646,8 +304094,8 @@ rule SIGNATURE_BASE_Enfal_Malware_Backdoor : FILE
 		date = "2015-02-10"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_enfal.yar#L27-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_enfal.yar#L27-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6ce0c19e666cc0db50194bd56f51beddeee22c787b67810655241fdd4d34a31e"
 		score = 60
 		quality = 85
@@ -303681,8 +304129,8 @@ rule SIGNATURE_BASE_VUL_Exchange_CVE_2020_0688 : FILE
 		date = "2020-02-26"
 		modified = "2023-12-05"
 		reference = "https://www.thezdi.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vul_cve_2020_0688.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vul_cve_2020_0688.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "035971028d36c8bbcc6a274817187adfbfefe530ff6808af5a7c0b4667c1bd8b"
 		score = 60
 		quality = 85
@@ -303704,8 +304152,8 @@ rule SIGNATURE_BASE_Asp_File : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L8-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L8-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ff5b1a9598735440bdbaa768b524c639e22f53c5"
 		logic_hash = "9ec19a994571f4d1b40b6d6af3fb6eb4c5004a6439b99863b50dae0262677263"
 		score = 75
@@ -303733,8 +304181,8 @@ rule SIGNATURE_BASE_Php_Killnc : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L28-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L28-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c0dee56ee68719d5ec39e773621ffe40b144fda5"
 		logic_hash = "431a9a66f5d0e42856ca5716c2994c018f77cc338300abd71d94ffe7e75da3bf"
 		score = 75
@@ -303761,8 +304209,8 @@ rule SIGNATURE_BASE_Asp_Shell : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L47-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L47-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8bf1ff6f8edd45e3102be5f8a1fe030752f45613"
 		logic_hash = "af9c5cf7125e1210761e720c5f30527ac6345b5029b087807309000a29b67f6e"
 		score = 75
@@ -303791,8 +304239,8 @@ rule SIGNATURE_BASE_Settings : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L68-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L68-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "588739b9e4ef2dbb0b4cf630b73295d8134cc801"
 		logic_hash = "b02e293e659fa77257d0642c57e51d6ae712d9221ae295cf69bb845f68c650ee"
 		score = 75
@@ -303817,8 +304265,8 @@ rule SIGNATURE_BASE_Asp_Proxy : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L85-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L85-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "51e97040d1737618b1775578a772fa6c5a31afd8"
 		logic_hash = "f53c97a2bf31f411b3220dc741b85d0edf96e9b92474f1abd5ac443be6b92897"
 		score = 75
@@ -303846,8 +304294,8 @@ rule SIGNATURE_BASE_Cfm_Shell : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L105-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L105-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "885e1783b07c73e7d47d3283be303c9719419b92"
 		logic_hash = "961eb398422e3c528b886c150f11dcb8a6832f0ea48e20ddc381e1f2740bd0c6"
 		score = 75
@@ -303872,8 +304320,8 @@ rule SIGNATURE_BASE_Aspx_Shell : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L122-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L122-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "076aa781a004ecb2bf545357fd36dcbafdd68b1a"
 		logic_hash = "b31c36f53d46e17b6d97e582e46c540928a386e2075b841f5c11b959a0c68462"
 		score = 75
@@ -303899,8 +304347,8 @@ rule SIGNATURE_BASE_Php_Shell : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L140-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L140-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "dc5c03a21267d024ef0f5ab96a34e3f6423dfcd6"
 		logic_hash = "dc798508434686bbcb4fa0bb47381252bfa0491b0987956fd4c5aa13b7f57810"
 		score = 75
@@ -303926,8 +304374,8 @@ rule SIGNATURE_BASE_Php_Reverse_Shell : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L158-L173"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L158-L173"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3ef03bbe3649535a03315dcfc1a1208a09cea49d"
 		logic_hash = "ea8e320abb57e0467db92271f7d36f144f85e04ce15cd9fa8d3f53dfa8d43929"
 		score = 75
@@ -303952,8 +304400,8 @@ rule SIGNATURE_BASE_Php_Dns : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L175-L191"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L175-L191"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "01d5d16d876c55d77e094ce2b9c237de43b21a16"
 		logic_hash = "650eecc06f215ae6a15078c87d8a8c1597ca9e3d735eacd17b046a9d9deb6aa8"
 		score = 75
@@ -303979,8 +304427,8 @@ rule SIGNATURE_BASE_WEB_INF_Web : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L193-L207"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L193-L207"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0251baed0a16c451f9d67dddce04a45dc26cb4a3"
 		logic_hash = "b58bb63a5268812ed6a5d18c8da96b0fdae33e4802a2fba4964ab69e92517a16"
 		score = 75
@@ -304004,8 +304452,8 @@ rule SIGNATURE_BASE_Jsp_Cmd : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L209-L226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L209-L226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "55e4c3dc00cfab7ac16e7cfb53c11b0c01c16d3d"
 		logic_hash = "ab5b013a385549322bcb2811fa1a2d14b5633e2c41b9486b1e1c50c02437b8e6"
 		score = 75
@@ -304032,8 +304480,8 @@ rule SIGNATURE_BASE_Laudanum : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L228-L242"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L228-L242"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fd498c8b195967db01f68776ff5e36a06c9dfbfe"
 		logic_hash = "53caad87d22b5f13e5b7be8720baa1d436cc57d8062ec5d557df8524a2ccfb68"
 		score = 75
@@ -304057,8 +304505,8 @@ rule SIGNATURE_BASE_Php_File : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L244-L260"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L244-L260"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7421d33e8007c92c8642a36cba7351c7f95a4335"
 		logic_hash = "85c14a9c8a6aece231b1cb6dcdd7ed39fdc6aced868c34557ee2e2204ce7007b"
 		score = 75
@@ -304084,8 +304532,8 @@ rule SIGNATURE_BASE_Warfiles_Cmd : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L262-L278"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L262-L278"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3ae3d837e7b362de738cf7fad78eded0dccf601f"
 		logic_hash = "64724b24d9f5b5d78e231ea8196abb609237cc430c49f6ceeb99c9684a904568"
 		score = 75
@@ -304111,8 +304559,8 @@ rule SIGNATURE_BASE_Asp_Dns : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L280-L296"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L280-L296"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5532154dd67800d33dace01103e9b2c4f3d01d51"
 		logic_hash = "808e879238a0c24e975c260fc95c05c91bdc0f73553a241bd00f5bf7e6622639"
 		score = 75
@@ -304138,8 +304586,8 @@ rule SIGNATURE_BASE_Php_Reverse_Shell_2 : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L298-L312"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L298-L312"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "025db3c3473413064f0606d93d155c7eb5049c42"
 		logic_hash = "695dc565c273ed358f7d56526fa4956ba13b216d8897d0707e1660a82b745081"
 		score = 75
@@ -304163,8 +304611,8 @@ rule SIGNATURE_BASE_Laudanum_Tools_Generic : FILE
 		date = "2015-06-22"
 		modified = "2023-12-05"
 		reference = "http://laudanum.inguardians.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_laudanum_webshells.yar#L314-L345"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_laudanum_webshells.yar#L314-L345"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "52c6d3be4fc91e8a61645886fa89bf78eddad51960702ff2ac83ec01d5d529ef"
 		score = 75
 		quality = 85
@@ -304205,8 +304653,8 @@ rule SIGNATURE_BASE_Gen_Excel_Xor_Obfuscation_Velvetsweatshop : FILE
 		date = "2020-10-09"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/BouncyHat/status/1308896366782042113"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_excel_xor_obfuscation_velvetsweatshop.yar#L3-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_excel_xor_obfuscation_velvetsweatshop.yar#L3-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c38d56199d34adfc98d8032321239ab20c6eaa8abcafd56f8e1cf24fd3a4094f"
 		score = 75
 		quality = 85
@@ -304232,8 +304680,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Sharepoint_Drop_CVE_2025_53770_Jul25 : CVE_202
 		date = "2025-07-20"
 		modified = "2025-07-25"
 		reference = "https://research.eye.security/sharepoint-under-siege/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_sharepoint_jul25.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_sharepoint_jul25.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "27c45b8ed7b8a7e5fff473b50c24028bd028a9fe8e25e5cea2bf5e676e531014"
 		hash = "92bb4ddb98eeaf11fc15bb32e71d0a63256a0ed826a03ba293ce3a8bf057a514"
 		hash = "b336f936be13b3d01a8544ea3906193608022b40c28dd8f1f281e361c9b64e93"
@@ -304259,14 +304707,14 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Compiled_Sharepoint_Drop_CVE_2025_53770_Jul25_
 		date = "2025-07-20"
 		modified = "2025-07-25"
 		reference = "https://research.eye.security/sharepoint-under-siege/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_sharepoint_jul25.yar#L22-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_sharepoint_jul25.yar#L22-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8d3d3f3a17d233bc8562765e61f7314ca7a08130ac0fb153ffd091612920b0f2"
 		hash = "d8ca5e5d6400ac34ac4cc138efa89d2ec4d5c0e968a78fa3ba5dbc04c7550649"
 		hash = "7e9b77da1f51d03ee2f96bc976f6aeb781f801cf633862a4b8c356cbb555927d"
 		logic_hash = "df11e5bd293cf094f3a147b54ecaafbe0804d7d575fcc22f38e77ab155c7ebdc"
 		score = 75
-		quality = 58
+		quality = 83
 		tags = "CVE-2025-53770, FILE"
 
 	strings:
@@ -304290,11 +304738,11 @@ rule SIGNATURE_BASE_APT_EXPL_Sharepoint_CVE_2025_53770_Forensicartefact_Jul25_1
 		date = "2025-07-20"
 		modified = "2025-07-23"
 		reference = "https://research.eye.security/sharepoint-under-siege/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_sharepoint_jul25.yar#L53-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_sharepoint_jul25.yar#L53-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cca885bad087d1ed12f00ccad558bb474027f7cce058be76360df31c9499e771"
 		score = 75
-		quality = 56
+		quality = 81
 		tags = "CVE-2025-53770"
 
 	strings:
@@ -304315,8 +304763,8 @@ rule SIGNATURE_BASE_APT_EXPL_Sharepoint_CVE_2025_53770_Forensicartefact_Jul25_2
 		date = "2025-07-20"
 		modified = "2025-07-24"
 		reference = "https://research.eye.security/sharepoint-under-siege/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_sharepoint_jul25.yar#L73-L102"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_sharepoint_jul25.yar#L73-L102"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "30955794792a7ce045660bb1e1917eef36f1d5865891b8110bf982382b305b27"
 		hash = "b336f936be13b3d01a8544ea3906193608022b40c28dd8f1f281e361c9b64e93"
 		logic_hash = "5ae0620e7e1c1908ad54ac4e41c53240f738631c20577fd65fb29008945347a8"
@@ -304349,8 +304797,8 @@ rule SIGNATURE_BASE_Apt_Backspace : FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_backspace.yar#L6-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_backspace.yar#L6-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6cbfeb7526de65eb2e3c848acac05da1e885636d17c1c45c62ad37e44cd84f99"
 		logic_hash = "6fa86ada5c965bd9c199c2a1cf9b691499a3d423da7db50c8987b6725c0c0f29"
 		score = 75
@@ -304374,8 +304822,8 @@ rule SIGNATURE_BASE_Shifu_Banking_Trojan : FILE
 		date = "2015-09-01"
 		modified = "2023-12-05"
 		reference = "https://securityintelligence.com/shifu-masterful-new-banking-trojan-is-attacking-14-japanese-banks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_shifu_trojan.yar#L8-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_shifu_trojan.yar#L8-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f65fa80638e6a8bf8c5afb3dbe1262572ca0a7c56507369934ac3d958f3e6267"
 		score = 75
 		quality = 85
@@ -304403,8 +304851,8 @@ rule SIGNATURE_BASE_SHIFU_Banking_Trojan : FILE
 		date = "2015-10-31"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/52n8WE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_shifu_trojan.yar#L29-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_shifu_trojan.yar#L29-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "01f5217ee4e81b0b2ff37ccc7eed353ace26aa68538cce5bc207c0c071f0850a"
 		score = 70
 		quality = 85
@@ -304446,8 +304894,8 @@ rule SIGNATURE_BASE_Coreimpact_Sysdll_Exe
 		date = "2014-12-27"
 		modified = "2023-01-06"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_coreimpact_agent.yar#L6-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_coreimpact_agent.yar#L6-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f89a4d4ae5cca6d69a5256c96111e707"
 		logic_hash = "332b68e797e8ee3e26d797e106ae31e7240585ccb0ea599bebd8ac8f94313eab"
 		score = 70
@@ -304476,11 +304924,11 @@ rule SIGNATURE_BASE_URL_File_Local_EXE : FILE
 		date = "2017-10-04"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/malwareforme/status/915300883012870144"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_url_to_local_exe.yar#L1-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_url_to_local_exe.yar#L1-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b85b723142f52ade68f6eb8ba54bb7dffafce0df6d1ae8a7c08b3ce621ccadd4"
 		score = 60
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 
@@ -304500,8 +304948,8 @@ rule SIGNATURE_BASE_Httpbrowser_RAT_Dropper_Gen1 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_threatgroup_3390.yar#L8-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_threatgroup_3390.yar#L8-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "927821e974cff6cd4d15b19bf4d0486abc57725ecdf6f00755dd4f912fbf82d1"
 		score = 70
 		quality = 85
@@ -304539,8 +304987,8 @@ rule SIGNATURE_BASE_Httpbrowser_RAT_Sample1 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_threatgroup_3390.yar#L50-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_threatgroup_3390.yar#L50-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "746df577e952e0354342a48fe9f1650e63e3470902e7c5bba36d36fa34ea2bff"
 		score = 80
 		quality = 85
@@ -304564,8 +305012,8 @@ rule SIGNATURE_BASE_Httpbrowser_RAT_Sample2 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_threatgroup_3390.yar#L67-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_threatgroup_3390.yar#L67-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c7e945131a867bf46a467784d7119c95342733cc723cdeeb76d69c8fdb326749"
 		score = 80
 		quality = 85
@@ -304591,8 +305039,8 @@ rule SIGNATURE_BASE_Httpbrowser_RAT_Gen : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_threatgroup_3390.yar#L86-L124"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_threatgroup_3390.yar#L86-L124"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cbc1dec88994427fc5003c9506f5a766531136ee80a16d00d2bf5bd5d7990cb3"
 		score = 90
 		quality = 85
@@ -304639,8 +305087,8 @@ rule SIGNATURE_BASE_Plugx_Nvsmartmax_Gen : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_threatgroup_3390.yar#L126-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_threatgroup_3390.yar#L126-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7795b0d978f9447a6cee808708d65992447e359539a8fe64331c06ad46ff7491"
 		score = 70
 		quality = 85
@@ -304676,8 +305124,8 @@ rule SIGNATURE_BASE_Httpbrowser_RAT_Dropper_Gen2 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_threatgroup_3390.yar#L156-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_threatgroup_3390.yar#L156-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bf274053fe7729471716a710e3bd5ed027d6ab2c45f7af9a1103bfa1ada9cbf4"
 		score = 70
 		quality = 85
@@ -304712,8 +305160,8 @@ rule SIGNATURE_BASE_Threatgroup3390_Strings : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_threatgroup_3390.yar#L185-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_threatgroup_3390.yar#L185-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d1e4889a48f4f9bfcc12237dd44cd8ad9db9918c6a5859de086d1ddc051ff937"
 		score = 60
 		quality = 85
@@ -304739,8 +305187,8 @@ rule SIGNATURE_BASE_Threatgroup3390_C2 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "http://snip.ly/giNB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_threatgroup_3390.yar#L204-L323"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_threatgroup_3390.yar#L204-L323"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "be411bb8e301eb4ba611bc9d6c8f0e3b8c27b87c2dd3f8405d0eba0296117697"
 		score = 60
 		quality = 60
@@ -304868,8 +305316,8 @@ rule SIGNATURE_BASE_Getuserspns_VBS
 		date = "2016-05-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/skelsec/PyKerberoast"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_kerberoast.yar#L8-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_kerberoast.yar#L8-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ece81cd717fed6ca1f9053384911fd59462b6f3b01210ceeb037ba3da2f7a318"
 		score = 75
 		quality = 60
@@ -304894,8 +305342,8 @@ rule SIGNATURE_BASE_Getuserspns_PS1
 		date = "2016-05-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/skelsec/PyKerberoast"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_kerberoast.yar#L25-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_kerberoast.yar#L25-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "204b009677a02bf8725f928c2bfff321b4543a883760e312a0c92f187684c8e9"
 		score = 75
 		quality = 85
@@ -304921,8 +305369,8 @@ rule SIGNATURE_BASE_Kerberoast_PY
 		date = "2016-05-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/skelsec/PyKerberoast"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_kerberoast.yar#L43-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_kerberoast.yar#L43-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3b285cc55733bd4c499ffb4821a92675806bf66faf3b3565ffb6de867bed538d"
 		score = 75
 		quality = 85
@@ -304948,8 +305396,8 @@ rule SIGNATURE_BASE_MAL_Backdoor_Naikon_APT_Sample1 : FILE
 		date = "2015-05-14"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/7vHyvh"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_naikon.yar#L2-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_naikon.yar#L2-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d5716c80cba8554eb79eecfb4aa3d99faf0435a1833ec5ef51f528146c758eba"
 		hash = "f5ab8e49c0778fa208baad660fe4fa40fc8a114f5f71614afbd6dcc09625cb96"
 		logic_hash = "e582fc3518dab2392a79909b5369c48656b6f280b915fad4befb0839ec7ce1bd"
@@ -304988,8 +305436,8 @@ rule SIGNATURE_BASE_Cobaltstrike_CN_Group_Beacondropper_Aug17 : FILE
 		date = "2017-08-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cobaltgang.yar#L15-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cobaltgang.yar#L15-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "89db9c5f09afc9cb54fb7a9cd1490373c568ac4dc04bdb9ef71136f91e16ad2c"
 		score = 75
 		quality = 85
@@ -305023,8 +305471,8 @@ rule SIGNATURE_BASE_Cobaltgang_Malware_Aug17_1 : FILE
 		date = "2017-08-09"
 		modified = "2023-12-05"
 		reference = "https://sslbl.abuse.ch/intel/6ece5ece4192683d2d84e25b0ba7e04f9cb7eb7c"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cobaltgang.yar#L41-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cobaltgang.yar#L41-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "46077106bd19dd38a714a220b887742f5a29424ac8eb89f469975f863b3782ec"
 		score = 75
 		quality = 85
@@ -305050,8 +305498,8 @@ rule SIGNATURE_BASE_Cobaltgang_Malware_Aug17_2 : FILE
 		date = "2017-08-09"
 		modified = "2023-12-05"
 		reference = "https://sslbl.abuse.ch/intel/6ece5ece4192683d2d84e25b0ba7e04f9cb7eb7c"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cobaltgang.yar#L59-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cobaltgang.yar#L59-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "54095d2f447b6478aefe956133fb9b97171c1e07d7d9186a70bf242a094e4156"
 		score = 75
 		quality = 85
@@ -305075,8 +305523,8 @@ rule SIGNATURE_BASE_MAL_CRIME_Cobaltgang_Malware_Oct19_1 : FILE
 		date = "2019-10-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/vxsh4d0w/status/1187353649015611392"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cobaltgang.yar#L74-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cobaltgang.yar#L74-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4bd57aa6929b3eced7dee8063d89c542f2c80f802ef40efc23bbea6cc8ffd98c"
 		score = 75
 		quality = 85
@@ -305102,8 +305550,8 @@ rule SIGNATURE_BASE_Aptgroupx_Plugxtrojanloader_Stringdecode
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://t.co/4xQ8G2mNap"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_plugx.yar#L2-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_plugx.yar#L2-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e5ab15b035bb0169864e687e5c26732dd5b8f5f184473a33e685f53699ce4acc"
 		score = 80
 		quality = 85
@@ -305147,8 +305595,8 @@ rule SIGNATURE_BASE_Shimrat
 		date = "2015-11-20"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_mofang.yar#L1-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_mofang.yar#L1-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0dd19e6a65b06bd5846ec224f01c3feea066540317223d1991154b2305882b20"
 		score = 75
 		quality = 85
@@ -305181,8 +305629,8 @@ rule SIGNATURE_BASE_Shimratreporter
 		date = "2015-11-20"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_mofang.yar#L28-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_mofang.yar#L28-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "931d65628e5f0b7c63fe270b0a6cd3890f41a4ee7e253ce056b37f2d55542258"
 		score = 75
 		quality = 85
@@ -305214,8 +305662,8 @@ rule SIGNATURE_BASE_Susp_Indicators_EXE : FILE
 		date = "2018-01-05"
 		modified = "2023-12-05"
 		reference = "https://pastebin.com/8qaiyPxs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_netwire_rat.yar#L11-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_netwire_rat.yar#L11-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9cb66435b78893daa5583475b14f0df2a5e8612f3aaf5cb02160991ab4d57d1b"
 		score = 60
 		quality = 85
@@ -305243,8 +305691,8 @@ rule SIGNATURE_BASE_Suspicious_BAT_Strings : FILE
 		date = "2018-01-05"
 		modified = "2023-12-05"
 		reference = "https://pastebin.com/8qaiyPxs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_netwire_rat.yar#L32-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_netwire_rat.yar#L32-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e643a5ef41d084e1b1a20be2c56328b72fedddbbce3c79d1e93cc8cfaa633e12"
 		score = 60
 		quality = 85
@@ -305266,8 +305714,8 @@ rule SIGNATURE_BASE_Malicious_BAT_Strings : FILE
 		date = "2018-01-05"
 		modified = "2023-12-05"
 		reference = "https://pastebin.com/8qaiyPxs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_netwire_rat.yar#L47-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_netwire_rat.yar#L47-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1f39b3fd11e7450eb1eaddeeca60aa4970568efda6053029f85df42e2f9fdd6e"
 		score = 60
 		quality = 85
@@ -305289,8 +305737,8 @@ rule SIGNATURE_BASE_Malware_JS_Powershell_Obfuscated : FILE
 		date = "2017-03-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_javascript_powershell.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_javascript_powershell.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1dd745624971f10acb7911433f363b0cf20c8c45344f702d7f3549c58689b371"
 		score = 75
 		quality = 85
@@ -305313,8 +305761,8 @@ rule SIGNATURE_BASE_MAL_Katz_Stealer_May25 : FILE
 		date = "2025-05-16"
 		modified = "2025-05-22"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_katz_stealer.yar#L1-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_katz_stealer.yar#L1-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fdc86a5b3d7df37a72c3272836f743747c47bfbc538f05af9ecf78547fa2e789"
 		hash = "d92bb6e47cb0a0bdbb51403528ccfe643a9329476af53b5a729f04a4d2139647"
 		logic_hash = "73364c2291dc792f46858dda057f08805db55fe1f1e54d6b0dee0a0c8a412259"
@@ -305342,8 +305790,8 @@ rule SIGNATURE_BASE_MAL_DLL_Chrome_App_Bound_Encryption_Decryption_May25 : FILE
 		date = "2025-05-19"
 		modified = "2025-05-22"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_katz_stealer.yar#L23-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_katz_stealer.yar#L23-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6dc8e99da68b703e86fa90a8794add87614f254f804a8d5d65927e0676107a9d"
 		logic_hash = "d5488728a3ee8f2f59ed9798b80d516f7f131e39b3d5099ad5168ffc8ff22718"
 		score = 80
@@ -305368,8 +305816,8 @@ rule SIGNATURE_BASE_SUSP_Katz_Log_May25 : FILE
 		date = "2025-05-20"
 		modified = "2025-05-22"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_katz_stealer.yar#L43-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_katz_stealer.yar#L43-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1ac196ac6393d786618c944a7ab77fb189a6b4ba00af5c0f987c3dc65876c060"
 		hash = "ad76e2727469525dec7e56977589dd250ca57a29b8b0d42cd5c42e536c285241"
 		hash = "e1a0d6929662bcbc9e5e0827cb8b6d7818088e996cf971d2a4a1c1ca4208e533"
@@ -305398,8 +305846,8 @@ rule SIGNATURE_BASE_MAL_NET_Katz_Stealer_Loader_May25
 		date = "2025-05-21"
 		modified = "2025-05-22"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_katz_stealer.yar#L65-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_katz_stealer.yar#L65-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0df13fd42fb4a4374981474ea87895a3830eddcc7f3bd494e76acd604c4004f7"
 		logic_hash = "1922520d8c34660a0afff2f552ef0d1c6ec093fb10a00816e0216f574b686221"
 		score = 80
@@ -305427,8 +305875,8 @@ rule SIGNATURE_BASE_MAL_NET_UAC_Bypass_May25 : FILE
 		date = "2025-05-21"
 		modified = "2025-05-22"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_katz_stealer.yar#L86-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_katz_stealer.yar#L86-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4f12c5dca2099492d0c0cd22edef841cbe8360af9be2d8e9b57c2f83d401c1a7"
 		hash = "fcad234dc2ad5e2d8215bcf6caac29aef62666c34564e723fa6d2eee8b6468ed"
 		logic_hash = "4a3f6e90af6f9a8a4dfa8e336eb8c714e5f02625ca2bf5bf8b1bca9cbda6a99e"
@@ -305454,8 +305902,8 @@ rule SIGNATURE_BASE_Kaspermalware_Oct17_1 : FILE
 		date = "2017-10-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_kasper_oct17.yar#L13-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_kasper_oct17.yar#L13-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "15758407fb3039f1453f13d579d7df9525645e4717078f6b1fa482ab335e3a56"
 		score = 75
 		quality = 85
@@ -305479,8 +305927,8 @@ rule SIGNATURE_BASE_Oilrig_Strings_Oct17 : FILE
 		date = "2017-10-18"
 		modified = "2022-12-21"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/10/unit42-oilrig-group-steps-attacks-new-delivery-documents-new-injector-trojan/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig_oct17.yar#L11-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig_oct17.yar#L11-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3987fa1ccb215edeb0d36c947fd6d7a24847ea854d3f355d1aef4b000f55e710"
 		score = 75
 		quality = 85
@@ -305506,8 +305954,8 @@ rule SIGNATURE_BASE_Oilrig_Ismagent_Campaign_Samples1 : FILE
 		date = "2017-10-18"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/JQVfFP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig_oct17.yar#L42-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig_oct17.yar#L42-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d7e659440e3abc7355f2e21ea8f63cfb7b17b5715e4575bdccf9d646ed47db20"
 		score = 75
 		quality = 85
@@ -305536,8 +305984,8 @@ rule SIGNATURE_BASE_Oilrig_Ismagent_Campaign_Samples2 : FILE
 		date = "2017-10-18"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/JQVfFP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig_oct17.yar#L63-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig_oct17.yar#L63-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ad00c7293f61f1b5528c3eea0dc32c10d40aeacc194be84a7f64d19b069f1add"
 		score = 75
 		quality = 85
@@ -305566,8 +306014,8 @@ rule SIGNATURE_BASE_Oilrig_Ismagent_Campaign_Samples3 : FILE
 		date = "2017-10-18"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/JQVfFP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig_oct17.yar#L84-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig_oct17.yar#L84-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a4984cf33e7b0e0dae264ed11caae6cfab9db2a6047a46ec41c28b5637b4589b"
 		score = 75
 		quality = 81
@@ -305604,8 +306052,8 @@ rule SIGNATURE_BASE_Payload_Exe2Hex
 		date = "2016-01-15"
 		modified = "2023-12-05"
 		reference = "https://github.com/g0tmi1k/exe2hex"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/generic_exe2hex_payload.yar#L8-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/generic_exe2hex_payload.yar#L8-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "91b738f0174a267bbc900d59abcb504d2ae0bac8c287c3b7d1ebfc57374a7ee7"
 		score = 70
 		quality = 85
@@ -305634,8 +306082,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_JS_Envyscout_May21_1 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_nobelium_may21.yar#L56-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_nobelium_may21.yar#L56-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ad8a7bb5a1d2065e3a573842fb37ee3c63b7695c18840f0c26d32e6ae3d99c6c"
 		score = 75
 		quality = 85
@@ -305656,8 +306104,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_JS_Envyscout_May21_2 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_nobelium_may21.yar#L69-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_nobelium_may21.yar#L69-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6f5c50b340d628559799897a2ba79add7d126e3ecb2daeb365bc15d64796ccd2"
 		score = 75
 		quality = 85
@@ -305681,8 +306129,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_LNK_NV_Link_May21_2 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_nobelium_may21.yar#L85-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_nobelium_may21.yar#L85-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5eee9df368da3fc98c00a0f8c65a7f3bd5b812342082be58054b272b5bb03455"
 		score = 75
 		quality = 85
@@ -305704,8 +306152,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_LNK_Samples_May21_1 : FILE
 		date = "2021-05-27"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_nobelium_may21.yar#L99-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_nobelium_may21.yar#L99-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "32d76bb1af76f0fc2afb76d9726bc8ec99c4be34c9d46cebab7356d8c68af11c"
 		score = 85
 		quality = 85
@@ -305736,8 +306184,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Boombox_May21_1 : FILE
 		date = "2021-05-27"
 		modified = "2025-03-20"
 		reference = "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_nobelium_may21.yar#L130-L161"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_nobelium_may21.yar#L130-L161"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8199f309478e8ed3f03f75e7574a3e9bce09b4423bd7eb08bb5bff03af2b7c27"
 		logic_hash = "034ea34eb34ea6de0c65b9a7fc9d16f108ef34cd75294b022371ac17789c3830"
 		score = 85
@@ -305767,8 +306215,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Boombox_PDF_Masq_May21_1 : FILE
 		date = "2021-05-27"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_nobelium_may21.yar#L163-L182"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_nobelium_may21.yar#L163-L182"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8f1514648b2b797adfe3f8f5acb577c26707dfe1da942c9634be3d88a180a407"
 		score = 70
 		quality = 35
@@ -305793,8 +306241,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Nativezone_Loader_May21_1 : FILE
 		date = "2021-05-27"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_nobelium_may21.yar#L184-L204"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_nobelium_may21.yar#L184-L204"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a02fd6fcd7423781bbd2e4458bd61d28e16a5b1a73b1682e63db5c86d53c7da4"
 		score = 85
 		quality = 85
@@ -305821,8 +306269,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Boombox_May21_2 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_nobelium_may21.yar#L206-L234"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_nobelium_may21.yar#L206-L234"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2a3829e704af2464639d07e8e7952669281e20cf2a7ac487d5d1eee021d08b35"
 		score = 75
 		quality = 85
@@ -305855,8 +306303,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Malware_May21_2 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_nobelium_may21.yar#L236-L252"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_nobelium_may21.yar#L236-L252"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "18a52f5fd71455b8564d4b485c233dd358a304bfddc5e6fb604b8e5a2a1949a3"
 		score = 75
 		quality = 85
@@ -305881,8 +306329,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Stageless_Loader_May21_2 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_nobelium_may21.yar#L254-L276"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_nobelium_may21.yar#L254-L276"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "850f6a1ad342fd5e4bb29c7bf90a032ddd8ac9d2eac5ffcbedf43e4d04b178f5"
 		score = 75
 		quality = 85
@@ -305910,8 +306358,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Malware_May21_3 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_nobelium_may21.yar#L278-L300"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_nobelium_may21.yar#L278-L300"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "472acd1d6daf3480de59ecd3fa038d644e339dcc979cf7e56617eadc6cb32dc5"
 		score = 75
 		quality = 85
@@ -305940,8 +306388,8 @@ rule SIGNATURE_BASE_APT_APT29_NOBELIUM_Malware_May21_4 : FILE
 		date = "2021-05-29"
 		modified = "2025-03-21"
 		reference = "https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_nobelium_may21.yar#L302-L323"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_nobelium_may21.yar#L302-L323"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7d5858cc6dab094d5dceab75a2002d9145537008241a08ac7bd399c9d6e6c270"
 		score = 75
 		quality = 85
@@ -305968,8 +306416,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Nov21_1 : FILE
 		date = "2021-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.ic3.gov/Media/News/2021/211117-2.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_spring4shell.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_spring4shell.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1dac7706421961c71ba6f8d7a223b80e4b77bf206bfb64ee18c7cc894b062a3c"
 		score = 70
 		quality = 85
@@ -305993,8 +306441,8 @@ rule SIGNATURE_BASE_EXPL_POC_Springcore_0Day_Indicators_Mar22_1
 		date = "2022-03-30"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/vxunderground/status/1509170582469943303"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_spring4shell.yar#L19-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_spring4shell.yar#L19-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "39fb62ec7953dae0a88e39e73e3ff286fc19cb8f21f8feb869a1875f6ba70cfb"
 		score = 70
 		quality = 85
@@ -306018,8 +306466,8 @@ rule SIGNATURE_BASE_EXPL_POC_Springcore_0Day_Webshell_Mar22_1 : FILE
 		date = "2022-03-30"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/vxunderground/status/1509170582469943303"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_spring4shell.yar#L36-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_spring4shell.yar#L36-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "17282b66899356a6051f0b47a7a3f02265737283d760f2256e03a2b934bb63b8"
 		score = 70
 		quality = 85
@@ -306042,8 +306490,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Crime_Dearcry_Mar2021_1 : FILE
 		date = "2021-03-12"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/phillip_misner/status/1370197696280027136"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_dearcry_ransom.yar#L1-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_dearcry_ransom.yar#L1-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e55507475888087c84f9624f82516e8a40aaf59bf2fbea72129a1dd134b28110"
 		score = 75
 		quality = 85
@@ -306075,8 +306523,8 @@ rule SIGNATURE_BASE_MAL_CRIME_RANSOM_Dearcry_Mar21_1 : FILE
 		date = "2021-03-12"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/phillip_misner/status/1370197696280027136"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_dearcry_ransom.yar#L29-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_dearcry_ransom.yar#L29-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c4af7c29e917078f8658aca68ec95f8a03934f42c81fdd421639437e24f304bc"
 		score = 75
 		quality = 85
@@ -306107,8 +306555,8 @@ rule SIGNATURE_BASE_LOG_Teamviewer_Connect_Chinese_Keyboard_Layout
 		date = "2019-10-12"
 		modified = "2020-12-16"
 		reference = "https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/default-input-locales-for-windows-language-packs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/log_teamviewer_keyboard_layouts.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/log_teamviewer_keyboard_layouts.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ba3bc7cbdfc5a47f6bc4cd9049c52eb95d25465af107ae3d068ef785b714279a"
 		score = 60
 		quality = 85
@@ -306133,8 +306581,8 @@ rule SIGNATURE_BASE_LOG_Teamviewer_Connect_Russian_Keyboard_Layout
 		date = "2019-10-12"
 		modified = "2022-12-07"
 		reference = "https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/default-input-locales-for-windows-language-packs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/log_teamviewer_keyboard_layouts.yar#L23-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/log_teamviewer_keyboard_layouts.yar#L23-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9de52ec41fb410fcff50d49eb7871eadd07b520c3cfa089e1eeecc580e610eaa"
 		score = 60
 		quality = 85
@@ -306157,8 +306605,8 @@ rule SIGNATURE_BASE_Goldeneye_Ransomware_XLS : FILE
 		date = "2016-12-06"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/jp2SkT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_goldeneye.yar#L10-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_goldeneye.yar#L10-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "827c1d1c0f9c3ebd77413de7e1db5e29d05f2ece6676c79a79f6c1ff2788f42b"
 		score = 75
 		quality = 85
@@ -306182,8 +306630,8 @@ rule SIGNATURE_BASE_Goldeneyeransomware_Dropper_Malformedzoomit : FILE
 		date = "2016-12-06"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/jp2SkT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_goldeneye.yar#L26-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_goldeneye.yar#L26-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c18405a272c9210973e3184b8267306919cba8795b12d5982a9e3e8f748f9782"
 		score = 75
 		quality = 85
@@ -306207,11 +306655,11 @@ rule SIGNATURE_BASE_LOG_EXPL_Ivanti_EPMM_Mobileiron_Core_CVE_2023_35078_Jul23_1
 		date = "2023-07-25"
 		modified = "2023-12-05"
 		reference = "Ivanti Endpoint Manager Mobile (EPMM) CVE-2023-35078 - Analysis Guidance"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ebc59032b7450aa438ca30170560c95550cda6ff7774b8ce1486309716da9e6c"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "CVE-2023-35078"
 
 	strings:
@@ -306229,8 +306677,8 @@ rule SIGNATURE_BASE_MAL_WAR_Ivanti_EPMM_Mobileiron_Mi_War_Aug23 : CVE_2023_35078
 		date = "2023-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L16-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L16-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0083727e34118d628c8507459bfb7f949f11af8197e201066e29e263e2c3f944"
 		score = 85
 		quality = 85
@@ -306253,8 +306701,8 @@ rule SIGNATURE_BASE_MAL_WAR_Ivanti_EPMM_Mobileiron_Logclear_JAVA_Aug23 : CVE_202
 		date = "2023-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-213a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L34-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_ivanti_epmm_mobileiron_cve_2023_35078.yar#L34-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c42c2eca784d7089aab56addca11bad658a4a6c34a81ae823bd0c3dad41a1c99"
 		score = 80
 		quality = 85
@@ -306280,8 +306728,8 @@ rule SIGNATURE_BASE_Streamex_Shellcrew
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_shellcrew_streamex.yar#L11-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_shellcrew_streamex.yar#L11-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a82ff51c1dcd1ebe3d7acc96b46b0b79dcead9146204f060f5413c4c7b5286d3"
 		score = 80
 		quality = 85
@@ -306308,8 +306756,8 @@ rule SIGNATURE_BASE_Shellcrew_Streamex_1 : FILE
 		date = "2017-02-10"
 		modified = "2022-12-21"
 		reference = "https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_shellcrew_streamex.yar#L40-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_shellcrew_streamex.yar#L40-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4da0b8843de87e53243af40700afaab77120531af28dc311d9100bce6721650b"
 		score = 75
 		quality = 85
@@ -306337,8 +306785,8 @@ rule SIGNATURE_BASE_Shellcrew_Streamex_1_Msi : FILE
 		date = "2017-02-10"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_shellcrew_streamex.yar#L61-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_shellcrew_streamex.yar#L61-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa853dac58c067a88f1784ac4017fd558151e54ed10ceb32ab90c99e970460fe"
 		score = 75
 		quality = 85
@@ -306366,8 +306814,8 @@ rule SIGNATURE_BASE_Shellcrew_Streamex_1_Msi_Dll : FILE
 		date = "2017-02-10"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/shell-crew-variants-continue-to-fly-under-big-avs-radar"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_shellcrew_streamex.yar#L82-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_shellcrew_streamex.yar#L82-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "087ac07a2bf822f7838ef46296150381cfc9af9b12b4023654023a779efc1db1"
 		score = 75
 		quality = 85
@@ -306393,8 +306841,8 @@ rule SIGNATURE_BASE_Reveal_Memorycredentials : FILE
 		date = "2015-08-31"
 		modified = "2023-12-05"
 		reference = "https://github.com/giMini/RWMC/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_rwmc_powershell_creddump.yar#L8-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_rwmc_powershell_creddump.yar#L8-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "893c26818c424d0ff549c1fbfa11429f36eecd16ee69330c442c59a82ce6adea"
 		logic_hash = "d740462aacd3b30d0258d018344642683fefd43ef033dd7f5bdde2bdddce4115"
 		score = 75
@@ -306420,8 +306868,8 @@ rule SIGNATURE_BASE_Minidumptest_Msdsc : FILE
 		date = "2015-08-31"
 		modified = "2023-12-05"
 		reference = "https://github.com/giMini/RWMC/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_rwmc_powershell_creddump.yar#L26-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_rwmc_powershell_creddump.yar#L26-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "477034933918c433f521ba63d2df6a27cc40a5833a78497c11fb0994d2fd46ba"
 		logic_hash = "ae8a28df245a8f7a2d62639789c31556b012322fcac09784595fd6f95d6bf195"
 		score = 50
@@ -306447,8 +306895,8 @@ rule SIGNATURE_BASE_TA17_293A_Malware_1
 		date = "2017-07-17"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_293A.yar#L14-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_293A.yar#L14-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "408297496dfb1cc28e1caa7faaf8537b7970bb1742e1b373175f8273fe11f19d"
 		score = 50
 		quality = 75
@@ -306502,11 +306950,11 @@ rule SIGNATURE_BASE_TA17_293A_Energetic_Bear_Api_Hashing_Tool : FILE
 		description = "Energetic Bear API Hashing Tool"
 		author = "CERT RE Team"
 		id = "4e58800a-9618-5d8b-954c-e843be6002c2"
-		date = "2025-02-07"
+		date = "2025-02-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_293A.yar#L77-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_293A.yar#L77-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5f8a770c727cdd2d32d7cd1ad45ee8b37f7fc63c9e7f4311d318eb15d9050909"
 		score = 75
 		quality = 85
@@ -306532,8 +306980,8 @@ rule SIGNATURE_BASE_TA17_293A_Query_XML_Code_MAL_DOC_PT_2 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_293A.yar#L95-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_293A.yar#L95-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8d4c1b23aa8323fa9ddec362bb36e13e5f992883fbf7936b34cf03fe62ee6127"
 		score = 75
 		quality = 85
@@ -306556,8 +307004,8 @@ rule SIGNATURE_BASE_TA17_293A_Query_XML_Code_MAL_DOC : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_293A.yar#L108-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_293A.yar#L108-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fb3a84b66554e6c286ba64046d9b18a819f81108ee965862f288637ccee816d2"
 		score = 75
 		quality = 85
@@ -306581,8 +307029,8 @@ rule SIGNATURE_BASE_TA17_293A_Query_Javascript_Decode_Function : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_293A.yar#L122-L140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_293A.yar#L122-L140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8b42c67bdcdbb7c38128d8956904baa524d155b1e6957c5c1b5bc28fd8a57e8a"
 		score = 75
 		quality = 83
@@ -306607,8 +307055,8 @@ rule SIGNATURE_BASE_TA17_293A_Hacktool_PS_1 : FILE
 		date = "2017-10-21"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_293A.yar#L152-L166"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_293A.yar#L152-L166"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a59834684cc1e7a34eeb8fb7f6cd1c414d6eab3ae58c6df763b2ec548705b371"
 		score = 75
 		quality = 85
@@ -306632,8 +307080,8 @@ rule SIGNATURE_BASE_TA17_293A_Hacktool_Touch_MAC_Modification : FILE
 		date = "2017-10-21"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_293A.yar#L168-L184"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_293A.yar#L168-L184"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5f4c6b653d1b6f4427c6582513d3c19cb8d580e669260a1afda01eecf8ce3bfc"
 		score = 75
 		quality = 85
@@ -306659,8 +307107,8 @@ rule SIGNATURE_BASE_TA17_293A_Hacktool_Exploit_MS16_032 : FILE
 		date = "2017-10-21"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_293A.yar#L186-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_293A.yar#L186-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0f0bd4f8ae1e9689f111233ca8fdb9a9b6c20e526f22350c8204f64a54639dcd"
 		score = 75
 		quality = 85
@@ -306687,8 +307135,8 @@ rule SIGNATURE_BASE_Imphash_UPX_Packed_Malware_1_TA17_293A : FILE
 		date = "2017-10-21"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_293A.yar#L206-L217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_293A.yar#L206-L217"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "398ccbd5e492fb1efa80dc07900ef77611c4b5bab95f715fce7b5dbeb0aff49d"
 		score = 75
 		quality = 85
@@ -306709,8 +307157,8 @@ rule SIGNATURE_BASE_Imphash_Malware_2_TA17_293A : HIGHVOL FILE
 		date = "2017-10-21"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-293A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_293A.yar#L219-L229"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_293A.yar#L219-L229"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5f91c07a9cc65c31eb9fd09bdd2752bc285c5a4b118ffe647391f7d187765de4"
 		score = 75
 		quality = 85
@@ -306729,8 +307177,8 @@ rule SIGNATURE_BASE_SUSP_BAT_Aux_Jan20_1 : FILE
 		date = "2020-01-29"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@quoscient/the-chicken-keeps-laying-new-eggs-uncovering-new-gc-maas-tools-used-by-top-tier-threat-actors-531d80a6b4e9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_bat_aux.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_bat_aux.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6b8cd9b7683a18a02a81222d6819fe903500702c83f198f73ac428d1bc91fb9a"
 		score = 65
 		quality = 85
@@ -306756,8 +307204,8 @@ rule SIGNATURE_BASE_SUSP_PS1_Msdt_Execution_May22 : CVE_2022_30190 FILE
 		date = "2022-05-31"
 		modified = "2025-03-21"
 		reference = "https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_doc_follina.yar#L2-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_doc_follina.yar#L2-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9b8a061de4210d23e58b5190a300ee331273fc98f357156a0bb1d79f9f2b49b1"
 		score = 65
 		quality = 85
@@ -306791,8 +307239,8 @@ rule SIGNATURE_BASE_SUSP_Doc_Wordxmlrels_May22 : CVE_2022_30190 FILE
 		date = "2022-05-30"
 		modified = "2022-06-20"
 		reference = "https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_doc_follina.yar#L38-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_doc_follina.yar#L38-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "62f262d180a5a48f89be19369a8425bec596bc6a02ed23100424930791ae3df0"
 		logic_hash = "c9846f8c2c1724792de14ab4de0064f951a8faaf01cc27d873e600f29d59c842"
 		score = 70
@@ -306819,8 +307267,8 @@ rule SIGNATURE_BASE_SUSP_Doc_RTF_Externalresource_May22 : CVE_2022_30190 FILE
 		date = "2022-05-30"
 		modified = "2022-05-31"
 		reference = "https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_doc_follina.yar#L62-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_doc_follina.yar#L62-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c841e0c1ff78bf8dade5f573a7452b16a7f447cfc19417704b727684a8f3d3ff"
 		score = 70
 		quality = 85
@@ -306842,11 +307290,11 @@ rule SIGNATURE_BASE_EXPL_Follina_CVE_2022_30190_Msdt_Msprotocoluri_May22 : CVE_2
 		date = "2022-05-30"
 		modified = "2022-07-18"
 		reference = "https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_doc_follina.yar#L80-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_doc_follina.yar#L80-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d56820737951f97606749c74025589e6a8ecbe70cfff069492368b2ba8528a7d"
 		score = 80
-		quality = 60
+		quality = 85
 		tags = "CVE-2022-30190, FILE"
 		hash1 = "4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784"
 		hash2 = "778cbb0ee4afffca6a0b788a97bc2f4855ceb69ddc5eaa230acfa2834e1aeb07"
@@ -306867,8 +307315,8 @@ rule SIGNATURE_BASE_SUSP_Doc_RTF_Ole2Link_Jun22 : FILE
 		date = "2022-06-01"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_doc_follina.yar#L100-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_doc_follina.yar#L100-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4abc20e5130b59639e20bd6b8ad759af18eb284f46e99a5cc6b4f16f09456a68"
 		logic_hash = "36cb711399197c694ac4fa4fd49cd5d587a830e152a138c81851b8e16301803d"
 		score = 75
@@ -306900,8 +307348,8 @@ rule SIGNATURE_BASE_SUSP_Doc_RTF_Ole2Link_EMAIL_Jun22 : FILE
 		date = "2022-06-01"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_doc_follina.yar#L133-L192"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_doc_follina.yar#L133-L192"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4abc20e5130b59639e20bd6b8ad759af18eb284f46e99a5cc6b4f16f09456a68"
 		logic_hash = "fcbb3e32762f8c67b5b226e8095b767d630f8c118521a82fc22f9a3cc272b794"
 		score = 75
@@ -306955,8 +307403,8 @@ rule SIGNATURE_BASE_SUSP_DOC_RTF_Externalresource_EMAIL_Jun22 : CVE_2022_30190 F
 		date = "2022-06-01"
 		modified = "2025-03-21"
 		reference = "https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_doc_follina.yar#L194-L220"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_doc_follina.yar#L194-L220"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "73e76bd80f77640c0d8d47ebb7903eb9cc23336fbe653e7d008cae6a0de7c45b"
 		score = 70
 		quality = 85
@@ -306985,8 +307433,8 @@ rule SIGNATURE_BASE_SUSP_Msdt_Artefact_Jun22_2 : CVE_2022_30190 FILE
 		date = "2022-06-01"
 		modified = "2022-07-29"
 		reference = "https://twitter.com/nas_bench/status/1531718490494844928"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_doc_follina.yar#L222-L241"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_doc_follina.yar#L222-L241"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e18f6405f0411128335336e65dda4ed2b6be6e9ad47b94646ececf0479fbe967"
 		score = 75
 		quality = 85
@@ -307010,8 +307458,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Follina_Jun22 : CVE_2022_30190 FILE
 		date = "2022-06-02"
 		modified = "2025-03-21"
 		reference = "https://twitter.com/gossithedog/status/1531650897905950727"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_doc_follina.yar#L243-L261"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_doc_follina.yar#L243-L261"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0b63bb266b968987b2b5a83c9429e96acbd57e12178e4f5fd5894b23d1aaa237"
 		score = 75
 		quality = 85
@@ -307035,8 +307483,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Tools_Back : FILE
 		date = "2017-07-23"
 		modified = "2022-12-21"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wilted_tulip.yar#L13-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wilted_tulip.yar#L13-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3a23491cbb24177c027695d8f677c4a72ed0404c4c38356eec4b92f2d06be2ee"
 		score = 75
 		quality = 85
@@ -307061,8 +307509,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Tools_Clrlg : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wilted_tulip.yar#L31-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wilted_tulip.yar#L31-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "003f711ac6f2308f2bdc638da7c654686e7402db7b3837120168e5a99b774537"
 		score = 75
 		quality = 85
@@ -307086,8 +307534,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Powershell
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wilted_tulip.yar#L47-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wilted_tulip.yar#L47-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "57d28f7b79cc14b8bbc2d7c9b2c16ab0f94a4b160cf7cb1d4641fe1c77e06811"
 		score = 75
 		quality = 85
@@ -307110,8 +307558,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Vminst : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wilted_tulip.yar#L62-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wilted_tulip.yar#L62-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a4559c2f4de60537827d167453751a92c0030ae6ce095a2d64df777e93d4b87a"
 		score = 75
 		quality = 85
@@ -307144,8 +307592,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Windows_UM_Task
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wilted_tulip.yar#L90-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wilted_tulip.yar#L90-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cfc2d231b6be798172e5d7ffc525842c7eed6d78a145c401136452c46f21e3b2"
 		score = 75
 		quality = 85
@@ -307171,8 +307619,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Windowstask
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wilted_tulip.yar#L109-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wilted_tulip.yar#L109-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a2bbcb02f34b2da3d88772d211cc7bfb669384161eec94336cdc2474144b16ae"
 		score = 75
 		quality = 85
@@ -307201,8 +307649,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Tdtess : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wilted_tulip.yar#L130-L147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wilted_tulip.yar#L130-L147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ffd10e06b3a8f3054747443b863070e8726589fc795f816832dbf73c0c34e080"
 		score = 75
 		quality = 85
@@ -307228,8 +307676,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Silverlightmsi : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wilted_tulip.yar#L149-L165"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wilted_tulip.yar#L149-L165"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "716db8f8e7d71c7f3deaeb9ac8e141c9bf374e5dae992e8e2623070c81089953"
 		score = 75
 		quality = 85
@@ -307256,8 +307704,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Matryoshka_Injector : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wilted_tulip.yar#L167-L189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wilted_tulip.yar#L167-L189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e02d26882c85b77bd97629fce20bd027e1f5f7e28ae0c43c9ea7a4b1e5d02cd1"
 		score = 75
 		quality = 85
@@ -307282,8 +307730,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Zpp : FILE
 		date = "2017-07-23"
 		modified = "2022-12-21"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wilted_tulip.yar#L191-L215"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wilted_tulip.yar#L191-L215"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "32c91f8a02443a6f024acb3f941b7f11472e7f1517c54a3c7edc89ce88ba73e0"
 		score = 75
 		quality = 85
@@ -307315,8 +307763,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Netsrv_Netsrvs : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wilted_tulip.yar#L217-L242"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wilted_tulip.yar#L217-L242"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1506d1eddd43731c00e5f01a292589b07de5055bbdd7b1f7c2d7ac7a09b8ae58"
 		score = 75
 		quality = 85
@@ -307351,8 +307799,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Reflectiveloader : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wilted_tulip.yar#L244-L268"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wilted_tulip.yar#L244-L268"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9488d2e97d0ea031a138e72964a3b56781f9d05c1676ff0b360407db944e26de"
 		score = 75
 		quality = 85
@@ -307384,8 +307832,8 @@ rule SIGNATURE_BASE_Wiltedtulip_Matryoshka_RAT : FILE
 		date = "2017-07-23"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/tulip"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wilted_tulip.yar#L270-L289"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wilted_tulip.yar#L270-L289"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9e878d9e3dc3f2050e52a046038f4f855b5b777948d928e0bc6d7a98fc0a7119"
 		score = 75
 		quality = 85
@@ -307414,8 +307862,8 @@ rule SIGNATURE_BASE_Base64_PS1_Shellcode
 		date = "2018-11-14"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ItsReallyNick/status/1062601684566843392"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_ps1_shellcode.yar#L1-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_ps1_shellcode.yar#L1-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fac6f41965eb2209f1552763800d6a2b172f28cd29bb7586d180654aab1e6d56"
 		score = 65
 		quality = 85
@@ -307438,8 +307886,8 @@ rule SIGNATURE_BASE_SUSP_Certificate_Payload : FILE
 		date = "2018-08-02"
 		modified = "2023-12-05"
 		reference = "https://blog.nviso.be/2018/08/02/powershell-inside-a-certificate-part-3/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cert_payloads.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cert_payloads.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "909cf4209bbb876a042d86e017f65ce3764d2fde7a602406ed8531ba97c9fb9b"
 		score = 50
 		quality = 85
@@ -307461,11 +307909,11 @@ rule SIGNATURE_BASE_LOG_EXPL_Confluence_RCE_CVE_2021_26084_Sep21 : LOG CVE_2021_
 		date = "2021-09-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/httpvoid/writeups/blob/main/Confluence-RCE.md"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cve_2021_26084_confluence_log.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cve_2021_26084_confluence_log.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "04542570b4814efde3d96ba5be8b5f9fd6e3c51be09f0e8a1c4eba45bfd8f5ff"
 		score = 55
-		quality = 60
+		quality = 85
 		tags = "LOG, CVE-2021-26084"
 
 	strings:
@@ -307491,8 +307939,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_1 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wildneutron.yar#L10-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wildneutron.yar#L10-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2b5065a3d0e0b8252a987ef5f29d9e1935c5863f5718b83440e68dc53c21fa94"
 		logic_hash = "d8044761fa51f2afd16eb096aa9e896483387c47e10ce922f2ef32ebcbd1a520"
 		score = 60
@@ -307525,8 +307973,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_2 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wildneutron.yar#L36-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wildneutron.yar#L36-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8d80f9ef55324212759f4b6070cb8fce18a008ae9dd8b9598553206654d13a6f"
 		logic_hash = "3a796199a2e9f2711e5fbdc1050234a8f3c09f762bc645f49a705d9f112d9cdc"
 		score = 60
@@ -307556,8 +308004,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_3 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wildneutron.yar#L59-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wildneutron.yar#L59-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c2c761cde3175f6e40ed934f2e82c76602c81e2128187bab61793ddb3bc686d0"
 		logic_hash = "16d511412576df2eb6d9646856d37bd94af7648cc602510696b74fa0534e405d"
 		score = 60
@@ -307588,8 +308036,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_4 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wildneutron.yar#L85-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wildneutron.yar#L85-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b4005530193bc523d3e0193c3c53e2737ae3bf9f76d12c827c0b5cd0dcbaae45"
 		logic_hash = "4882b7c5f469615436490cd628ee3bb5b0dded43fb556ac6477cdadc6c8eff05"
 		score = 60
@@ -307620,8 +308068,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_5 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wildneutron.yar#L110-L133"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wildneutron.yar#L110-L133"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1604e36ccef5fa221b101d7f043ad7f856b84bf1a80774aa33d91c2a9a226206"
 		logic_hash = "57792a54c96c59a1e9ed961715c72187936aee6f001c2ed4f95ca84e799e9c8c"
 		score = 60
@@ -307653,8 +308101,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_6 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wildneutron.yar#L135-L149"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wildneutron.yar#L135-L149"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4bd548fe07b19178281edb1ee81c9711525dab03dc0b6676963019c44cc75865"
 		logic_hash = "7dc7f9815f2b2c934ecf93f5813bdb87364b2b9e2a5aebc04f76cfff43e46d30"
 		score = 60
@@ -307677,8 +308125,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_7 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wildneutron.yar#L151-L176"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wildneutron.yar#L151-L176"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a14d31eb965ea8a37ebcc3b5635099f2ca08365646437c770212d534d504ff3c"
 		logic_hash = "8a081932be8fd03c37a87486570a02a31756ba6bd125dbed7da9703197447ea5"
 		score = 60
@@ -307712,8 +308160,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_9 : FILE
 		date = "2015-07-10"
 		modified = "2023-01-06"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wildneutron.yar#L203-L223"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wildneutron.yar#L203-L223"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "781eb1e17349009fbae46aea5c59d8e5b68ae0b42335cb035742f6b0f4e4087e"
 		logic_hash = "2029c94088e075cbcbae8d7d514cfc56add022d8776e59f04824d9ce9fd12794"
 		score = 60
@@ -307741,8 +308189,8 @@ rule SIGNATURE_BASE_Wildneutron_Sample_10 : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wildneutron.yar#L225-L267"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wildneutron.yar#L225-L267"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1d3bdabb350ba5a821849893dabe5d6056bf7ba1ed6042d93174ceeaa5d6dad7"
 		logic_hash = "b282b6892f9cb6769bf0e302deaa8062fd69bfd51144bc06fc9501fde9537dae"
 		score = 60
@@ -307788,8 +308236,8 @@ rule SIGNATURE_BASE_APT_MAL_Wildneutron_Javacpl : FILE
 		modified = "2023-01-06"
 		old_rule_name = "WildNeutron_javacpl"
 		reference = "https://securelist.com/blog/research/71275/wild-neutron-economic-espionage-threat-actor-returns-with-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_wildneutron.yar#L272-L300"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_wildneutron.yar#L272-L300"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c9cb6ab956d29df9f59520262ab308a0256747cc3c898979347304950e093098"
 		score = 60
 		quality = 85
@@ -307820,8 +308268,8 @@ rule SIGNATURE_BASE_Skeleton_Key_Patcher
 		date = "2015-01-13"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/aAk3lN"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_skeletonkey.yar#L3-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_skeletonkey.yar#L3-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "451b77152e38a120bd8d8a832f0f7c003974113ead18aabfe043a332fb1f484c"
 		score = 70
 		quality = 85
@@ -307848,8 +308296,8 @@ rule SIGNATURE_BASE_Skeleton_Key_Injected_Code
 		date = "2015-01-13"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/aAk3lN"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_skeletonkey.yar#L26-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_skeletonkey.yar#L26-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e87cb9a49d0df6f75ca1ae51f8255ea476b699e82d525d7eca06bfda3462d84b"
 		score = 70
 		quality = 85
@@ -307873,8 +308321,8 @@ rule SIGNATURE_BASE_FVEY_Shadowbrokers_Jan17_Screen_Strings : FILE
 		date = "2017-01-08"
 		modified = "2023-12-05"
 		reference = "https://bit.no.com:43110/theshadowbrokers.bit/post/message7/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fvey_shadowbroker_jan17.yar#L10-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fvey_shadowbroker_jan17.yar#L10-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8015b227c5df68fffadb86b72843b2b831d5603978ada3f50cc535a870aa94eb"
 		score = 75
 		quality = 85
@@ -307910,8 +308358,8 @@ rule SIGNATURE_BASE_Gen_Suspicious_Inpage_Dropper : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/Ahmedfshosha/status/1138138981521154049"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_suspicious_InPage_dropper.yar#L1-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_suspicious_InPage_dropper.yar#L1-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8ab5d0bffa72b32f4c388f42a38a799c178fddf9f06b1262842e146c43448bd4"
 		score = 65
 		quality = 85
@@ -307938,8 +308386,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Ragna_Locker_Apr20_1 : FILE
 		date = "2020-04-27"
 		modified = "2023-12-05"
 		reference = "https://otx.alienvault.com/indicator/file/c2bd70495630ed8279de0713a010e5e55f3da29323b59ef71401b12942ba52f6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ransom_ragna_locker.yar#L3-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ransom_ragna_locker.yar#L3-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "05a18818f22c836c3e1f1fa9682d787bbe86e6d3bb026a80a7d4c33ad95c2cd3"
 		score = 75
 		quality = 85
@@ -307978,8 +308426,8 @@ rule SIGNATURE_BASE_MAL_Ransom_Ragnarlocker_July_2020_1 : FILE
 		date = "2020-07-30"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/JAMESWT_MHT/status/1288797666688851969"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ransom_ragna_locker.yar#L38-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ransom_ragna_locker.yar#L38-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dc44da2f9023e0702afa8081e85ba817ebfde15f449261fae9de729d51262b04"
 		score = 75
 		quality = 83
@@ -308022,8 +308470,8 @@ rule SIGNATURE_BASE_APT_Darkhydrus_Jul18_1 : FILE
 		date = "2018-07-28"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_darkhydrus.yar#L13-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_darkhydrus.yar#L13-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2c39f2e6b37e6422984275f45a2917891c3b482d137dbbfd6293088c2f2dacc3"
 		score = 75
 		quality = 85
@@ -308046,8 +308494,8 @@ rule SIGNATURE_BASE_APT_Darkhydrus_Jul18_2 : FILE
 		date = "2018-07-28"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_darkhydrus.yar#L31-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_darkhydrus.yar#L31-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e967fec69ad1cbb46a63ee520594e7d6f2445a400510a9864dbd6d4c6e092737"
 		score = 75
 		quality = 85
@@ -308075,8 +308523,8 @@ rule SIGNATURE_BASE_APT_Darkhydrus_Jul18_3 : FILE
 		date = "2018-07-28"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_darkhydrus.yar#L50-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_darkhydrus.yar#L50-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0f3425322846e6064ec2576ad4e73061fbec3e4400de54d05fe07b8ad2a31f92"
 		score = 75
 		quality = 85
@@ -308101,8 +308549,8 @@ rule SIGNATURE_BASE_HKTL_Unlicensed_Cobaltstrike_EICAR_Jul18_5 : FILE
 		date = "2018-07-28"
 		modified = "2021-06-17"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/07/unit42-new-threat-actor-group-darkhydrus-targets-middle-east-government/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_darkhydrus.yar#L69-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_darkhydrus.yar#L69-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d066f22e01f9ca3a33c669552046a5ab8dd9e579236974b1c468ba9644498951"
 		score = 75
 		quality = 85
@@ -308127,8 +308575,8 @@ rule SIGNATURE_BASE_Furtim_Nativedll : FILE
 		date = "2016-06-13"
 		modified = "2023-12-05"
 		reference = "MISP 3971"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_furtim.yar#L8-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_furtim.yar#L8-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f9673cdd1e8e38f98b9625291a03011d5cfce78c689eab491ff189c4e039e1ef"
 		score = 75
 		quality = 85
@@ -308154,8 +308602,8 @@ rule SIGNATURE_BASE_Furtim_Parent_1 : FILE
 		date = "2016-07-16"
 		modified = "2023-12-05"
 		reference = "https://sentinelone.com/blogs/sfg-furtims-parent/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_furtim.yar#L34-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_furtim.yar#L34-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ab4c7ca5c887b2a2f2949a5a6fd0d623dad47d9c1f866fb43f7f8ec38dfa6a02"
 		score = 75
 		quality = 85
@@ -308183,8 +308631,8 @@ rule SIGNATURE_BASE_Enigmapacker_Rare : FILE
 		date = "2017-04-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_enigma_protector.yar#L8-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_enigma_protector.yar#L8-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a001b563db1b75581432d42a435683f24e244b6b354f83409b5b9d6d0314d63a"
 		score = 60
 		quality = 85
@@ -308208,8 +308656,8 @@ rule SIGNATURE_BASE_Enigma_Protected_Malware_May17_Rhxfiles : FILE
 		date = "2017-05-02"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_enigma_protector.yar#L25-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_enigma_protector.yar#L25-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "838ab7dddda798d2f5c79fc5417693f8489195b3024c43d9ad1aab05fcfd71eb"
 		score = 75
 		quality = 85
@@ -308233,8 +308681,8 @@ rule SIGNATURE_BASE_Enigma_Protected_Malware : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/OEVQ9w"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_enigma_protector.yar#L41-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_enigma_protector.yar#L41-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1a254d4d593b73d16d1cfbd73d7d4b2732a080cb98d70972de0826433b004152"
 		score = 75
 		quality = 85
@@ -308258,8 +308706,8 @@ rule SIGNATURE_BASE_SUSP_TINY_PE : FILE
 		date = "2019-10-23"
 		modified = "2023-12-05"
 		reference = "https://webserver2.tecgraf.puc-rio.br/~ismael/Cursos/YC++/apostilas/win32_xcoff_pe/tyne-example/Tiny%20PE.htm"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_file_anomalies.yar#L3-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_file_anomalies.yar#L3-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5eabfa8e0fd4d6d1376d263484fba985e7a4b05d68046be1f79c1dfdbbfff9e5"
 		score = 80
 		quality = 85
@@ -308280,8 +308728,8 @@ rule SIGNATURE_BASE_SUSP_GIF_Anomalies : FILE
 		date = "2020-07-02"
 		modified = "2023-12-05"
 		reference = "https://en.wikipedia.org/wiki/GIF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_file_anomalies.yar#L17-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_file_anomalies.yar#L17-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "64d17c8de72600cd889a802fd002faaaf9a3a17f7fa157ae5b2b620b28e6c439"
 		score = 60
 		quality = 85
@@ -308300,8 +308748,8 @@ rule SIGNATURE_BASE_SUSP_Hxd_Icon_Anomaly_May23_1 : FILE
 		date = "2023-05-29"
 		modified = "2023-12-05"
 		reference = "https://www.linkedin.com/feed/update/urn:li:activity:7068631930040188929/?utm_source=share&utm_medium=member_ios"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_file_anomalies.yar#L32-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_file_anomalies.yar#L32-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a328687ac8b868fb78a49188b286a8951c6043a7ff6ff0c7a23c3f9b3ef15eb2"
 		score = 65
 		quality = 85
@@ -308341,8 +308789,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Sindoor_ELF_Obfuscation_Aug25 : FILE
 		date = "2025-08-29"
 		modified = "2025-09-02"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt36_operation_sindoor.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt36_operation_sindoor.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6879a2b730e391964afe4dbbc29667844ba0c29239be5503b7c86e59e7052443"
 		logic_hash = "c1258c1f6d4b49104bedf3fbef932f1775ede7d32191df2e5479ca9b291add9e"
 		score = 70
@@ -308364,8 +308812,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Sindoor_Desktopfile_Aug25 : FILE
 		date = "2025-08-29"
 		modified = "2025-09-02"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt36_operation_sindoor.yar#L18-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt36_operation_sindoor.yar#L18-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9943bdf1b2a37434054b14a1a56a8e67aaa6a8b733ca785017d3ed8c1173ac59"
 		logic_hash = "1549aac3132c5f3e73d984c3404a5530507e967df4ab6d5ccd408abc874a5306"
 		score = 70
@@ -308389,8 +308837,8 @@ rule SIGNATURE_BASE_MAL_Sindoor_Decryptor_Aug25 : FILE
 		date = "2025-08-29"
 		modified = "2025-09-02"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt36_operation_sindoor.yar#L36-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt36_operation_sindoor.yar#L36-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9a1adb50bb08f5a28160802c8f315749b15c9009f25aa6718c7752471db3bb4b"
 		logic_hash = "4172fd9aee39a1a0681483f6dada6394debc62149a588ab4807e3016a823bed3"
 		score = 80
@@ -308416,8 +308864,8 @@ rule SIGNATURE_BASE_MAL_Sindoor_Downloader_Aug25 : FILE
 		date = "2025-08-29"
 		modified = "2025-09-02"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt36_operation_sindoor.yar#L62-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt36_operation_sindoor.yar#L62-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "38b6b93a536cbab5c289fe542656d8817d7c1217ad75c7f367b15c65d96a21d4"
 		logic_hash = "c55be65cd077cb04b625636dffcb02af74efa06bb49da734c8616da233a34d1a"
 		score = 80
@@ -308443,8 +308891,8 @@ rule SIGNATURE_BASE_SUSP_VULN_DRV_PROCEXP152_May23 : FILE
 		date = "2023-05-05"
 		modified = "2023-07-28"
 		reference = "https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor_inverse_matches.yar#L502-L520"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor_inverse_matches.yar#L502-L520"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d988bba837b91b2ad7f69be8765a948848bce21e2daa53af602f714758cda4d4"
 		score = 50
 		quality = 85
@@ -308468,8 +308916,8 @@ rule SIGNATURE_BASE_Malrtf_Ole2Link : EXPLOIT FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_rtf_ole2link.yar#L1-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_rtf_ole2link.yar#L1-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d7ef764a0006b81c2b50699aa1fccb35c7c7da982cb8d56e02097114468e298f"
 		score = 75
 		quality = 85
@@ -308496,8 +308944,8 @@ rule SIGNATURE_BASE_Corkowdll : FILE
 		date = "2016-01-02"
 		modified = "2023-12-05"
 		reference = "https://www.group-ib.ru/brochures/Group-IB-Corkow-Report-EN.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_corkow_dll.yar#L3-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_corkow_dll.yar#L3-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "072112c79f20ba08b7ef71d3dacff7eb947b4a27bf6381ce788e229f2f791cdf"
 		score = 75
 		quality = 85
@@ -308519,8 +308967,8 @@ rule SIGNATURE_BASE_Windowscredentialeditor
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L20-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L20-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "531a0bdc893d89b1c14deee11df95b430051cef07744a15b5d606e1c5378db97"
 		score = 90
 		quality = 85
@@ -308543,8 +308991,8 @@ rule SIGNATURE_BASE_HKTL_Amplia_Security_Tool : FILE
 		date = "2013-01-01"
 		modified = "2023-02-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L34-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L34-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7ca32d8df0011f23922c6566b28aa55b0756d5b67bf3db8908b206b1038bb1f2"
 		score = 60
 		quality = 85
@@ -308570,8 +309018,8 @@ rule SIGNATURE_BASE_Pwdump
 		date = "2014-04-24"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L58-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L58-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a998d16f84e8689f182f6665ad165c6ff19e25d3e52acc10ca4cc6fe54ba354f"
 		score = 70
 		quality = 85
@@ -308594,8 +309042,8 @@ rule SIGNATURE_BASE_Pscan_Portscan_1
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L74-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L74-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c624fcdf28506b551bf7b36883d95b279a7c56322337a0acafd91205659c92cc"
 		score = 50
 		quality = 85
@@ -308618,8 +309066,8 @@ rule SIGNATURE_BASE_Hacktool_Samples
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L88-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L88-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0064950d88eccbe670cd1dc70861d093c7f49f8f10e984aef4cfb4bcc94e4645"
 		score = 50
 		quality = 83
@@ -308665,8 +309113,8 @@ rule SIGNATURE_BASE_Fierce2
 		date = "2014-01-07"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L126-L139"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L126-L139"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "05502827dd5d1903507fd1e176d518516a5c1965fb4e51ea26b1a05eb0dce3d2"
 		score = 60
 		quality = 85
@@ -308688,8 +309136,8 @@ rule SIGNATURE_BASE_Ncrack
 		date = "2014-01-07"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L141-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L141-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a42bfaefb873a10821bcc06db109d8ab20daa8c8ac0b6cfb245d2ee339f318bb"
 		score = 60
 		quality = 85
@@ -308711,8 +309159,8 @@ rule SIGNATURE_BASE_Sqlmap
 		date = "2014-01-07"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L156-L169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L156-L169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9c248c856c3d91a282012489b53dc9e15569e1bb1a5c9f5e3c7938f7ce0c3157"
 		score = 60
 		quality = 85
@@ -308735,8 +309183,8 @@ rule SIGNATURE_BASE_HKTL_Portscanner_Simple_Jan14
 		modified = "2025-04-14"
 		old_rule_name = "PortScanner"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L171-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L171-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b381b9212282c0c650cb4b0323436c63"
 		logic_hash = "c69269b227d46b5b970cfc094b3154b0a533b439b8ed492a2059025bc96d17a0"
 		score = 75
@@ -308759,8 +309207,8 @@ rule SIGNATURE_BASE_Domainscanv1_0
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L185-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L185-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "aefcd73b802e1c2bdc9b2ef206a4f24e"
 		logic_hash = "b06d902528fee5d1718d0a2984af3314e92e1ec7033c7596f9fb0e51a20eb848"
 		score = 75
@@ -308789,8 +309237,8 @@ rule SIGNATURE_BASE_HKTL_Moorer_Port_Scanner
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L204-L217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L204-L217"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "376304acdd0b0251c8b19fea20bb6f5b"
 		logic_hash = "248f437964fc6f7836f6b4c87e1f35bb1bac25a1a484cdf1a4065e7efb823b51"
 		score = 75
@@ -308815,8 +309263,8 @@ rule SIGNATURE_BASE_Netbios_Name_Scanner
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L219-L231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L219-L231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "888ba1d391e14c0a9c829f5a1964ca2c"
 		logic_hash = "19b40a283b74317fece2f5be0ee3e38227d9631eebbc7efb0ea19056b52630f1"
 		score = 75
@@ -308840,8 +309288,8 @@ rule SIGNATURE_BASE_Felikspack3___Scanners_Ipscan
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L233-L245"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L233-L245"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6c1bcf0b1297689c8c4c12cc70996a75"
 		logic_hash = "8da10a4536ecea889f29bb3f098518580629bf48eda88db7adfc5f61738ede25"
 		score = 75
@@ -308865,8 +309313,8 @@ rule SIGNATURE_BASE_Cgisscan_Cgiscan
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L247-L259"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L247-L259"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "338820e4e8e7c943074d5a5bc832458a"
 		logic_hash = "5bd856a77c53616cf78d093462f8b7ca5a5fb0924406a02941d86bdb015a1fbc"
 		score = 75
@@ -308890,8 +309338,8 @@ rule SIGNATURE_BASE_IP_Stealing_Utilities
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L261-L272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L261-L272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "65646e10fb15a2940a37c5ab9f59c7fc"
 		logic_hash = "38958edeee6e140e11267cdd7899ad517799dbce33ac267d51dea0f8aecfa1ee"
 		score = 75
@@ -308914,8 +309362,8 @@ rule SIGNATURE_BASE_Superscan4
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L274-L287"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L274-L287"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "78f76428ede30e555044b83c47bc86f0"
 		logic_hash = "7f76c59e85efac5c150f783606e2a9bdc8724c6afd9f9c6405d63f7467c72752"
 		score = 75
@@ -308939,8 +309387,8 @@ rule SIGNATURE_BASE_Portracer
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L288-L300"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L288-L300"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2834a872a0a8da5b1be5db65dfdef388"
 		logic_hash = "f6ad85a8970b10e25becca76e17bff30cbc787ed45f331af4ecf9563ff11b65d"
 		score = 75
@@ -308964,8 +309412,8 @@ rule SIGNATURE_BASE_Scanarator
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L302-L312"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L302-L312"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "848bd5a518e0b6c05bd29aceb8536c46"
 		logic_hash = "9400435470c26245cd814e1e39f275eb22566d66d1a72d4f3e618a6ad11bc8d9"
 		score = 75
@@ -308987,8 +309435,8 @@ rule SIGNATURE_BASE_Aolipsniffer
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L314-L332"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L314-L332"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "51565754ea43d2d57b712d9f0a3e62b8"
 		logic_hash = "e627b8ea85e4325714c98e93ad6147adfa600af548a80dce8548b7f5743733b5"
 		score = 75
@@ -309018,8 +309466,8 @@ rule SIGNATURE_BASE__Bitchin_Threads_
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L334-L345"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L334-L345"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7491b138c1ee5a0d9d141fbfd1f0071b"
 		logic_hash = "f43fec37d9dc668b562838465e5696e502c638b207e7af6a77fac5a8b00e92a8"
 		score = 75
@@ -309042,8 +309490,8 @@ rule SIGNATURE_BASE_Cgis4_Cgis4
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L347-L362"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L347-L362"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d658dad1cd759d7f7d67da010e47ca23"
 		logic_hash = "2cf3fc6447323cbefe5f5ad02271eeb4c271bb9784d2c29030858542a43fbb04"
 		score = 75
@@ -309070,8 +309518,8 @@ rule SIGNATURE_BASE_Portscan
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L364-L375"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L364-L375"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a8bfdb2a925e89a281956b1e3bb32348"
 		logic_hash = "d93b54ffc7416b5354304daf156908f11d7e320a91bd936e397a15ede63caae3"
 		score = 75
@@ -309094,8 +309542,8 @@ rule SIGNATURE_BASE_Proport_Zip_Folder_Proport
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L377-L394"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L377-L394"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c1937a86939d4d12d10fc44b7ab9ab27"
 		logic_hash = "0ee2ffc5ed243d170b8013b3a164a3719f43bd473f4af7e1a2697d88a298fe9f"
 		score = 75
@@ -309124,8 +309572,8 @@ rule SIGNATURE_BASE_Stealthwasp_S_Basic_Portscanner_V1_2
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L396-L407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L396-L407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7c0f2cab134534cd35964fe4c6a1ff00"
 		logic_hash = "b01c165b5e5be3ba6905e8bc44a14c3d7195effd058e4c0c31678777d19db8b5"
 		score = 75
@@ -309148,8 +309596,8 @@ rule SIGNATURE_BASE_Bluesportscan
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L409-L420"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L409-L420"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6292f5fc737511f91af5e35643fc9eef"
 		logic_hash = "5cb4e4b87eaf166c85d23114f5abc10ef83b4a29968bf6fef4b3fce7ff2787fd"
 		score = 75
@@ -309172,8 +309620,8 @@ rule SIGNATURE_BASE_Scanarator_Iis
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L422-L433"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L422-L433"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3a8fc02c62c8dd65e038cc03e5451b6e"
 		logic_hash = "092cb902e10624b207b7932e6b3c1fe2277ed1d183e5de9ee4d07d8548e90ab6"
 		score = 75
@@ -309196,8 +309644,8 @@ rule SIGNATURE_BASE_Stealth_Stealth
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L435-L446"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L435-L446"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8ce3a386ce0eae10fc2ce0177bbc8ffa"
 		logic_hash = "e210b1a553549c22f66511dfc9d0d3f5b17f02981b9e9915827bc909f34b3262"
 		score = 75
@@ -309220,8 +309668,8 @@ rule SIGNATURE_BASE_Angry_IP_Scanner_V2_08_Ipscan
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L448-L460"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L448-L460"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "70cf2c09776a29c3e837cb79d291514a"
 		logic_hash = "1b50856ad35c146a684298a86f1629c45996ab08ffae8486a388805262ec2367"
 		score = 75
@@ -309245,8 +309693,8 @@ rule SIGNATURE_BASE_Crack_Loader
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L462-L473"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L462-L473"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f4f79358a6c600c1f0ba1f7e4879a16d"
 		logic_hash = "3380ace7c34c15dfd9a9625c8c4a1ed7e35c1cf3c2eca9b1e00dd0092d256150"
 		score = 75
@@ -309269,8 +309717,8 @@ rule SIGNATURE_BASE_CN_GUI_Scanner
 		date = "2014-04-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L475-L492"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L475-L492"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3c67bbb1911cdaef5e675c56145e1112"
 		logic_hash = "f9281277ad7058527699d1f5037bb78be1363c90f38e2e399592c58f0b313bd7"
 		score = 65
@@ -309297,8 +309745,8 @@ rule SIGNATURE_BASE_CN_Packed_Scanner : FILE
 		date = "2014-06-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L494-L510"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L494-L510"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6323b51c116a77e3fba98f7bb7ff4ac6"
 		logic_hash = "0d9178ec65029e4ce8d4c3cc28ebd041c612f3a48f095b60c7a4515de03cccf4"
 		score = 40
@@ -309324,8 +309772,8 @@ rule SIGNATURE_BASE_Tiny_Network_Tool_Generic : FILE
 		date = "2014-08-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L512-L545"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L512-L545"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "efd04ee3a7bb120cdff00369e1856dd03ec9db84e1fb3196bf5e1a8ebd302802"
 		score = 40
 		quality = 85
@@ -309364,8 +309812,8 @@ rule SIGNATURE_BASE_Beastdoor_Backdoor
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L547-L567"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L547-L567"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5ab10dda548cb821d7c15ebcd0a9f1ec6ef1a14abcc8ad4056944d060c49535a"
 		logic_hash = "35aa5d66c0fd4bf1995fc23a68283e8a28f31b5a1e1f3b742dd0ab89c48bf403"
 		score = 55
@@ -309396,8 +309844,8 @@ rule SIGNATURE_BASE_Powershell_Netcat
 		date = "2014-10-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L569-L583"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L569-L583"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ff9d7c3e83fd27620559306c07556ce7afd1ba7a5db5f5c21ad0841d58b85014"
 		score = 60
 		quality = 85
@@ -309421,8 +309869,8 @@ rule SIGNATURE_BASE_Chinese_Hacktool_1014
 		date = "2014-10-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L585-L602"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L585-L602"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "98c07a62f7f0842bcdbf941170f34990"
 		logic_hash = "ffb1f653fd536a46dae4bf2c91c3c0582b703b8f0d33838b9736083e307a8e79"
 		score = 60
@@ -309449,8 +309897,8 @@ rule SIGNATURE_BASE_CN_Hacktool_BAT_Portsopen
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L604-L618"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L604-L618"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e5bc7b3264d7fc63fcc6c3d7e45859eb83b8ce60bd9a918f5eff887f626d09a3"
 		score = 60
 		quality = 85
@@ -309474,8 +309922,8 @@ rule SIGNATURE_BASE_CN_Hacktool_Ssport_Portscanner
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L620-L634"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L620-L634"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "30c380b6c683cbcbef7072e793d94e1782206b844fa23d334b737818f0a32f9f"
 		score = 70
 		quality = 85
@@ -309499,8 +309947,8 @@ rule SIGNATURE_BASE_CN_Hacktool_Scanport_Portscanner
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L636-L650"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L636-L650"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa2dce57cc3e9baecb80b0165dfeb1af1ba4c4b30098e3b1252eb98b4fc30f7f"
 		score = 70
 		quality = 60
@@ -309524,8 +309972,8 @@ rule SIGNATURE_BASE_CN_Hacktool_S_EXE_Portscanner
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L652-L666"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L652-L666"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "658ae90f3af3c7abec6e692b6be350939ba7b654a9972d1a1016ff33e815a1de"
 		score = 70
 		quality = 85
@@ -309549,8 +309997,8 @@ rule SIGNATURE_BASE_CN_Hacktool_Milkt_BAT
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L668-L681"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L668-L681"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ad74c45db0ef52223eb4dd162a21c57074a4ecb869a841d836d14afc997a7478"
 		score = 70
 		quality = 85
@@ -309573,8 +310021,8 @@ rule SIGNATURE_BASE_CN_Hacktool_Milkt_Scanner
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L683-L701"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L683-L701"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "707cbd625b5694b710d01622a053e60828da7f70b38e43012d04364137583fe9"
 		score = 60
 		quality = 85
@@ -309602,8 +310050,8 @@ rule SIGNATURE_BASE_CN_Hacktool_1433_Scanner : FILE
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L703-L720"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L703-L720"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3e51e3596fc90bcea46236728da5437a9b6f56a42d64a651940321f575b32129"
 		score = 40
 		quality = 85
@@ -309630,8 +310078,8 @@ rule SIGNATURE_BASE_CN_Hacktool_1433_Scanner_Comp2 : FILE
 		date = "2014-12-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L722-L736"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L722-L736"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7c84d59a821531d9e741a05a23a911bb1caa825a18bb6532381e5ff38193c260"
 		score = 40
 		quality = 85
@@ -309655,8 +310103,8 @@ rule SIGNATURE_BASE_WCE_Modified_1_1014
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L738-L752"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L738-L752"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "09a412ac3c85cedce2642a19e99d8f903a2e0354"
 		logic_hash = "f094d635aabea9b9101fad3d0d23ad37692317ae5b4f636296ee612752c4421f"
 		score = 70
@@ -309681,8 +310129,8 @@ rule SIGNATURE_BASE_Ikat_Wmi_Rundll : FILE
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L773-L794"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L773-L794"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "97c4d4e6a644eed5aa12437805e39213e494d120"
 		logic_hash = "b857e17c790a97468ae69c8cbec6474ee38bea25bb04520516a2603996d4bd41"
 		score = 65
@@ -309712,8 +310160,8 @@ rule SIGNATURE_BASE_Ikat_Revelations
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L796-L813"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L796-L813"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c4e217a8f2a2433297961561c5926cbd522f7996"
 		logic_hash = "0f3aa9e784beb7de8b560ecde8cc06d49e07f5e4ea4acb233ec9ac007179d7a3"
 		score = 75
@@ -309739,8 +310187,8 @@ rule SIGNATURE_BASE_Ikat_Priv_Esc_Tasksch
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L815-L841"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L815-L841"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "84ab94bff7abf10ffe4446ff280f071f9702cf8b"
 		logic_hash = "6d0f755a758aaac4328f5f4343b424c03c2751ddad6a1dbe7c0332171c027945"
 		score = 75
@@ -309775,8 +310223,8 @@ rule SIGNATURE_BASE_Ikat_Command_Lines_Agent
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L843-L864"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L843-L864"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c802ee1e49c0eae2a3fc22d2e82589d857f96d94"
 		logic_hash = "a39f8e388aa11c732156753f4a19aa9cc3ccd0437de30cdcc608926320a089b0"
 		score = 75
@@ -309806,8 +310254,8 @@ rule SIGNATURE_BASE_Ikat_Cmd_As_Dll
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L866-L884"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L866-L884"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b5d0ba941efbc3b5c97fe70f70c14b2050b8336a"
 		logic_hash = "3f8390fb6eb16749e63379222a5899b811e7ccd6b3b219b60d7a621fd4595e7b"
 		score = 65
@@ -309833,8 +310281,8 @@ rule SIGNATURE_BASE_Ikat_Tools_Nmap
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L886-L903"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L886-L903"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d0543f365df61e6ebb5e345943577cc40fca8682"
 		logic_hash = "f538d807ed4904a2c321385a095a97bc0d718349f7eb31a367e521228412cef2"
 		score = 50
@@ -309860,8 +310308,8 @@ rule SIGNATURE_BASE_Ikat_Startbar
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L905-L925"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L905-L925"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0cac59b80b5427a8780168e1b85c540efffaf74f"
 		logic_hash = "adb29d4903a771b0dab9dee8313878757ff12fc014da86291e32eb3ec60bf551"
 		score = 50
@@ -309890,8 +310338,8 @@ rule SIGNATURE_BASE_Ikat_Tool_Generic
 		date = "2014-05-11"
 		modified = "2025-04-14"
 		reference = "http://ikat.ha.cked.net/Windows/functions/ikatfiles.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L927-L953"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L927-L953"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5c5aa2d7d82d4b65541c5b6bcae6260fdaed0030493ed689363722cd78fd0a26"
 		score = 55
 		quality = 85
@@ -309926,8 +310374,8 @@ rule SIGNATURE_BASE_Bypassuac2
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L955-L967"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L955-L967"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ef3e7dd2d1384ecec1a37254303959a43695df61"
 		logic_hash = "398783fa0453a60fd1c6aa64eacfbfa7c5385e81c79d1b6a8a8386dae9b825cc"
 		score = 75
@@ -309951,8 +310399,8 @@ rule SIGNATURE_BASE_Bypassuac_3
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L969-L982"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L969-L982"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1974aacd0ed987119999735cad8413031115ce35"
 		logic_hash = "cf3183ff4562f2962f87bc594c1710c73c113fa1d49fa56f7a3ff391ba4b9003"
 		score = 75
@@ -309977,8 +310425,8 @@ rule SIGNATURE_BASE_Bypassuacdll_6
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1000-L1011"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1000-L1011"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "58d7b24b6870cb7f1ec4807d2f77dd984077e531"
 		logic_hash = "3cb89875ddf79a3709aeb58149e228e03b9fb43fa1565aab5ece743857b4cc71"
 		score = 75
@@ -310001,8 +310449,8 @@ rule SIGNATURE_BASE_Bypassuac_EXE
 		date = "2025-04-14"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1013-L1027"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1013-L1027"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "58d7b24b6870cb7f1ec4807d2f77dd984077e531"
 		logic_hash = "0283efd6866ed9417f2d255715f04c0ed6d7a89befce6a3a52c22ac06593c0bd"
 		score = 75
@@ -310028,8 +310476,8 @@ rule SIGNATURE_BASE_APT_Proxy_Malware_Packed_Dev
 		date = "2014-11-10"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1029-L1044"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1029-L1044"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6b6a86ceeab64a6cb273debfa82aec58"
 		logic_hash = "64b15aaf93b40744b887c75fa26f4996d72045a55ac82ab4de89a0d9a3714684"
 		score = 50
@@ -310053,8 +310501,8 @@ rule SIGNATURE_BASE_Tzddos_Ddos_Tool_CN
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1046-L1065"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1046-L1065"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d4c517eda5458247edae59309453e0ae7d812f8e"
 		logic_hash = "fed09a8586f9b573e46871efa71082f4573d2bd069fde9cc2928b267d0025bab"
 		score = 60
@@ -310083,8 +310531,8 @@ rule SIGNATURE_BASE_Ncat_Hacktools_CN
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1067-L1085"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1067-L1085"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "001c0c01c96fa56216159f83f6f298755366e528"
 		logic_hash = "0e059e90447747ed5259da4a870036d37d181c1cfea734ab25e760e81612f0f3"
 		score = 60
@@ -310112,8 +310560,8 @@ rule SIGNATURE_BASE_MS08_067_Exploit_Hacktools_CN
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1087-L1106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1087-L1106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a3e9e0655447494253a1a60dbc763d9661181322"
 		logic_hash = "e5756250de401324d0c86f855bc088c8364e4a632cece25e553939fa621b73d8"
 		score = 60
@@ -310142,8 +310590,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Burst_Sql
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1108-L1129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1108-L1129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d5139b865e99b7a276af7ae11b14096adb928245"
 		logic_hash = "139f7308055351d9dc8a704c055360ac9408dcefc9eee4b9f222886fb5249b8c"
 		score = 60
@@ -310174,8 +310622,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Panda_445TOOL
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1131-L1147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1131-L1147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "92050ba43029f914696289598cf3b18e34457a11"
 		logic_hash = "69a17bf7735eea946a5326d9535e68b8f010f2a0229875970b1bb15029c6dc4e"
 		score = 60
@@ -310201,8 +310649,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Panda_445
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1149-L1169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1149-L1169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a61316578bcbde66f39d88e7fc113c134b5b966b"
 		logic_hash = "d3f5b2c601dfa1702bbd1f8bdc1f847dd34ba84a6c527a3e02cdb76075e4ad2c"
 		score = 60
@@ -310232,8 +310680,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Wineggdrop
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1171-L1194"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1171-L1194"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7665011742ce01f57e8dc0a85d35ec556035145d"
 		logic_hash = "6123a07038e30e11e37a70b912a1c854c13341e67eaf4ed14ca9954288a42d62"
 		score = 60
@@ -310266,8 +310714,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Scan_BAT
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1196-L1214"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1196-L1214"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6517d7c245f1300e42f7354b0fe5d9666e5ce52a"
 		logic_hash = "eed941d2ad5d33d7224504b08d2104d4043fab7a2ff027fc54cd1afd42e32549"
 		score = 60
@@ -310295,8 +310743,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Panda_Burst
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1216-L1229"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1216-L1229"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ce8e3d95f89fb887d284015ff2953dbdb1f16776"
 		logic_hash = "c334019cab377f4d96f5daee6a2f1fa7e24ecc43b3aee1eb76537640fdfd8a97"
 		score = 60
@@ -310319,8 +310767,8 @@ rule SIGNATURE_BASE_Hacktools_CN_445_Cmd : FILE
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1231-L1246"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1231-L1246"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "69b105a3aec3234819868c1a913772c40c6b727a"
 		logic_hash = "e0ab572fe9009ddc39f34302d8a16531c23f51ce4ea373d57a039f22ccc934c7"
 		score = 60
@@ -310345,8 +310793,8 @@ rule SIGNATURE_BASE_Hacktools_CN_GOGOGO_Bat
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1248-L1273"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1248-L1273"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4bd4f5b070acf7fe70460d7eefb3623366074bbd"
 		logic_hash = "0209ffba87ff07379c768c1c00496a37f0f9bc6b786a31afdafe55d65a9f39ab"
 		score = 60
@@ -310381,8 +310829,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Burst_Pass
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1275-L1298"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1275-L1298"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "55a05cf93dbd274355d798534be471dff26803f9"
 		logic_hash = "3a30cc602a66bd87304756311d56e7c698c1edb0b4b209198c589c4792776992"
 		score = 60
@@ -310415,8 +310863,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Johor_Posts_Killer
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1300-L1321"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1300-L1321"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d157f9a76f9d72dba020887d7b861a05f2e56b6a"
 		logic_hash = "2fc63cd42619a2b92ab8670b14ab4c01eb3b194cd337d329ba224b7088d26318"
 		score = 60
@@ -310447,8 +310895,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Panda_Tesksd
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1323-L1338"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1323-L1338"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "922147b3e1e6cf1f5dd5f64a4e34d28bdc9128cb"
 		logic_hash = "dc81acef0ad3e6307f68ee755e5b27f2dcf1e2822e560a72dc5ae572703f4459"
 		score = 60
@@ -310473,8 +310921,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Http : FILE
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1340-L1356"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1340-L1356"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "788bf0fdb2f15e0c628da7056b4e7b1a66340338"
 		logic_hash = "690b41bdf856e0d4d90b4a42524134302e9649018fdd495c359582aa6121a017"
 		score = 60
@@ -310500,8 +310948,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Burst_Start
 		date = "2014-11-17"
 		modified = "2023-01-27"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1358-L1380"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1358-L1380"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "75d194d53ccc37a68286d246f2a84af6b070e30c"
 		logic_hash = "b435957150da7b790809d2cf90a01c967127c183ddcbf333beda1a7c599b69a5"
 		score = 60
@@ -310532,8 +310980,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Panda_Tasksvr
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1382-L1397"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1382-L1397"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a73fc74086c8bb583b1e3dcfd326e7a383007dc0"
 		logic_hash = "183708e525ec6676662b59a2a3c79f5113a80f2d5b3bd4713c74a536fe303b2d"
 		score = 60
@@ -310558,8 +311006,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Burst_Clear
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1398-L1419"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1398-L1419"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "148c574a4e6e661aeadaf3a4c9eafa92a00b68e4"
 		logic_hash = "d10ed2c6ea3f1a8b289529cc90f50f84288003576aced903f48db3c2abc4722d"
 		score = 60
@@ -310590,8 +311038,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Burst_Thecard
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1421-L1438"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1421-L1438"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "50b01ea0bfa5ded855b19b024d39a3d632bacb4c"
 		logic_hash = "29e1fb2e0bfa60e5406f9fd1c0ec99f0fc1b416ffc4d59846627e40959a32c63"
 		score = 60
@@ -310618,8 +311066,8 @@ rule SIGNATURE_BASE_Hacktools_CN_Burst_Blast
 		date = "2014-11-17"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1440-L1454"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1440-L1454"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b07702a381fa2eaee40b96ae2443918209674051"
 		logic_hash = "77902c7b23bab80d035f1dbe074554f16f99b2c9e31c80171296a1d33f705dac"
 		score = 60
@@ -310643,8 +311091,8 @@ rule SIGNATURE_BASE_Vubrute_Vubrute
 		date = "2014-11-22"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1456-L1472"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1456-L1472"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "166fa8c5a0ebb216c832ab61bf8872da556576a7"
 		logic_hash = "9dab03b70b249c0c481e3bc98c3196e83da93ea2723674d38baf32469392d52a"
 		score = 70
@@ -310670,8 +311118,8 @@ rule SIGNATURE_BASE_DK_Brute
 		date = "2014-11-22"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/xiIphp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1474-L1491"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1474-L1491"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "93b7c3a01c41baecfbe42461cb455265f33fbc3d"
 		logic_hash = "a48ba3513c9c99066e9dda02859089e9e1db15e7bd52443795771609f011c94a"
 		score = 70
@@ -310697,8 +311145,8 @@ rule SIGNATURE_BASE_Vubrute_Config
 		date = "2014-11-22"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/xiIphp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1493-L1513"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1493-L1513"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b9f66b9265d2370dab887604921167c11f7d93e9"
 		logic_hash = "b4c54d5ecb269c7310b5bd2a9e8fe5d6c75503f8cb1f25679399e25185d9cb51"
 		score = 70
@@ -310727,8 +311175,8 @@ rule SIGNATURE_BASE_Sig_238_Hunt
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1515-L1534"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1515-L1534"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f9f059380d95c7f8d26152b1cb361d93492077ca"
 		logic_hash = "66d22c4dc2864d61bd485d6840887905f020fce8e19bb976ec09acaa6ed0387c"
 		score = 60
@@ -310757,8 +311205,8 @@ rule SIGNATURE_BASE_Sig_238_Listip
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1536-L1554"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1536-L1554"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f32a0c5bf787c10eb494eb3b83d0c7a035e7172b"
 		logic_hash = "db5cc21e8c76fdd10953ba0f06c4a1ad319ee522d9def7777dad66612b51edfc"
 		score = 60
@@ -310786,8 +311234,8 @@ rule SIGNATURE_BASE_Arttrayhookdll
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1556-L1570"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1556-L1570"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4867214a3d96095d14aa8575f0adbb81a9381e6c"
 		logic_hash = "e43cefdb11df870f4732e74782ecefb94c0a4850c4aa994e4fbc940f523d2434"
 		score = 60
@@ -310811,8 +311259,8 @@ rule SIGNATURE_BASE_Sig_238_Eee
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1572-L1591"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1572-L1591"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "236916ce2980c359ff1d5001af6dacb99227d9cb"
 		logic_hash = "b12c11f46125a33a2d7d9d02f25762c07b9d5088f70887c000b29e82a7921399"
 		score = 60
@@ -310841,8 +311289,8 @@ rule SIGNATURE_BASE_Aspbackdoor_Asp4
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1593-L1613"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1593-L1613"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "faf991664fd82a8755feb65334e5130f791baa8c"
 		logic_hash = "dab19a2b92bbfe17cb860981d7bd5c3f3dd1a9e7c2ac5093fc4117f9205c1c27"
 		score = 60
@@ -310872,8 +311320,8 @@ rule SIGNATURE_BASE_Aspfile1
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1615-L1633"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1615-L1633"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "77b1e3a6e8f67bd6d16b7ace73dca383725ac0af"
 		logic_hash = "4968e44f807f8ffface65e21fd8684ccfaee281b4da10f5110482c3f26ccac26"
 		score = 60
@@ -310901,8 +311349,8 @@ rule SIGNATURE_BASE_Editserver
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1635-L1657"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1635-L1657"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "87b29c9121cac6ae780237f7e04ee3bc1a9777d3"
 		logic_hash = "6a8f6fcf8f4a0ea5ac114150d7becbd716be0bb40cd45fd5c76a4a8a328e5e40"
 		score = 60
@@ -310933,8 +311381,8 @@ rule SIGNATURE_BASE_Sig_238_Letmein
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1659-L1675"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1659-L1675"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "74d223a56f97b223a640e4139bb9b94d8faa895d"
 		logic_hash = "6cf454d11bc806b3a30c52b730994adb8d92613c92849162717f415e5681e417"
 		score = 60
@@ -310960,8 +311408,8 @@ rule SIGNATURE_BASE_Sig_238_Token
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1677-L1694"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1677-L1694"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c52bc6543d4281aa75a3e6e2da33cfb4b7c34b14"
 		logic_hash = "88d7086a48c6a2e3801db75565184b087e663e80e2364765072fc37a5549b8b5"
 		score = 60
@@ -310988,8 +311436,8 @@ rule SIGNATURE_BASE_Sig_238_TELNET
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1696-L1712"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1696-L1712"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "50d02d77dc6cc4dc2674f90762a2622e861d79b1"
 		logic_hash = "4e90d95b7c94933ed5c50f060840291540fc99de0173298b97d2c6ccbf75d26a"
 		score = 60
@@ -311015,8 +311463,8 @@ rule SIGNATURE_BASE_Snifferport
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1714-L1731"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1714-L1731"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d14133b5eaced9b7039048d0767c544419473144"
 		logic_hash = "361f1a55ed4bd5a7a5d01d346c4efd1b83e701363484282235b5aab18d3abe1a"
 		score = 60
@@ -311043,8 +311491,8 @@ rule SIGNATURE_BASE_Sig_238_Webget
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1733-L1749"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1733-L1749"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "36b5a5dee093aa846f906bbecf872a4e66989e42"
 		logic_hash = "958c465caddf6436b29042f1f1772e039d011d23ff13d91818a9d7ad21a2c750"
 		score = 60
@@ -311070,8 +311518,8 @@ rule SIGNATURE_BASE_Xyzcmd_Zip_Folder_Xyzcmd
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1751-L1767"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1751-L1767"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bbea5a94950b0e8aab4a12ad80e09b630dd98115"
 		logic_hash = "ad0e8f964c7be376236b50ea370de3e433fa9e7b043663d8f32fad06997056ea"
 		score = 60
@@ -311097,8 +311545,8 @@ rule SIGNATURE_BASE_Aspack_Chinese
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1769-L1786"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1769-L1786"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "02a9394bc2ec385876c4b4f61d72471ac8251a8e"
 		logic_hash = "98b3af76986cd41190612a2fdfbd9ba48f102456897f4acaedd89a40ab5a582a"
 		score = 60
@@ -311125,8 +311573,8 @@ rule SIGNATURE_BASE_Aspbackdoor_EDIR
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1788-L1805"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1788-L1805"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "03367ad891b1580cfc864e8a03850368cbf3e0bb"
 		logic_hash = "be7d956333107a57a0fd86c69fc9eabcd3d9daf3f66385c44ba246fc2000dc4d"
 		score = 60
@@ -311153,8 +311601,8 @@ rule SIGNATURE_BASE_Bypassfirewall_Zip_Folder_Ie
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1807-L1823"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1807-L1823"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d1b9058f16399e182c9b78314ad18b975d882131"
 		logic_hash = "844e260870f075b0afae0667691e61ab8f138a29871f9a18d1f2b623f9bb9e2a"
 		score = 60
@@ -311180,8 +311628,8 @@ rule SIGNATURE_BASE_Editkeylogreadme
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1825-L1843"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1825-L1843"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "dfa90540b0e58346f4b6ea12e30c1404e15fbe5a"
 		logic_hash = "a58a2336e7d714a2e7f60eec8dacbee9a7190552dd791d8b6eba084ffaf0904a"
 		score = 60
@@ -311209,8 +311657,8 @@ rule SIGNATURE_BASE_Passsniffer_Zip_Folder_Readme
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1845-L1860"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1845-L1860"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a52545ae62ddb0ea52905cbb61d895a51bfe9bcd"
 		logic_hash = "d9e6cd2ba7e98481664b0560184a07349bb471dd370c4b73ef5f5f05a8e89946"
 		score = 60
@@ -311235,8 +311683,8 @@ rule SIGNATURE_BASE_Sig_238_Gina
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1862-L1877"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1862-L1877"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "324acc52566baf4afdb0f3e4aaf76e42899e0cf6"
 		logic_hash = "f0ece7406a31f5a4212da5c4144233c5c45b8120d09267fdf7e291d6c9827384"
 		score = 60
@@ -311261,8 +311709,8 @@ rule SIGNATURE_BASE_Splitjoin
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1879-L1895"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1879-L1895"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e4a9ef5d417038c4c76b72b5a636769a98bd2f8c"
 		logic_hash = "dede4518ed9be28e89bc67dab4e68503383c16746f088f37a4c8069e256183ca"
 		score = 60
@@ -311288,8 +311736,8 @@ rule SIGNATURE_BASE_Editkeylog
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1897-L1913"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1897-L1913"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a450c31f13c23426b24624f53873e4fc3777dc6b"
 		logic_hash = "0efb173598117857c5bf7894f017d655653e843dd0a44439d1b10b7e5c59b248"
 		score = 60
@@ -311315,8 +311763,8 @@ rule SIGNATURE_BASE_Passsniffer
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1915-L1933"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1915-L1933"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "dcce4c577728e8edf7ed38ac6ef6a1e68afb2c9f"
 		logic_hash = "771b45473c48618c43c6be84dd37b2ccb23643f1674d437763cb78ce560067c0"
 		score = 60
@@ -311344,8 +311792,8 @@ rule SIGNATURE_BASE_Aspfile2
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1935-L1951"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1935-L1951"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "14efbc6cb01b809ad75a535d32b9da4df517ff29"
 		logic_hash = "0fd52e646751b14840f30100382c5171fd001c05110dccb4ac87be9b2c4b6131"
 		score = 60
@@ -311371,8 +311819,8 @@ rule SIGNATURE_BASE_Unpack_Rar_Folder_Injectt
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1953-L1976"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1953-L1976"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "80f39e77d4a34ecc6621ae0f4d5be7563ab27ea6"
 		logic_hash = "f9d682a9438f49cf8292c33e680537d8c2137b8cba2670430b92d0a620de85b9"
 		score = 60
@@ -311404,8 +311852,8 @@ rule SIGNATURE_BASE_Jc_Wineggdrop_Shell
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1978-L1997"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1978-L1997"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "820674b59f32f2cf72df50ba4411d7132d863ad2"
 		logic_hash = "af43980b4052cef56884e9d6bdbb12919f1a86420a3f189e30fba624ab37a420"
 		score = 60
@@ -311434,8 +311882,8 @@ rule SIGNATURE_BASE_Aspbackdoor_Asp1
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L1999-L2017"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L1999-L2017"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9ef9f34392a673c64525fcd56449a9fb1d1f3c50"
 		logic_hash = "7ce1911d7524e9961f907f863b3966817bcad7a571c933dac6a76e1d8a1eeaf8"
 		score = 60
@@ -311463,8 +311911,8 @@ rule SIGNATURE_BASE_QQ_Zip_Folder_QQ
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2019-L2039"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2019-L2039"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9f8e3f40f1ac8c1fa15a6621b49413d815f46cfb"
 		logic_hash = "d2517c3646b9a3babfa767c5c57b4b576fda471c190ab66e1054c4de359713ad"
 		score = 60
@@ -311494,8 +311942,8 @@ rule SIGNATURE_BASE_Unpack_Rar_Folder_Tback
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2041-L2069"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2041-L2069"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "30fc9b00c093cec54fcbd753f96d0ca9e1b2660f"
 		logic_hash = "89f978742ab952b727a9a8dbab0cd88cfc07440e8c4f974dcfa14ed630083761"
 		score = 60
@@ -311533,8 +311981,8 @@ rule SIGNATURE_BASE_Sig_238_Cmd_2
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2071-L2088"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2071-L2088"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "be4073188879dacc6665b6532b03db9f87cfc2bb"
 		logic_hash = "a794d6b60194a190bd8d549ad00cf90649a52d831fdc7539c68a1f6312609bc2"
 		score = 60
@@ -311561,8 +312009,8 @@ rule SIGNATURE_BASE_Rangescan
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2090-L2107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2090-L2107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bace2c65ea67ac4725cb24aa9aee7c2bec6465d7"
 		logic_hash = "f334a59c2d95505807df642a8d5605b1b7d8b3385a552e8f5a37f344d7a75412"
 		score = 60
@@ -311589,8 +312037,8 @@ rule SIGNATURE_BASE_Xyzcmd_Zip_Folder_Readme
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2109-L2123"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2109-L2123"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "967cb87090acd000d22e337b8ce4d9bdb7c17f70"
 		logic_hash = "38d69eee78ff8fa2ad064871481bd1b8a926146922952c7e199d27c809d0c980"
 		score = 60
@@ -311614,8 +312062,8 @@ rule SIGNATURE_BASE_Bypassfirewall_Zip_Folder_Inject
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2125-L2140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2125-L2140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "34f564301da528ce2b3e5907fd4b1acb7cb70728"
 		logic_hash = "6350e11097bc2bb8fb0fbecf6be463aeaf39ad4169d2dd06a57577bf02b515f8"
 		score = 60
@@ -311640,8 +312088,8 @@ rule SIGNATURE_BASE_Sig_238_Sqlcmd
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2142-L2161"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2142-L2161"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b6e356ce6ca5b3c932fa6028d206b1085a2e1a9a"
 		logic_hash = "1e41c38da7552d6a25c918547a39ed07ec38a537fd04e2090d1199c4fb0e3b1e"
 		score = 40
@@ -311670,8 +312118,8 @@ rule SIGNATURE_BASE_Aspack_ASPACK
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2163-L2178"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2163-L2178"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c589e6fd48cfca99d6335e720f516e163f6f3f42"
 		logic_hash = "1c7abc0a126ee8c8b20e55ad85974067f1a230efc5f95a1a1e732025e39d5bab"
 		score = 60
@@ -311696,8 +312144,8 @@ rule SIGNATURE_BASE_Sig_238_2323
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2180-L2198"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2180-L2198"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "21812186a9e92ee7ddc6e91e4ec42991f0143763"
 		logic_hash = "1278c53f64a0ba7f3f6a728237eac6808b260ad36551923276bfba9b36586870"
 		score = 60
@@ -311725,8 +312173,8 @@ rule SIGNATURE_BASE_Jc_ALL_Wineggdropshell_Rar_Folder_Install_2
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2200-L2218"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2200-L2218"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "95866e917f699ee74d4735300568640ea1a05afd"
 		logic_hash = "9c12e8491918a656e37b4ee6c3a42ec970cb6cf101ca5fe3fdfe9eab16526219"
 		score = 60
@@ -311754,8 +312202,8 @@ rule SIGNATURE_BASE_Sig_238_TFTPD32
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2220-L2241"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2220-L2241"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5c5f8c1a2fa8c26f015e37db7505f7c9e0431fe8"
 		logic_hash = "cbf239330f8f1fd8be3ef3c93571c723447ca3b814fb7c1eff5ea4b2e7f5364f"
 		score = 60
@@ -311786,8 +312234,8 @@ rule SIGNATURE_BASE_Sig_238_Iecv
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2243-L2260"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2243-L2260"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6e6e75350a33f799039e7a024722cde463328b6d"
 		logic_hash = "e2985d85030d88cb63eb8b80673812f85aea6e11c6aeb430387cdb8886958b6a"
 		score = 60
@@ -311814,8 +312262,8 @@ rule SIGNATURE_BASE_Antiy_Ports_1_21
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2262-L2277"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2262-L2277"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ebf4bcc7b6b1c42df6048d198cbe7e11cb4ae3f0"
 		logic_hash = "fb175c413faf0ca33cf166029b217aac31126d6cabc81883c16b2de2ab00c16c"
 		score = 60
@@ -311840,8 +312288,8 @@ rule SIGNATURE_BASE_Perlcmd_Zip_Folder_Cmd
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2279-L2299"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2279-L2299"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "21b5dc36e72be5aca5969e221abfbbdd54053dd8"
 		logic_hash = "4391207d66b7ed5ac2db127d3efcf22f8c2bbd0ee1f0c6982d656b91e5e10c8f"
 		score = 60
@@ -311871,8 +312319,8 @@ rule SIGNATURE_BASE_Aspbackdoor_Asp3
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2301-L2321"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2301-L2321"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e5588665ca6d52259f7d9d0f13de6640c4e6439c"
 		logic_hash = "c62ae1d32e93a8614a8288ce2df8e26806ab67b3b133067182f0396f0f080b78"
 		score = 60
@@ -311902,8 +312350,8 @@ rule SIGNATURE_BASE_Sig_238_Fpipe
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2323-L2341"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2323-L2341"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "41d57d356098ff55fe0e1f0bcaa9317df5a2a45c"
 		logic_hash = "ecf143c231aeb37cf9575c3ea8db83c9a049e85a7c95668deeac0878f9c30b9c"
 		score = 60
@@ -311931,8 +312379,8 @@ rule SIGNATURE_BASE_Sig_238_Concon
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2343-L2356"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2343-L2356"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "816b69eae66ba2dfe08a37fff077e79d02b95cc1"
 		logic_hash = "c45955cc59970657f8787ddc0e549939d2fa30d11cfd19fd12cd9067abb3bcd6"
 		score = 60
@@ -311955,8 +312403,8 @@ rule SIGNATURE_BASE_Aspbackdoor_Regdll
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2358-L2374"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2358-L2374"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5c5e16a00bcb1437bfe519b707e0f5c5f63a488d"
 		logic_hash = "89606ccf4341ba9451fd1bfbc818bbcd55d45d50e06f09b9f1ecd8efb3c322af"
 		score = 60
@@ -311982,8 +312430,8 @@ rule SIGNATURE_BASE_Cleaniislog
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2376-L2397"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2376-L2397"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "827cd898bfe8aa7e9aaefbe949d26298f9e24094"
 		logic_hash = "77a26e57b36f73d4d2730bc3a4d8485718119e2ccc80b40de3515ec688616eb9"
 		score = 60
@@ -312014,8 +312462,8 @@ rule SIGNATURE_BASE_Sqlcheck
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2399-L2416"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2399-L2416"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5a5778ac200078b627db84fdc35bf5bcee232dc7"
 		logic_hash = "e9c1d7cabe7236e059f4bfec917ca00c47a3db955746ebfcda0f5e733de359c7"
 		score = 60
@@ -312042,8 +312490,8 @@ rule SIGNATURE_BASE_Sig_238_Runasex
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2418-L2436"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2418-L2436"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a22fa4e38d4bf82041d67b4ac5a6c655b2e98d35"
 		logic_hash = "dac03251539028da02c9f26f20ca751ee577c125fb4f287c61ac2ea6afb1bb28"
 		score = 60
@@ -312071,8 +312519,8 @@ rule SIGNATURE_BASE_Sig_238_Nbtdump
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2438-L2457"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2438-L2457"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cfe82aad5fc4d79cf3f551b9b12eaf9889ebafd8"
 		logic_hash = "fd17851820b5036b4cc1ebb6f927bb62c898027a17b5376e9420cbfa6a166ef2"
 		score = 60
@@ -312101,8 +312549,8 @@ rule SIGNATURE_BASE_Sig_238_Glass2K
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2459-L2476"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2459-L2476"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b05455a1ecc6bc7fc8ddef312a670f2013704f1a"
 		logic_hash = "d9b6b904028d67804d095f85caea5796f528f866191d3b4250055a75511f2090"
 		score = 60
@@ -312129,8 +312577,8 @@ rule SIGNATURE_BASE_Splitjoin_V1_3_3_Rar_Folder_3
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2478-L2493"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2478-L2493"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "21409117b536664a913dcd159d6f4d8758f43435"
 		logic_hash = "79eb49413cd6919e4b91e916d2612e007fd2c4da7244d9e1e3dd04d46c461d8c"
 		score = 60
@@ -312155,8 +312603,8 @@ rule SIGNATURE_BASE_Aspbackdoor_EDIT
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2495-L2514"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2495-L2514"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "12196cf62931cde7b6cb979c07bb5cc6a7535cbb"
 		logic_hash = "0f97c831eb9f257a2a6c9a677dde2ce17d529584fb7085bc94edd83d886e469f"
 		score = 60
@@ -312185,8 +312633,8 @@ rule SIGNATURE_BASE_Aspbackdoor_Entice
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2516-L2533"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2516-L2533"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e273a1b9ef4a00ae4a5d435c3c9c99ee887cb183"
 		logic_hash = "c11313351565d26d9b16a2d5c3c4589676593fe633c441a1c1a33b3c134a2d56"
 		score = 60
@@ -312213,8 +312661,8 @@ rule SIGNATURE_BASE_Fpipe2_0
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2535-L2553"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2535-L2553"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "891609db7a6787575641154e7aab7757e74d837b"
 		logic_hash = "b28566315ddda7765dfee722f5ad02c1206c6916363d86407fdc61b53148f511"
 		score = 60
@@ -312242,8 +312690,8 @@ rule SIGNATURE_BASE_Instgina
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2555-L2570"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2555-L2570"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5317fbc39508708534246ef4241e78da41a4f31c"
 		logic_hash = "a55a13ced122b9901f0505d585e7a7c984d4231b3507282c1b15ff400ce51265"
 		score = 60
@@ -312268,8 +312716,8 @@ rule SIGNATURE_BASE_Arttray_Zip_Folder_Arttray
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2572-L2588"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2572-L2588"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ee1edc8c4458c71573b5f555d32043cbc600a120"
 		logic_hash = "225be71bfd047331399162941edf06c72d2fd1afa04c78cbc51099665f50883b"
 		score = 60
@@ -312295,8 +312743,8 @@ rule SIGNATURE_BASE_Sig_238_Findoor
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2590-L2607"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2590-L2607"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cdb1ececceade0ecdd4479ecf55b0cc1cf11cdce"
 		logic_hash = "223f324ab6b61775d500dc248b9db8363ce915ec279a893a6f0ec92b273a27c0"
 		score = 60
@@ -312323,8 +312771,8 @@ rule SIGNATURE_BASE_Aspbackdoor_Ipclear
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2609-L2626"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2609-L2626"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9f8fdfde4b729516330eaeb9141fb2a7ff7d0098"
 		logic_hash = "49fbe844a99aa8cae25db90e1d8cdeee13c81293bba7b3201afc4748cb0a6a7c"
 		score = 60
@@ -312351,8 +312799,8 @@ rule SIGNATURE_BASE_Wineggdropshellfinal_Zip_Folder_Injectt
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2628-L2645"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2628-L2645"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "516e80e4a25660954de8c12313e2d7642bdb79dd"
 		logic_hash = "01840f4df12fbf6f5f27a3050c841002678605cd373e9ea9b182b2026caa29f9"
 		score = 60
@@ -312379,8 +312827,8 @@ rule SIGNATURE_BASE_Gina_Zip_Folder_Gina
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2647-L2667"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2647-L2667"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e0429e1b59989cbab6646ba905ac312710f5ed30"
 		logic_hash = "1344634346f9e7e3ef96c901705ac7bd4aa9a70cfbebf71c8222544e84ca9f98"
 		score = 60
@@ -312410,8 +312858,8 @@ rule SIGNATURE_BASE_Superscan3_0
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2669-L2690"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2669-L2690"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a9a02a14ea4e78af30b8b4a7e1c6ed500a36bc4d"
 		logic_hash = "448d3af61062c53c5b148e58697537bd98316e6c6d4d9ed9e0ff36cbd5a0b4f5"
 		score = 60
@@ -312442,8 +312890,8 @@ rule SIGNATURE_BASE_Sig_238_Xsniff
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2692-L2713"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2692-L2713"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d61d7329ac74f66245a92c4505a327c85875c577"
 		logic_hash = "90c08db197a00885ffc62967bd814479a438f500316cf65e81fcec617517dd9c"
 		score = 60
@@ -312474,8 +312922,8 @@ rule SIGNATURE_BASE_Sig_238_Fscan
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2715-L2736"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2715-L2736"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d5646e86b5257f9c83ea23eca3d86de336224e55"
 		logic_hash = "0af558345e8c85021fd4f8d399dacb3b6e8d9c692060c31a36e943fc48bfabff"
 		score = 60
@@ -312506,8 +312954,8 @@ rule SIGNATURE_BASE__Iissample_Nesscan_Twwwscan
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2738-L2764"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2738-L2764"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6088dd060507f4efa2f4c1770dc746100966e8a7475859918488d7be6c96bc31"
 		score = 60
 		quality = 85
@@ -312543,8 +312991,8 @@ rule SIGNATURE_BASE__Fshttp_Fspop_Fssniffer
 		date = "2014-11-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2766-L2792"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2766-L2792"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "50c91f1036ae467de51227b6782978c33607f94724d2e1b0af7c958028a84b48"
 		score = 60
 		quality = 85
@@ -312580,8 +313028,8 @@ rule SIGNATURE_BASE_Ammyy_Admin_AA_V3
 		date = "2014-12-22"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/gkAg2E"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2794-L2818"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2794-L2818"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6ab1de9f3b58cdb2c03f2d72986772333f8b81c98e6cbfd941f20b2fed1c5ff2"
 		score = 55
 		quality = 85
@@ -312613,8 +313061,8 @@ rule SIGNATURE_BASE_Linuxhacktool_Eyes_Scanssh
 		date = "2015-01-19"
 		modified = "2025-04-14"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2822-L2847"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2822-L2847"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "467398a6994e2c1a66a3d39859cde41f090623ad"
 		logic_hash = "cb20c28f1767ce23f60c377943d8a129fa069b1a1407bbaf43370f0ff79ade30"
 		score = 75
@@ -312649,8 +313097,8 @@ rule SIGNATURE_BASE_Linuxhacktool_Eyes_Pscan2
 		date = "2015-01-19"
 		modified = "2025-04-14"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2849-L2867"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2849-L2867"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "56b476cba702a4423a2d805a412cae8ef4330905"
 		logic_hash = "3686ccbd53a6dcedf9b10d131a1fc76b51b265328ad10f63671b64d4bf57a0b6"
 		score = 75
@@ -312678,8 +313126,8 @@ rule SIGNATURE_BASE_Linuxhacktool_Eyes_A
 		date = "2015-01-19"
 		modified = "2025-04-14"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2869-L2887"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2869-L2887"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "458ada1e37b90569b0b36afebba5ade337ea8695"
 		logic_hash = "a246eb907fd6525c96c911acde6b513fca68248ef8d4f8fa64039791942950ab"
 		score = 75
@@ -312707,8 +313155,8 @@ rule SIGNATURE_BASE_Linuxhacktool_Eyes_Mass
 		date = "2015-01-19"
 		modified = "2025-04-14"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2889-L2906"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2889-L2906"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2054cb427daaca9e267b252307dad03830475f15"
 		logic_hash = "5bf17d1a8ae78681d2c3cba8511019ddf85e6d7a242900b56848521eef40ffc6"
 		score = 75
@@ -312735,8 +313183,8 @@ rule SIGNATURE_BASE_Linuxhacktool_Eyes_Pscan2_2
 		date = "2015-01-19"
 		modified = "2025-04-14"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2908-L2925"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2908-L2925"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "eb024dfb441471af7520215807c34d105efa5fd8"
 		logic_hash = "981514cf0887a1a7cb55fe9ed9dadd48adbf0f033e527b357e90e052a4c2d251"
 		score = 75
@@ -312763,8 +313211,8 @@ rule SIGNATURE_BASE_CN_Portscan : APT FILE
 		date = "2013-11-29"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2927-L2941"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2927-L2941"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e1b745bd321527cee3eb203847d00c9eda4a7b1e498cb8f0ad6b588f87221759"
 		score = 70
 		quality = 85
@@ -312787,8 +313235,8 @@ rule SIGNATURE_BASE_WMI_Vbs : APT
 		date = "2013-11-29"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2943-L2957"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2943-L2957"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "94163981c1a80838d1bea1b21f713f1d8fbdac8704319d1a145f0b4f6d8ff3f6"
 		score = 70
 		quality = 85
@@ -312811,8 +313259,8 @@ rule SIGNATURE_BASE_CN_Toolset__Xscanlib_Xscanlib_Xscanlib
 		date = "2015-03-30"
 		modified = "2025-04-14"
 		reference = "http://qiannao.com/ls/905300366/33834c0c/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2959-L2980"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2959-L2980"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f7f66f1f3ca05e60ac850fbb94c471f664d2dc8a60c09b18686c9f2937296697"
 		score = 70
 		quality = 85
@@ -312842,8 +313290,8 @@ rule SIGNATURE_BASE_CN_Toolset_Ntscan_Pipecmd
 		date = "2015-03-30"
 		modified = "2025-04-14"
 		reference = "http://qiannao.com/ls/905300366/33834c0c/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L2982-L3006"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L2982-L3006"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a931d65de66e1468fe2362f7f2e0ee546f225c4e"
 		logic_hash = "2dab5a4de2abeff5659aa90fbc82bef359937ca9e45e8805b509baeb16943531"
 		score = 70
@@ -312876,8 +313324,8 @@ rule SIGNATURE_BASE_CN_Toolset_Lscanportss_2
 		date = "2015-03-30"
 		modified = "2025-04-14"
 		reference = "http://qiannao.com/ls/905300366/33834c0c/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3008-L3028"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3008-L3028"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4631ec57756466072d83d49fbc14105e230631a0"
 		logic_hash = "aeecdbef3fe6d66a209df10b44046783e53ef12f67c6877309cb219db4354733"
 		score = 70
@@ -312906,8 +313354,8 @@ rule SIGNATURE_BASE_CN_Toolset_Sig_1433_135_Sqlr
 		date = "2015-03-30"
 		modified = "2025-04-14"
 		reference = "http://qiannao.com/ls/905300366/33834c0c/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3030-L3047"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3030-L3047"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8542c7fb8291b02db54d2dc58cd608e612bfdc57"
 		logic_hash = "14c9d104cfb71a2d3545bfb6274e3a282d4597f38057187d76adaf26fe2718fa"
 		score = 70
@@ -312924,6 +313372,30 @@ rule SIGNATURE_BASE_CN_Toolset_Sig_1433_135_Sqlr
 	condition:
 		all of them
 }
+rule SIGNATURE_BASE_Darkcomet_Keylogger_File : FILE
+{
+	meta:
+		description = "Looks like a keylogger file created by DarkComet Malware"
+		author = "Florian Roth (Nextron Systems)"
+		id = "65058450-3ae3-5b85-bcc5-8bc1fab14614"
+		date = "2014-07-25"
+		modified = "2025-04-14"
+		reference = "https://github.com/Neo23x0/signature-base"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3049-L3063"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
+		logic_hash = "28f2eb8f5082559f9de4e72243f4bf8a0be21a9a4c5e16c443d036733584ea97"
+		score = 50
+		quality = 35
+		tags = "FILE"
+		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
+
+	strings:
+		$entry = /\n:: [A-Z]/
+		$timestamp = /\([0-9]?[0-9]:[0-9][0-9]:[0-9][0-9] [AP]M\)/
+
+	condition:
+		uint16( 0 ) == 0x3A3A and #entry > 10 and #timestamp > 10
+}
 rule SIGNATURE_BASE_Vssown_VBS
 {
 	meta:
@@ -312933,8 +313405,8 @@ rule SIGNATURE_BASE_Vssown_VBS
 		date = "2015-10-01"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3065-L3082"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3065-L3082"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f49e9d7a07d591330e16fc539bd98d019b47dd8579d0f1ad92fa987790e64189"
 		score = 75
 		quality = 85
@@ -312961,8 +313433,8 @@ rule SIGNATURE_BASE_Netview_Hacktool : FILE
 		date = "2016-03-07"
 		modified = "2025-04-14"
 		reference = "https://github.com/mubix/netview"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3084-L3107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3084-L3107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "52cec98839c3b7d9608c865cfebc904b4feae0bada058c2e8cdbd561cfa1420a"
 		logic_hash = "dc27d2358937d736823891c9d5c3f41f83a6f4e72d35fae0983435effda2141a"
 		score = 60
@@ -312994,8 +313466,8 @@ rule SIGNATURE_BASE_Netview_Hacktool_Output
 		date = "2016-03-07"
 		modified = "2025-04-14"
 		reference = "https://github.com/mubix/netview"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3109-L3124"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3109-L3124"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "38a51e583b1485bdb29400cb9d0a73ec4d5387675779f949572d2b4d74da4230"
 		score = 60
 		quality = 85
@@ -313019,8 +313491,8 @@ rule SIGNATURE_BASE_Psattack_EXE : FILE
 		date = "2016-03-09"
 		modified = "2023-01-06"
 		reference = "https://github.com/gdssecurity/PSAttack/releases/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3135-L3155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3135-L3155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ad05d75640c850ee7eeee26422ba4f157be10a4e2d6dc6eaa19497d64cf23715"
 		logic_hash = "b73566eb6370fbe68f0477d1179e5d6c19fb9be2c29f63d560c42adcdf19fe58"
 		score = 100
@@ -313047,8 +313519,8 @@ rule SIGNATURE_BASE_Powershell_Attack_Scripts
 		date = "2016-03-09"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3157-L3172"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3157-L3172"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "42a52de089ee00e229499fea23b8acd0b7c881a9c578671aea180c0c018a54e0"
 		score = 70
 		quality = 85
@@ -313073,8 +313545,8 @@ rule SIGNATURE_BASE_Psattack_ZIP : FILE
 		date = "2016-03-09"
 		modified = "2025-04-14"
 		reference = "https://github.com/gdssecurity/PSAttack/releases/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3174-L3188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3174-L3188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3864f0d44f90404be0c571ceb6f95bbea6c527bbfb2ec4a2b4f7d92e982e15a2"
 		logic_hash = "4c869e8663b8c87780d4be622f86b3887511e1ac3cfc67767f1c986af7d43767"
 		score = 100
@@ -313097,8 +313569,8 @@ rule SIGNATURE_BASE_Linux_Portscan_Shark_1 : FILE
 		date = "2016-04-01"
 		modified = "2025-04-14"
 		reference = "Virustotal Research - see https://github.com/Neo23x0/Loki/issues/35"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3199-L3216"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3199-L3216"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e807ed6c83c8d908bfe29c65abd7b877b65655cc64cd1497fc124a2fd88cd1e9"
 		score = 75
 		quality = 85
@@ -313125,8 +313597,8 @@ rule SIGNATURE_BASE_Linux_Portscan_Shark_2
 		date = "2016-04-01"
 		modified = "2025-04-14"
 		reference = "Virustotal Research - see https://github.com/Neo23x0/Loki/issues/35"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3218-L3235"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3218-L3235"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "45efbbe01c45065efc07e9c75b6a7cdcae469861f84df4a1e1381fe864f7ddc0"
 		score = 75
 		quality = 85
@@ -313153,8 +313625,8 @@ rule SIGNATURE_BASE_Dnscat2_Hacktool : FILE
 		date = "2016-05-15"
 		modified = "2025-04-14"
 		reference = "https://downloads.skullsecurity.org/dnscat2/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3244-L3263"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3244-L3263"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c163a62b607323e08ca083a7091585550c830827728a8a60e25af8db6550ed1c"
 		score = 75
 		quality = 85
@@ -313183,8 +313655,8 @@ rule SIGNATURE_BASE_WCE_In_Memory
 		date = "2016-08-28"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3265-L3279"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3265-L3279"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "74ab7772db5b1de8a4eae03370e2be3cd35004730f84d472677688109a1d6d88"
 		score = 80
 		quality = 85
@@ -313207,8 +313679,8 @@ rule SIGNATURE_BASE_Pstgdump : FILE
 		date = "2016-09-08"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3281-L3299"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3281-L3299"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0c4f8697b1b65007acc4fdabd1c6263a428448232f95dbb12d8f737297893157"
 		score = 75
 		quality = 85
@@ -313236,8 +313708,8 @@ rule SIGNATURE_BASE_Lsremora : FILE
 		date = "2016-09-08"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3301-L3323"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3301-L3323"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ac8f6b7284307456749b3386340a2b3deb0718bc68875bc90bccf74a96469a59"
 		score = 75
 		quality = 85
@@ -313268,8 +313740,8 @@ rule SIGNATURE_BASE_Servpw : FILE
 		date = "2016-09-08"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3325-L3344"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3325-L3344"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "150466c23ea7aa20f6e60c592ab6bd2f42e3a48a65a6665b89a9f19fa61aae8f"
 		score = 75
 		quality = 85
@@ -313298,8 +313770,8 @@ rule SIGNATURE_BASE_Fgexec : FILE
 		date = "2016-09-08"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3346-L3362"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3346-L3362"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3672255d7829520aa8ca792519f645b86fe4244a16652a960375f23baa7d32b3"
 		score = 75
 		quality = 85
@@ -313325,8 +313797,8 @@ rule SIGNATURE_BASE_Cachedump : FILE
 		date = "2016-09-08"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3364-L3384"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3364-L3384"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7e4d710ed9dab12114e87fa33abe6db6245c780b31bcd94fbd21e75aaa355ca8"
 		score = 75
 		quality = 85
@@ -313356,8 +313828,8 @@ rule SIGNATURE_BASE_Pwdump_B : FILE
 		date = "2016-09-08"
 		modified = "2025-04-14"
 		reference = "http://goo.gl/igxLyF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3386-L3406"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3386-L3406"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d50ad359b9433439cddda9408d227f35ee8de3280ad24f42c5e6ef1e6a1526bd"
 		score = 75
 		quality = 85
@@ -313386,8 +313858,8 @@ rule SIGNATURE_BASE_Msbuild_Mimikatz_Execution_Via_XML
 		date = "2016-10-07"
 		modified = "2025-04-14"
 		reference = "https://gist.github.com/subTee/c98f7d005683e616560bda3286b6a0d8#file-katz-xml"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3417-L3436"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3417-L3436"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f926a2d5ab987b97c6ed2a89c69eac5549d8b7885bdbf75ce40e05e6ce6cfa7a"
 		score = 75
 		quality = 85
@@ -313415,8 +313887,8 @@ rule SIGNATURE_BASE_Fscan_Portscanner : FILE
 		date = "2017-01-06"
 		modified = "2025-04-14"
 		reference = "https://twitter.com/JamesHabben/status/817112447970480128"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3447-L3461"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3447-L3461"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "35770f040da0b14fe4492a44383e332c9912bd89943838627491196ce8f0ec37"
 		score = 75
 		quality = 85
@@ -313440,8 +313912,8 @@ rule SIGNATURE_BASE_WPR_Loader_EXE : FILE
 		date = "2017-03-15"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3473-L3493"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3473-L3493"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "26af6fe1b3dfe8e3a48c03a9f6f2033fbc909a677d35159e28b7e9b867ea5542"
 		score = 75
 		quality = 85
@@ -313471,8 +313943,8 @@ rule SIGNATURE_BASE_WPR_Loader_DLL : FILE
 		date = "2017-03-15"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3495-L3528"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3495-L3528"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "015334828007e954d1e910e6377b37bade99df2ce86152901ec4ded8c71975de"
 		score = 75
 		quality = 85
@@ -313508,8 +313980,8 @@ rule SIGNATURE_BASE_WPR_Passscape_Loader : FILE
 		date = "2017-03-15"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3530-L3548"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3530-L3548"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "79b1a3ed1ea0d9a3ddee0b8557393318a8baf4812110a6ed03a7106b8096b31e"
 		score = 75
 		quality = 85
@@ -313537,8 +314009,8 @@ rule SIGNATURE_BASE_WPR_Asterisk_Hook_Library : FILE
 		date = "2017-03-15"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3550-L3572"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3550-L3572"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6bb75cb8c3ba18a34f4651532060154608c78e6f748148226da4416ad1171124"
 		score = 75
 		quality = 85
@@ -313570,8 +314042,8 @@ rule SIGNATURE_BASE_WPR_Windowspasswordrecovery_EXE : FILE
 		date = "2017-03-15"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3574-L3603"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3574-L3603"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0f2995a8ba1644d384167221560aa0c3f074e8e2cf2b79bbb06537fcaed2df7f"
 		score = 75
 		quality = 85
@@ -313602,8 +314074,8 @@ rule SIGNATURE_BASE_WPR_Windowspasswordrecovery_EXE_64 : FILE
 		date = "2017-03-15"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3605-L3622"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3605-L3622"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6cdd46609d401b7c12b936de7f64bab0bc45b9d2c6079fae45a96f5be6857b82"
 		score = 75
 		quality = 85
@@ -313629,8 +314101,8 @@ rule SIGNATURE_BASE_Beyondexec_Remoteaccess_Tool : FILE
 		date = "2017-03-17"
 		modified = "2025-04-14"
 		reference = "https://goo.gl/BvYurS"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3634-L3652"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3634-L3652"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6f21ddf04ab0d29549c3d07a45afb3e7648a15b0c81f88b8d7ccccc436ba4084"
 		score = 75
 		quality = 85
@@ -313657,8 +314129,8 @@ rule SIGNATURE_BASE_Mimikatz_Gen_Strings : FILE
 		date = "2017-06-19"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3654-L3676"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3654-L3676"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "371e74538a63cfe355ebd31e1ac73cd25e92f3a7ce3f9299e0f3406f2bcb5b01"
 		score = 75
 		quality = 85
@@ -313690,8 +314162,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Lpe : FILE
 		date = "2017-07-07"
 		modified = "2025-04-14"
 		reference = "Disclosed 0day Repos"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3688-L3709"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3688-L3709"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "77d72792d7fcf2c54b36d124448e928f306981296715e583d346ccd101e22fc7"
 		score = 75
 		quality = 85
@@ -313722,8 +314194,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Exploit : FILE
 		date = "2017-07-07"
 		modified = "2025-04-14"
 		reference = "Disclosed 0day Repos"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3711-L3725"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3711-L3725"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "12a7a04fdc621242f42107204996e44b1962b5ac5eef4f9b9cbbe0ad52b85676"
 		score = 75
 		quality = 85
@@ -313747,8 +314219,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Injectdll : FILE
 		date = "2017-07-07"
 		modified = "2022-12-21"
 		reference = "Disclosed 0day Repos"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3727-L3745"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3727-L3745"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b0a9bd4fa2d8a1192258b303cb757c8bbce7f6962a1d895f57add8a1c3887799"
 		score = 75
 		quality = 85
@@ -313775,8 +314247,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Payload_MSI : FILE
 		date = "2017-07-07"
 		modified = "2022-12-21"
 		reference = "Disclosed 0day Repos"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3747-L3763"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3747-L3763"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7dfc8d2bd871ad6acb7d362a946d34ed1830f42ab625c3d3d9cb512f28ccdb57"
 		score = 75
 		quality = 85
@@ -313801,8 +314273,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Injector : FILE
 		date = "2017-07-07"
 		modified = "2025-04-14"
 		reference = "Disclosed 0day Repos"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3765-L3785"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3765-L3785"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "37ed19fe19d3645adcd5fa7d6f6b3572d2821fdb78a6d0c8afdba6ccecfc8528"
 		score = 75
 		quality = 60
@@ -313832,8 +314304,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Lpe_2 : FILE
 		date = "2017-07-07"
 		modified = "2025-04-14"
 		reference = "Disclosed 0day Repos"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3787-L3802"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3787-L3802"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e9ca23e4375674ea189d5e9de015f6a1ae16c30d35378580bdc8f42007b716df"
 		score = 75
 		quality = 85
@@ -313858,8 +314330,8 @@ rule SIGNATURE_BASE_Disclosed_0Day_Pocs_Shellcodegenerator : FILE
 		date = "2017-07-07"
 		modified = "2025-04-14"
 		reference = "Disclosed 0day Repos"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3804-L3817"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3804-L3817"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b267a816871c30e9403805b942be25ed8e28ad2fd946f234f6877a65420754d8"
 		score = 75
 		quality = 85
@@ -313882,8 +314354,8 @@ rule SIGNATURE_BASE_Securityxploded_Producer_String : FILE
 		date = "2017-07-13"
 		modified = "2025-04-14"
 		reference = "http://securityxploded.com/browser-password-dump.php"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3819-L3833"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3819-L3833"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "101e0b8b8aeb8ed4314bc07139dcc2b40600fde82ff786d15a15c10692f9aa4a"
 		score = 60
 		quality = 85
@@ -313906,8 +314378,8 @@ rule SIGNATURE_BASE_Kekeo_Hacktool : FILE
 		date = "2017-07-21"
 		modified = "2025-04-14"
 		reference = "https://github.com/gentilkiwi/kekeo/releases"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3845-L3860"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3845-L3860"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "14283064e7c8fcee9cde206d25b43b02876a7a4d5de9da6dab47d7f5ba54f019"
 		score = 75
 		quality = 85
@@ -313932,8 +314404,8 @@ rule SIGNATURE_BASE_Allthethings : FILE
 		date = "2017-07-27"
 		modified = "2022-12-21"
 		reference = "https://github.com/subTee/AllTheThings"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3873-L3892"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3873-L3892"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0d6b961afb98cfaefe930a7bc246b3f087469b752a8d4abb62b2826418fdfd53"
 		score = 75
 		quality = 85
@@ -313961,8 +314433,8 @@ rule SIGNATURE_BASE_Impacket_Keyword : FILE
 		date = "2017-08-04"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3894-L3911"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3894-L3911"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "92a911dc36f8e74ad49ae09ef4dd997b968a2dde46a7500c98983fafb84a086e"
 		score = 60
 		quality = 85
@@ -313988,8 +314460,8 @@ rule SIGNATURE_BASE_Passwordspro : FILE
 		date = "2017-08-27"
 		modified = "2025-04-14"
 		reference = "PasswordPro"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3924-L3942"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3924-L3942"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "24887c3a7e4997c9a4e5d3317a5684b0eca7ccc0ffb213660dd9b37bb220f514"
 		score = 75
 		quality = 85
@@ -314015,8 +314487,8 @@ rule SIGNATURE_BASE_Passwordpro_NTLM_DLL : FILE
 		date = "2017-08-27"
 		modified = "2025-04-14"
 		reference = "PasswordPro"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3944-L3962"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3944-L3962"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1021fe1a4c7a237d7a7cfcb1db8fa5e6fa640d3dd9f14ed37910a6b847717d36"
 		score = 75
 		quality = 85
@@ -314040,8 +314512,8 @@ rule SIGNATURE_BASE_Keethief_PS : FILE
 		date = "2017-08-29"
 		modified = "2025-04-14"
 		reference = "https://github.com/HarmJ0y/KeeThief"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3974-L3991"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3974-L3991"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8d3d4ff3b854c5efad99e6f20121b16d5f2f0a31a4c8efd87a937f857923a5e1"
 		score = 75
 		quality = 85
@@ -314065,8 +314537,8 @@ rule SIGNATURE_BASE_Keetheft_EXE : FILE
 		date = "2017-08-29"
 		modified = "2025-04-14"
 		reference = "https://github.com/HarmJ0y/KeeThief"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L3993-L4012"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L3993-L4012"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a6019248ad9708b1508fdf77a2ecbe92a7e8aac916fbca88aec117abeb07b9a0"
 		score = 75
 		quality = 85
@@ -314095,8 +314567,8 @@ rule SIGNATURE_BASE_Keetheft_Out_Shellcode : FILE
 		date = "2017-08-29"
 		modified = "2025-04-14"
 		reference = "https://github.com/HarmJ0y/KeeThief"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4014-L4028"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4014-L4028"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2d536edf1a40defc3b3aa7ce8e595c53e7dd3b7f1daea772c13319ee5bf7675e"
 		score = 75
 		quality = 85
@@ -314120,8 +314592,8 @@ rule SIGNATURE_BASE_Sharpire : FILE
 		date = "2017-09-23"
 		modified = "2022-12-21"
 		reference = "https://github.com/0xbadjuju/Sharpire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4038-L4061"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4038-L4061"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1437b4c5229761bcc18d97ea6328866f4b9c763461fa6ecb5c18e6f3961c3114"
 		score = 75
 		quality = 83
@@ -314152,8 +314624,8 @@ rule SIGNATURE_BASE_Invoke_Metasploit : FILE
 		date = "2017-09-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/jaredhaight/Invoke-MetasploitPayload/blob/master/Invoke-MetasploitPayload.ps1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4071-L4086"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4071-L4086"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7ef174008517b101be844e30890626378f49a275bad3f08ce25fb8d6118c77c3"
 		score = 75
 		quality = 85
@@ -314178,8 +314650,8 @@ rule SIGNATURE_BASE_Powershell_Mal_Hacktool_Gen : FILE
 		date = "2017-11-02"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4088-L4104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4088-L4104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "273222cde3ff155cef09c25192dcb4865179e8172e625fe8f43b21a13fe1a170"
 		score = 75
 		quality = 85
@@ -314205,8 +314677,8 @@ rule SIGNATURE_BASE_Sig_Remoteadmin_1 : FILE
 		date = "2017-12-03"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4106-L4120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4106-L4120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "81912bbfc1f6ac3ec7c54fc935b9ed531c97ad509cf2c096a19e638836cd0baf"
 		score = 45
 		quality = 85
@@ -314229,8 +314701,8 @@ rule SIGNATURE_BASE_Remcom_Remotecommandexecution
 		date = "2017-12-28"
 		modified = "2025-04-14"
 		reference = "https://goo.gl/tezXZt"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4122-L4137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4122-L4137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c39a09c8d0c1799febcb4d9eafece43f8b21e7ffc277fdfad6c235eb1a201697"
 		score = 50
 		quality = 85
@@ -314254,8 +314726,8 @@ rule SIGNATURE_BASE_Crackmapexec_EXE : FILE
 		date = "2018-04-06"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4139-L4155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4139-L4155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa05fa41d6aaed45a9b44806a310fdb584874f7eb382e576b36e6d1db87cef88"
 		score = 85
 		quality = 85
@@ -314281,8 +314753,8 @@ rule SIGNATURE_BASE_SUSP_Imphash_Passrevealer_PY_EXE : FILE
 		date = "2018-04-06"
 		modified = "2021-11-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4157-L4175"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4157-L4175"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "684e901eebf47e2bd8b25fd302963c2761376ce4754d74f9e6f1eb3024c89144"
 		score = 40
 		quality = 85
@@ -314306,8 +314778,8 @@ rule SIGNATURE_BASE_MAL_Unknown_Pwdumper_Apr18_3 : FILE
 		date = "2018-04-06"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4177-L4196"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4177-L4196"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bf0dff02bdfa239336b2bc865f2a9aed6d20cafb059caa87a60aa30269dd94b5"
 		score = 75
 		quality = 85
@@ -314337,8 +314809,8 @@ rule SIGNATURE_BASE_Processinjector_Gen : HIGHVOL FILE
 		date = "2018-04-23"
 		modified = "2025-04-14"
 		reference = "https://github.com/cuckoosandbox/monitor/blob/master/bin/inject.c"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4198-L4219"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4198-L4219"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "90d200e79c97911b105e592549bc2c04fb09ce841413c30117d421b45bb9988c"
 		score = 60
 		quality = 85
@@ -314365,8 +314837,8 @@ rule SIGNATURE_BASE_Lazagne_PW_Dumper
 		date = "2018-03-22"
 		modified = "2025-04-14"
 		reference = "https://github.com/AlessandroZ/LaZagne/releases/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4221-L4235"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4221-L4235"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2eac81d5cecdaca7eeaa83be70a688a595f8bbf54679ee565ba325b9e384552b"
 		score = 70
 		quality = 85
@@ -314389,8 +314861,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Tclsh : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4237-L4249"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4237-L4249"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "622805e8067f5158d82783971dcf31e8db05f1d52a38bd1ec3e76ddbbd78032b"
 		score = 65
 		quality = 85
@@ -314412,8 +314884,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Ruby : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4251-L4263"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4251-L4263"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aa076540ef01d04117d3340f4d84c21f79acfc558ed4aa585d801b6a6bc797a2"
 		score = 65
 		quality = 85
@@ -314435,8 +314907,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Awk : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4265-L4278"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4265-L4278"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7d676ffbd1ce083a1b8e34576125fb0805caef4423089cd72a92483467669b78"
 		score = 65
 		quality = 85
@@ -314459,8 +314931,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Netcat_UDP : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4280-L4293"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4280-L4293"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0c85b1275ccf5bbc7f6e0ab0f1fa9d1bce7d56912411f84f9946163191c79576"
 		score = 65
 		quality = 85
@@ -314483,8 +314955,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Socat : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4295-L4308"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4295-L4308"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "48c06096b27be11ae12cc38294acb495b739101cabc04e89eb76e93fb42c52df"
 		score = 65
 		quality = 85
@@ -314507,8 +314979,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Perl : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4310-L4323"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4310-L4323"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8f3c5920acdc080b437c15b93e192a00a5037be0323cc04473e238033b7d53ec"
 		score = 75
 		quality = 85
@@ -314531,8 +315003,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Python : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4325-L4337"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4325-L4337"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e4c35bb739eeabf0de558ee1b97225ed4eb3198e7e6db1817348115b848146c7"
 		score = 75
 		quality = 85
@@ -314554,8 +315026,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_PHP_TCP : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4339-L4352"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4339-L4352"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8ffab71130b4fa6efbe9864f97c33fed9359f79d51b84e8f952c911f24d1496c"
 		score = 75
 		quality = 85
@@ -314578,8 +315050,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Powershell_TCP : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4354-L4367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4354-L4367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8eb484ba87fa2e10af3c59445ccb4be73db2f5ae67c59118a2e188ba02fdc957"
 		score = 75
 		quality = 85
@@ -314602,8 +315074,8 @@ rule SIGNATURE_BASE_SUSP_Powershell_Shellcommand_May18_1 : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4369-L4382"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4369-L4382"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bc858d74b8aad09ff539489e961e1a51ba5fe17d3424615ffe5029587ddb9478"
 		score = 65
 		quality = 85
@@ -314625,8 +315097,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Telnet_TCP : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4384-L4397"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4384-L4397"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e900fb8c0f1fa61f242b97ac542cb1bfd691dd50523e0023e97e3b21617053d7"
 		score = 75
 		quality = 85
@@ -314649,8 +315121,8 @@ rule SIGNATURE_BASE_SUSP_Shellpop_Bash
 		date = "2018-05-18"
 		modified = "2025-04-11"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4399-L4416"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4399-L4416"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a557822eaaad84897acc32935f7545deb17ea3b8c6e34acd0ac5ef9fad08cb1e"
 		score = 70
 		quality = 85
@@ -314674,8 +315146,8 @@ rule SIGNATURE_BASE_HKTL_Shellpop_Netcat : FILE
 		date = "2018-05-18"
 		modified = "2025-04-14"
 		reference = "https://github.com/0x00-0x00/ShellPop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4418-L4433"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4418-L4433"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2c61da27d4bc455a9f2555fcc1c5cce7cead226a5900eeed1aaf622616051b79"
 		score = 75
 		quality = 85
@@ -314700,8 +315172,8 @@ rule SIGNATURE_BASE_HKTL_Berootexe : FILE
 		date = "2018-07-25"
 		modified = "2025-04-14"
 		reference = "https://github.com/AlessandroZ/BeRoot/tree/master/Windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4436-L4452"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4436-L4452"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8e10fddd3b3eb5e5200d9ed0bcb23961d196d9e1de03ebf03a96374ee02a9097"
 		score = 75
 		quality = 85
@@ -314725,8 +315197,8 @@ rule SIGNATURE_BASE_HKTL_Berootexe_Output : FILE
 		date = "2018-07-25"
 		modified = "2025-04-14"
 		reference = "https://github.com/AlessandroZ/BeRoot/tree/master/Windows"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4454-L4468"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4454-L4468"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7886535d071092df76507f0dd431409e85c368d404f49e7f118278f6565618e6"
 		score = 75
 		quality = 85
@@ -314750,8 +315222,8 @@ rule SIGNATURE_BASE_HKTL_Embeddedpdf : FILE
 		date = "2018-07-25"
 		modified = "2025-04-14"
 		reference = "https://twitter.com/infosecn1nja/status/1021399595899731968?s=12"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4470-L4487"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4470-L4487"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "041580406e2a7c644d713d8fbf7fccb81664ff536e62df26b3c0f331409fb993"
 		score = 75
 		quality = 85
@@ -314775,8 +315247,8 @@ rule SIGNATURE_BASE_HTKL_Blackbone_Driverinjector : FILE
 		date = "2018-09-11"
 		modified = "2025-04-14"
 		reference = "https://github.com/DarthTon/Blackbone"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4489-L4515"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4489-L4515"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d6a5f02a465ea46892e1de54a3482aace387ab0d2cdb949e263ce63f4f9edbb7"
 		score = 60
 		quality = 85
@@ -314810,8 +315282,8 @@ rule SIGNATURE_BASE_HKTL_Sqlmap : FILE
 		date = "2018-10-09"
 		modified = "2025-04-14"
 		reference = "https://github.com/sqlmapproject/sqlmap"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4517-L4530"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4517-L4530"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9aa13bc2db40f5ab3debd617c84b1e11805d137bc55e9088bc9a0c23e185dfce"
 		score = 75
 		quality = 85
@@ -314834,8 +315306,8 @@ rule SIGNATURE_BASE_HKTL_Sqlmap_Backdoor : FILE
 		date = "2018-10-09"
 		modified = "2025-04-14"
 		reference = "https://github.com/sqlmapproject/sqlmap"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4532-L4548"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4532-L4548"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5e09135e3908442d873511b7b75c8475b2345a28f3bad41a242d6fc5a3b7c002"
 		score = 75
 		quality = 85
@@ -314853,8 +315325,8 @@ rule SIGNATURE_BASE_HKTL_Lazagne_Passworddumper_Dec18_1 : FILE
 		date = "2018-12-11"
 		modified = "2025-04-14"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/seedworm-espionage-group"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4550-L4570"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4550-L4570"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "887c8e91942076395dc7575d5cbd926e7e0971a759daf719983dd918d9babad3"
 		score = 85
 		quality = 85
@@ -314883,8 +315355,8 @@ rule SIGNATURE_BASE_HKTL_Lazagne_Gen_18
 		date = "2018-12-11"
 		modified = "2025-04-14"
 		reference = "https://creativecommons.org/licenses/by-nc/4.0/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4572-L4589"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4572-L4589"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6f3e895080267a551a3b7a0ba2d4207b31befacbd35d1e6941e1b69d7e2689ce"
 		score = 80
 		quality = 85
@@ -314909,8 +315381,8 @@ rule SIGNATURE_BASE_HKTL_Nopowershell
 		date = "2018-12-28"
 		modified = "2022-12-21"
 		reference = "https://github.com/bitsadmin/nopowershell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4591-L4608"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4591-L4608"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2207af9fcc61d547dfeff347a1eae2c59024a7270d1b8cbb7abef56d80864728"
 		score = 75
 		quality = 85
@@ -314936,8 +315408,8 @@ rule SIGNATURE_BASE_HKTL_Htran_Go : FILE
 		date = "2019-01-09"
 		modified = "2025-04-14"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4609-L4622"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4609-L4622"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "444fe8ce2fdb67c982de26a10882d2cfebc4d2de6c4b4ba6ee10cf39130f1cc5"
 		score = 75
 		quality = 85
@@ -314961,11 +315433,11 @@ rule SIGNATURE_BASE_SUSP_Katz_PDB : FILE
 		date = "2019-02-04"
 		modified = "2025-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4624-L4637"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4624-L4637"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1a38f63d8e8baa9bc8f34c1886fc2aaea7f61d5e09792ba9cde4cf6ed8441fab"
 		score = 65
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		hash1 = "6888ce8116c721e7b2fc3d7d594666784cf38a942808f35e309a48e536d8e305"
 
@@ -314985,8 +315457,8 @@ rule SIGNATURE_BASE_HKTL_LNX_Pnscan : FILE
 		date = "2019-05-27"
 		modified = "2025-04-14"
 		reference = "https://github.com/ptrrkssn/pnscan"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4639-L4652"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4639-L4652"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "46a064f9df9d0a0f3fad4ec7be70b1e42074e5e117f7403d8239bc725590f268"
 		score = 55
 		quality = 85
@@ -315008,8 +315480,8 @@ rule SIGNATURE_BASE_Paexec : FILE
 		date = "2017-03-27"
 		modified = "2025-04-14"
 		reference = "http://researchcenter.paloaltonetworks.com/2017/03/unit42-shamoon-2-delivering-disttrack/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4654-L4674"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4654-L4674"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "30478d90756a9ea362c40236518fe9013e5e5683641b7e7e1ad33aa3b5587e04"
 		score = 40
 		quality = 85
@@ -315038,8 +315510,8 @@ rule SIGNATURE_BASE_HKTL_Domainpasswordspray : FILE
 		date = "2023-01-13"
 		modified = "2025-04-14"
 		reference = "https://github.com/dafthack/DomainPasswordSpray"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4676-L4691"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4676-L4691"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aa20bf139eff36100624771fe7617c214337ae5ab2e2746143bd8e6cc1b05b4e"
 		score = 60
 		quality = 85
@@ -315062,8 +315534,8 @@ rule SIGNATURE_BASE_HKTL_Rusthound : FILE
 		date = "2023-03-30"
 		modified = "2025-04-14"
 		reference = "https://github.com/OPENCYBER-FR/RustHound"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/thor-hacktools.yar#L4693-L4720"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/thor-hacktools.yar#L4693-L4720"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "409f61a34d9771643246f401a9670f6f7dcced9df50cbd89a2e1a5c9ba8d03ab"
 		hash = "b1a58a9c94b1df97a243e6c3fc2d04ffd92bc802edc7d8e738573b394be331a9"
 		hash = "170f4a48911f3ebef674aade05184ea0a6b1f6b089bcffd658e95b9905423365"
@@ -315095,8 +315567,8 @@ rule SIGNATURE_BASE_Mswin_Check_Lm_Group : FILE
 		date = "2015-06-13"
 		modified = "2021-03-15"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L9-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L9-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "115d87d7e7a3d08802a9e5fd6cd08e2ec633c367"
 		logic_hash = "74be6bd9c6e01cc4ec7785b6950c8cf6acf549c06990a9d1734f4a3487a04ba7"
 		score = 70
@@ -315121,8 +315593,8 @@ rule SIGNATURE_BASE_WAF_Bypass : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L30-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L30-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "860a9d7aac2ce3a40ac54a4a0bd442c6b945fa4e"
 		logic_hash = "e66d51b465e5d919555084d299a22f07a949a0a9adf4a3f246f6b5222d39b91a"
 		score = 75
@@ -315150,8 +315622,8 @@ rule SIGNATURE_BASE_Guilin_Veterans_Cookie_Spoofing_Tool : FILE
 		date = "2015-06-13"
 		modified = "2023-01-27"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L50-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L50-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "06b1969bc35b2ee8d66f7ce8a2120d3016a00bb1"
 		logic_hash = "5fd136f44ebce28db4f77f2f8730eb67fc4c2d58921b73378b8d87e1444a4b67"
 		score = 75
@@ -315177,8 +315649,8 @@ rule SIGNATURE_BASE_Marathontool : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L69-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L69-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "084a27cd3404554cc799d0e689f65880e10b59e3"
 		logic_hash = "2d52d640ef44d933791d1da0d1263dba15702180c730500e04d364dd6b4d6081"
 		score = 75
@@ -315203,8 +315675,8 @@ rule SIGNATURE_BASE_PLUGIN_Trackid : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L86-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L86-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a114181b334e850d4b33e9be2794f5bb0eb59a09"
 		logic_hash = "a62112dbf2ef696e4eb7f6787a0e0930c29d9834f46c87493954498fa4b375f6"
 		score = 75
@@ -315232,8 +315704,8 @@ rule SIGNATURE_BASE_Pc_Pc2015 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L106-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L106-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "de4f098611ac9eece91b079050b2d0b23afe0bcb"
 		logic_hash = "34d66d8b9e637c067ec2d9387b7b57458312d75892e33b95eb1095200799cf3b"
 		score = 75
@@ -315258,8 +315730,8 @@ rule SIGNATURE_BASE_Sekurlsa : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L123-L139"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L123-L139"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6acecd18fc7da1c5eb0d04e848aae9ce59d2b1b5"
 		logic_hash = "dea05c7f19a834cc936c452ca2f6f4286e6c3dae002747c27913960199451c3f"
 		score = 75
@@ -315285,8 +315757,8 @@ rule SIGNATURE_BASE_Mysqlfast : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L141-L159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L141-L159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "32b60350390fe7024af7b4b8fbf50f13306c546f"
 		logic_hash = "3ea75954831e705d0d25efa115288e66868d9b814f0990fd048bbe1209a8d933"
 		score = 75
@@ -315314,8 +315786,8 @@ rule SIGNATURE_BASE_Dtools2_02_Dtools : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L161-L179"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L161-L179"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9f99771427120d09ec7afa3b21a1cb9ed720af12"
 		logic_hash = "51e30d39f388546ac233b4b97a38f225c90d2f006bc509dd7eecfb408aef9be5"
 		score = 75
@@ -315343,8 +315815,8 @@ rule SIGNATURE_BASE_Dll_Packetx : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L181-L196"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L181-L196"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3f0908e0a38512d2a4fb05a824aa0f6cf3ba3b71"
 		logic_hash = "161d174376c599b1b794fa1174349ae12b198842d89769baec4b9664729a3983"
 		score = 50
@@ -315368,8 +315840,8 @@ rule SIGNATURE_BASE_Sqldbx_Zhs : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L198-L217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L198-L217"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e34228345498a48d7f529dbdffcd919da2dea414"
 		logic_hash = "b0215d29c58c252c1717f08135eab65794a99ed669c2225bcba690ae7d7a034c"
 		score = 75
@@ -315398,8 +315870,8 @@ rule SIGNATURE_BASE_Ms10048_X86 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L219-L237"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L219-L237"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e57b453966e4827e2effa4e153f2923e7d058702"
 		logic_hash = "50e45cae87f5d1cc4903a16f9283dd751d90cde0c71f3124467b4ff15bd34f1b"
 		score = 75
@@ -315427,8 +315899,8 @@ rule SIGNATURE_BASE_Dos_Ch : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L239-L257"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L239-L257"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "60bbb87b08af840f21536b313a76646e7c1f0ea7"
 		logic_hash = "49ab2c75267c2ed5c15c8fbdc6fa0f8826f6e7a45a2861d6ba4b293ffca6bcd6"
 		score = 75
@@ -315456,8 +315928,8 @@ rule SIGNATURE_BASE_Dubrute_Dubrute : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L259-L275"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L259-L275"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8aaae91791bf782c92b97c6e1b0f78fb2a9f3e65"
 		logic_hash = "1e6d8bd24a37e3f4b7de88989251ae904128ff1bf766d4a4408ff8990c6dfd2f"
 		score = 75
@@ -315483,8 +315955,8 @@ rule SIGNATURE_BASE_Cookietools : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L277-L294"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L277-L294"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b6a3727fe3d214f4fb03aa43fb2bc6fadc42c8be"
 		logic_hash = "7f8c59ef58a92db15d8965e54ed6e26834e268581581af2a0ff98a6f46564e7e"
 		score = 75
@@ -315511,8 +315983,8 @@ rule SIGNATURE_BASE_Update_Pcinit : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L296-L314"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L296-L314"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a6facc4453f8cd81b8c18b3b3004fa4d8e2f5344"
 		logic_hash = "ee4b17dfb0d70464669edab1b7610efa607adb2918306ae6c50130024008a169"
 		score = 75
@@ -315540,8 +316012,8 @@ rule SIGNATURE_BASE_Dat_Nasllib : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L316-L331"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L316-L331"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fb0d4263118faaeed2d68e12fab24c59953e862d"
 		logic_hash = "7d2f3c67fe78028a51ba01c88d7eb62c38fe3c918bb03eee41b6583bc464ad78"
 		score = 75
@@ -315566,8 +316038,8 @@ rule SIGNATURE_BASE_Dos_1 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L333-L347"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L333-L347"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b554f0687a12ec3a137f321cc15e052ff219f28c"
 		logic_hash = "d4cf3e738743e5402602e045cf590b969dca2d6f7f1bdd57cc398df3392560d9"
 		score = 75
@@ -315591,8 +316063,8 @@ rule SIGNATURE_BASE_Othertools_Servu : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L349-L365"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L349-L365"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5c64e6879a9746a0d65226706e0edc7a"
 		logic_hash = "fda476bdcc0bb496331ca9f506a1221d401d8671d23f61f1b88219c688163169"
 		score = 75
@@ -315618,8 +316090,8 @@ rule SIGNATURE_BASE_Ustrrefadd : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L367-L384"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L367-L384"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b371b122460951e74094f3db3016264c9c8a0cfa"
 		logic_hash = "e44f180e081494e28b35b4129eb2c1817ed3e83f23d86f0d3dd4dcf27941cdf1"
 		score = 75
@@ -315646,8 +316118,8 @@ rule SIGNATURE_BASE_Xscanlib : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L386-L402"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L386-L402"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c5cb4f75cf241f5a9aea324783193433a42a13b0"
 		logic_hash = "ff18c527df9ff2a4d72bcc5e4905d6f42877d42536edcb13608c6e0e6773aa63"
 		score = 75
@@ -315673,8 +316145,8 @@ rule SIGNATURE_BASE_Idtools_For_Winxp_Idttool : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L404-L419"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L404-L419"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ebab6e4cb7ea82c8dc1fe4154e040e241f4672c6"
 		logic_hash = "9e14db3721afaba3ea5e9767afff593bf2b137306fe673acd7926bf6efc78391"
 		score = 75
@@ -315699,8 +316171,8 @@ rule SIGNATURE_BASE_Goodtoolset_Ms11046 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L421-L438"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L421-L438"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f8414a374011fd239a6c6d9c6ca5851cd8936409"
 		logic_hash = "2fb36a589613f97d0c3a4da58c65352689062a8ba6d432b5f3cf3b51a7e77f8c"
 		score = 75
@@ -315727,8 +316199,8 @@ rule SIGNATURE_BASE_Cmdshell32 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L440-L455"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L440-L455"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3c41116d20e06dcb179e7346901c1c11cd81c596"
 		logic_hash = "cfe3d72d33d7a3c2b70d4fa0767a921c1cfcd360b2094af40b067789cace95af"
 		score = 75
@@ -315753,8 +316225,8 @@ rule SIGNATURE_BASE_Sniffer_Analyzer_Ssclone_1210_Full_Version : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L457-L473"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L457-L473"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6882125babb60bd0a7b2f1943a40b965b7a03d4e"
 		logic_hash = "982a213a106794e2cddb6148b3d3a119ae17fc318ad03237da1018e1859523d7"
 		score = 75
@@ -315780,8 +316252,8 @@ rule SIGNATURE_BASE_X64_Klock : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L475-L491"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L475-L491"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "44825e848bc3abdb6f31d0a49725bb6f498e9ccc"
 		logic_hash = "3fe00c08607d20daa055db2f551009ff1c447f1a651d4a78aba91621d53424f5"
 		score = 75
@@ -315807,8 +316279,8 @@ rule SIGNATURE_BASE_Dos_Down32 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L493-L508"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L493-L508"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0365738acd728021b0ea2967c867f1014fd7dd75"
 		logic_hash = "c1aaaaaaae2ea720d3fc1516d88d678895bcda81344e8c1f4f57e5a20e770123"
 		score = 75
@@ -315833,8 +316305,8 @@ rule SIGNATURE_BASE_Marathontool_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L510-L525"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L510-L525"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "75b5d25cdaa6a035981e5a33198fef0117c27c9c"
 		logic_hash = "7581b63a7bddeac93c65b2943b9f5f568464d8f300bc7385ca73880996bd390b"
 		score = 75
@@ -315859,8 +316331,8 @@ rule SIGNATURE_BASE_Scanms_Scanms : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L527-L544"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L527-L544"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "47787dee6ddea2cb44ff27b6a5fd729273cea51a"
 		logic_hash = "d6b33e603953194dab67104cbb9649710515050cf73afb18b2c9083a9e228e6d"
 		score = 75
@@ -315887,8 +316359,8 @@ rule SIGNATURE_BASE_CN_Tools_Pcshare : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L546-L565"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L546-L565"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ee7ba9784fae413d644cdf5a093bd93b73537652"
 		logic_hash = "57bd1629abe0af1345f505514b99deb4e63ebce7363f3b0abcb76e7201d9b7b7"
 		score = 75
@@ -315917,8 +316389,8 @@ rule SIGNATURE_BASE_Pw_Inspector : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L567-L582"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L567-L582"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4f8e3e101098fc3da65ed06117b3cb73c0a66215"
 		logic_hash = "3b54466d80692923b93689a9e43e30dfbc63e5982cb633120795817098d68e05"
 		score = 75
@@ -315943,8 +316415,8 @@ rule SIGNATURE_BASE_Dll_Loadex : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L584-L603"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L584-L603"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "213d9d0afb22fe723ff570cf69ff8cdb33ada150"
 		logic_hash = "588f4f4d0a2f8f8e76de0a5b1217191c1cace69f934582d4fc3c974fb94b8c3e"
 		score = 75
@@ -315973,8 +316445,8 @@ rule SIGNATURE_BASE_Dat_Report : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L605-L619"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L605-L619"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4582a7c1d499bb96dad8e9b227e9d5de9becdfc2"
 		logic_hash = "e3b21f37fae388958758af535727844d6e9696862fd9968340e1a619592c53b6"
 		score = 75
@@ -315998,8 +316470,8 @@ rule SIGNATURE_BASE_Dos_Iis7 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L621-L638"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L621-L638"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0a173c5ece2fd4ac8ecf9510e48e95f43ab68978"
 		logic_hash = "e0cbcb63cd2a542e6394792070392d393b2a3485f5a5ef3c6ba0f113ae9270ec"
 		score = 75
@@ -316026,8 +316498,8 @@ rule SIGNATURE_BASE_Switchsniffer : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L640-L654"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L640-L654"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1e7507162154f67dff4417f1f5d18b4ade5cf0cd"
 		logic_hash = "4c75473399a7d47b63c6247248fd2792c675740ac671028b1c0a8ba1a02f35aa"
 		score = 75
@@ -316051,8 +316523,8 @@ rule SIGNATURE_BASE_Dbexpora : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L656-L671"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L656-L671"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b55b007ef091b2f33f7042814614564625a8c79f"
 		logic_hash = "2dad6cedae6a3a446c2c4829516bffa5608ea4d1c13c907796cf4d13ec37965e"
 		score = 75
@@ -316077,8 +316549,8 @@ rule SIGNATURE_BASE_Sqlcracker : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L673-L690"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L673-L690"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1aa5755da1a9b050c4c49fc5c58fa133b8380410"
 		logic_hash = "3724f4b746da413f99880564ae72bc0de867120f1f7eacaf856d42492ebe359e"
 		score = 75
@@ -316105,8 +316577,8 @@ rule SIGNATURE_BASE_Freeversion_Debug : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L692-L711"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L692-L711"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d11e6c6f675b3be86e37e50184dadf0081506a89"
 		logic_hash = "f7f8302c70c5aed1885724a1bca4efdf0547cc5be62e7dd6bcd8cc2079f71f96"
 		score = 75
@@ -316135,8 +316607,8 @@ rule SIGNATURE_BASE_Dos_Look : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L713-L728"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L713-L728"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e1a37f31170e812185cf00a838835ee59b8f64ba"
 		logic_hash = "341c72eaa5db1953e008423374c3f322de0f8dc33fd8181362172982b52e2b8a"
 		score = 75
@@ -316161,8 +316633,8 @@ rule SIGNATURE_BASE_Ntgodmode : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L730-L747"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L730-L747"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8baac735e37523d28fdb6e736d03c67274f7db77"
 		logic_hash = "55efa908ebfcede207d3fe0b1072cce262af0e627e91ba8746e7a8924b8e75bd"
 		score = 75
@@ -316189,8 +316661,8 @@ rule SIGNATURE_BASE_Webcrack4_Routerpasswordcracking : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L749-L766"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L749-L766"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "00c68d1b1aa655dfd5bb693c13cdda9dbd34c638"
 		logic_hash = "48456f82163806852ecef3d71c2c8247f6c74c31ce28472c80a914a98247bdb3"
 		score = 75
@@ -316217,8 +316689,8 @@ rule SIGNATURE_BASE_Hscan_Gui : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L768-L783"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L768-L783"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1885f0b7be87f51c304b39bc04b9423539825c69"
 		logic_hash = "c87cfe78324638ac9d35c7fd1e47f24014c470b0892ceceaf394278d9706157b"
 		score = 75
@@ -316243,8 +316715,8 @@ rule SIGNATURE_BASE_S_Multifunction_Scanners_S : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L785-L809"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L785-L809"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "79b60ffa1c0f73b3c47e72118e0f600fcd86b355"
 		logic_hash = "96f0692c54d74388f8602a03475d95a2fcd89692dd189f9363592745a70c234b"
 		score = 75
@@ -316279,8 +316751,8 @@ rule SIGNATURE_BASE_HKTL_CN_Dos_Getpass : FILE
 		modified = "2023-01-06"
 		old_rule_name = "Dos_GetPass"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L811-L830"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L811-L830"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d18d952b24110b83abd17e042f9deee679de6a1a"
 		logic_hash = "ea1410984fb1f66422faa943f1f16873f4e0d5ff1afa68c2d28f36889e214a52"
 		score = 75
@@ -316308,8 +316780,8 @@ rule SIGNATURE_BASE_HKTL_CN_Update_Pcmain : FILE
 		modified = "2023-01-06"
 		old_rule_name = "update_PcMain"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L832-L858"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L832-L858"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "aa68323aaec0269b0f7e697e69cce4d00a949caa"
 		logic_hash = "aa905379f65a8d964b921f2b74b61d94f97536466a7fc48f05c437d617cf35f6"
 		score = 90
@@ -316343,8 +316815,8 @@ rule SIGNATURE_BASE_HKTL_CN_Dos_Sys : FILE
 		modified = "2023-01-06"
 		old_rule_name = "Dos_sys"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L860-L878"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L860-L878"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b5837047443f8bc62284a0045982aaae8bab6f18"
 		logic_hash = "3b3f55c45ebfe4ab6d8e6b06a3c452c84d4f755f984d913c683a49a8fd570d9d"
 		score = 75
@@ -316371,8 +316843,8 @@ rule SIGNATURE_BASE_HKTL_CN_Dat_Xpf : FILE
 		modified = "2023-01-06"
 		old_rule_name = "dat_xpf"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L880-L897"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L880-L897"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "761125ab594f8dc996da4ce8ce50deba49c81846"
 		logic_hash = "c46b10ef17a9fee2be15fc9cc8b8aeec94d656b86e7208e1ad1f5efcd95fddf5"
 		score = 75
@@ -316398,8 +316870,8 @@ rule SIGNATURE_BASE_HKTL_CN_Project1 : FILE
 		modified = "2023-01-06"
 		old_rule_name = "Project1"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L899-L916"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L899-L916"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d1a5e3b646a16a7fcccf03759bd0f96480111c96"
 		logic_hash = "c26590f13a185eb42a27d27e6b5996f7fdf4d5c146fb74062686f356ec4db47d"
 		score = 75
@@ -316424,8 +316896,8 @@ rule SIGNATURE_BASE_Arp_EMP_V1_0 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L918-L931"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L918-L931"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ae4954c142ad1552a2abaef5636c7ef68fdd99ee"
 		logic_hash = "e46b0f730945dad3c75b6865f30005f4d5fa09c53e3a27c275ca22da9cc89e8d"
 		score = 75
@@ -316448,8 +316920,8 @@ rule SIGNATURE_BASE_CN_Tools_Myupnp : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L933-L948"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L933-L948"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "15b6fca7e42cd2800ba82c739552e7ffee967000"
 		logic_hash = "0bdd0d98dc5218bbe799e5e510c5f27d74a1ef398b09962f4267f846088f726e"
 		score = 75
@@ -316474,8 +316946,8 @@ rule SIGNATURE_BASE_CN_Tools_Shiell : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L950-L966"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L950-L966"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b432d80c37abe354d344b949c8730929d8f9817a"
 		logic_hash = "44c494c24c090b21c3c201d57f910e8f4d5132a863715a090fa1e18c9d349d48"
 		score = 75
@@ -316501,8 +316973,8 @@ rule SIGNATURE_BASE_Cndcom_Cndcom : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L968-L988"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L968-L988"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "08bbe6312342b28b43201125bd8c518531de8082"
 		logic_hash = "226be7ea7b09b2b87eeec006c8054b9fb59eb8324def14a4a0db97f94fb39d62"
 		score = 75
@@ -316532,8 +317004,8 @@ rule SIGNATURE_BASE_Isdebug_V1_4 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L990-L1010"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L990-L1010"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ca32474c358b4402421ece1cb31714fbb088b69a"
 		logic_hash = "d656327c33533b5ef7dc70ec00250ee35d878794fae189829a0ecad958f96616"
 		score = 75
@@ -316563,8 +317035,8 @@ rule SIGNATURE_BASE_HTTPSCANNER : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1012-L1026"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1012-L1026"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ae2929346944c1ea3411a4562e9d5e2f765d088a"
 		logic_hash = "0f1460101198d8b139b7cc0674bef2fc7b3d2a24249f521396b7bbe4318a83d5"
 		score = 75
@@ -316588,8 +317060,8 @@ rule SIGNATURE_BASE_Hscan_V1_20_Pipecmd : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1028-L1049"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1028-L1049"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "64403ce63b28b544646a30da3be2f395788542d6"
 		logic_hash = "91ed275896c2520893ba1af26b2563c0bd3564a9c5f9d812f35464469e27307b"
 		score = 75
@@ -316620,8 +317092,8 @@ rule SIGNATURE_BASE_Dos_Fp : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1051-L1067"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1051-L1067"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "41d57d356098ff55fe0e1f0bcaa9317df5a2a45c"
 		logic_hash = "cc09743269ee36862c95c9323ad271ca9b6c350cf25163d126fef0f86bc6f671"
 		score = 75
@@ -316647,8 +317119,8 @@ rule SIGNATURE_BASE_Dos_Netstat : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1069-L1085"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1069-L1085"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d0444b7bd936b5fc490b865a604e97c22d97e598"
 		logic_hash = "e2b908308616c3f2c94849b4f22f0e9bb130b5759d89161604505ff25681be55"
 		score = 75
@@ -316674,8 +317146,8 @@ rule SIGNATURE_BASE_CN_Tools_Xsniff : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1087-L1104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1087-L1104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d61d7329ac74f66245a92c4505a327c85875c577"
 		logic_hash = "a32d07ecd635ad71edaa37d9b1e5f66d8ce5a7f84f1bba6eb06deb1f49a879c8"
 		score = 75
@@ -316702,8 +317174,8 @@ rule SIGNATURE_BASE_Mssqlpass : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1106-L1121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1106-L1121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "172b4e31ed15d1275ac07f3acbf499daf9a055d7"
 		logic_hash = "8037316eb157f8693bd342911af5fe5292f3ef8a3c169c80bc70edbabd7a92e6"
 		score = 75
@@ -316728,8 +317200,8 @@ rule SIGNATURE_BASE_Wsockexpert : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1123-L1141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1123-L1141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2962bf7b0883ceda5e14b8dad86742f95b50f7bf"
 		logic_hash = "34ac3c5f0651ccab851d67da8863e0e305f981cf53a06d46c23f19736cc1c400"
 		score = 75
@@ -316757,8 +317229,8 @@ rule SIGNATURE_BASE_Ms_Viru_Racle : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1143-L1159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1143-L1159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "13116078fff5c87b56179c5438f008caf6c98ecb"
 		logic_hash = "d36db04c6a62a72e9f3079d09aedc9056c0a5032b4594af4d02ba55373f8b6a4"
 		score = 75
@@ -316784,8 +317256,8 @@ rule SIGNATURE_BASE_Lamescan3 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1161-L1177"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1161-L1177"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3130eefb79650dab2e323328b905e4d5d3a1d2f0"
 		logic_hash = "8246128fa4378b0479a0c051965188c7c3fa0f52c8acc8934ef8af3155a85590"
 		score = 75
@@ -316811,8 +317283,8 @@ rule SIGNATURE_BASE_CN_Tools_Pc : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1179-L1195"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1179-L1195"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5cf8caba170ec461c44394f4058669d225a94285"
 		logic_hash = "1da263362e4c2ec8194bb80bfc3f25ff8c4b708919ba02ea02687d5404b99720"
 		score = 75
@@ -316838,8 +317310,8 @@ rule SIGNATURE_BASE_Dos_Down64 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1197-L1215"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1197-L1215"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "43e455e43b49b953e17a5b885ffdcdf8b6b23226"
 		logic_hash = "d181c2075762fc3bb5b61bcdef57eb6533cb59dde03c4b901b6ce5b8323f3c8a"
 		score = 75
@@ -316867,8 +317339,8 @@ rule SIGNATURE_BASE_Epathobj_Exp32 : FILE
 		date = "2015-06-13"
 		modified = "2022-12-21"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1217-L1235"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1217-L1235"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ed86ff44bddcfdd630ade8ced39b4559316195ba"
 		logic_hash = "8959837257848a08240d0423971b9d3a850a7e9cc796de2c9b2d34814923f8ec"
 		score = 75
@@ -316895,8 +317367,8 @@ rule SIGNATURE_BASE_Tools_Unknown : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1237-L1254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1237-L1254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4be8270c4faa1827177e2310a00af2d5bcd2a59f"
 		logic_hash = "493bb63d4dd519efbf53a29fa44ef74f0a85943b2d9f49f11e3daa57c6b03d8e"
 		score = 75
@@ -316923,8 +317395,8 @@ rule SIGNATURE_BASE_PLUGIN_Ajunk : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1256-L1271"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1256-L1271"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "eb430fcfe6d13b14ff6baa4b3f59817c0facec00"
 		logic_hash = "e37504aab506138493ddc0979697502819824ef00c7931599130fafb5d84a7a9"
 		score = 75
@@ -316949,8 +317421,8 @@ rule SIGNATURE_BASE_Iisputscanner : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1273-L1316"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1273-L1316"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9869c70d6a9ec2312c749aa17d4da362fa6e2592"
 		logic_hash = "b2af9003cef528610280866bf00a9716b4421a5f7c65e7c8ec3202af9a592de1"
 		score = 75
@@ -317003,8 +317475,8 @@ rule SIGNATURE_BASE_Idtools_For_Winxp_Idttool_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1318-L1335"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1318-L1335"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "07feb31dd21d6f97614118b8a0adf231f8541a67"
 		logic_hash = "831f42abd7374b2ca2b4115a73aae2123e2212b0854d4cc0950b8e66a28e38a3"
 		score = 75
@@ -317031,8 +317503,8 @@ rule SIGNATURE_BASE_Hkmjjiis6 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1337-L1358"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1337-L1358"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4cbc6344c6712fa819683a4bd7b53f78ea4047d7"
 		logic_hash = "4ea95b7a5bd24e0dfdcef045d101b7f15e18b20f1328901bb340d9aaad336981"
 		score = 75
@@ -317063,8 +317535,8 @@ rule SIGNATURE_BASE_Dos_Lcx : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1360-L1384"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1360-L1384"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b6ad5dd13592160d9f052bb47b0d6a87b80a406d"
 		logic_hash = "bbe215fb27825b4f4bbfa71808ac945f341efbc70a21f79689065982a843d7f1"
 		score = 75
@@ -317098,8 +317570,8 @@ rule SIGNATURE_BASE_X_Way2_5_X_Way : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1386-L1407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1386-L1407"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8ba8530fbda3e8342e8d4feabbf98c66a322dac6"
 		logic_hash = "6261de5db1e7527f7726effe26ed5f88638e6cb378db4c99183dddcd42ae231f"
 		score = 75
@@ -317130,8 +317602,8 @@ rule SIGNATURE_BASE_Tools_Sqlcmd : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1409-L1428"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1409-L1428"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "99d56476e539750c599f76391d717c51c4955a33"
 		logic_hash = "aa600f7c56d72d767e9ca51d8b1ee2b2c62302ea1afbed39e4670debd30c5247"
 		score = 75
@@ -317160,8 +317632,8 @@ rule SIGNATURE_BASE_Sword1_5 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1430-L1449"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1430-L1449"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "96ee5c98e982aa8ed92cb4cedb85c7fda873740f"
 		logic_hash = "09e09f7ea16dc917388cbccb22a7abfed9b693a33d61698f0e838f029402c256"
 		score = 75
@@ -317190,8 +317662,8 @@ rule SIGNATURE_BASE_Tools_Scan : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1451-L1466"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1451-L1466"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c580a0cc41997e840d2c0f83962e7f8b636a5a13"
 		logic_hash = "d8bf2e4a4634f74ce548a5824090502f2ccef382bdbcaf795df711e88a325912"
 		score = 75
@@ -317216,8 +317688,8 @@ rule SIGNATURE_BASE_Dos_C : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1468-L1487"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1468-L1487"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3deb6bd52fdac6d5a3e9a91c585d67820ab4df78"
 		logic_hash = "2865b50e6a323462fab39bd84571939c618cf6f00e147039f6e699ba4d195a00"
 		score = 75
@@ -317246,8 +317718,8 @@ rule SIGNATURE_BASE_Arpsniffer : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1489-L1506"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1489-L1506"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7d8753f56fc48413fc68102cff34b6583cb0066c"
 		logic_hash = "eb0a425be0fff87eb58689a4eee4b6729e8ee985e6224790111322d4b182caf1"
 		score = 75
@@ -317274,8 +317746,8 @@ rule SIGNATURE_BASE_Pw_Inspector_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1508-L1524"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1508-L1524"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e0a1117ee4a29bb4cf43e3a80fb9eaa63bb377bf"
 		logic_hash = "7d2021ff471f03deb9e6d8b62fcb218ae3198f21fd7b8fa1fdd9b96228b8c2f8"
 		score = 75
@@ -317301,8 +317773,8 @@ rule SIGNATURE_BASE_Datpcshare : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1526-L1542"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1526-L1542"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "87acb649ab0d33c62e27ea83241caa43144fc1c4"
 		logic_hash = "15297a8019192371032fc11b966d1a89d951c176da6d64e80ca5a201f55341c0"
 		score = 75
@@ -317328,8 +317800,8 @@ rule SIGNATURE_BASE_Tools_Xport : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1544-L1565"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1544-L1565"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9584de562e7f8185f721e94ee3cceac60db26dda"
 		logic_hash = "9eea73732643f74b4802af0672f5c3ab09cc54cfecd80f8903efc26b7ceaec29"
 		score = 75
@@ -317360,8 +317832,8 @@ rule SIGNATURE_BASE_Pc_Xai : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1567-L1586"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1567-L1586"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f285a59fd931ce137c08bd1f0dae858cc2486491"
 		logic_hash = "80659fcf1721b20f459ac0480401bdf643c95b46118d03320bc6d4e4ee4b67f7"
 		score = 75
@@ -317390,8 +317862,8 @@ rule SIGNATURE_BASE_Radmin_Hash : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1588-L1605"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1588-L1605"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "be407bd5bf5bcd51d38d1308e17a1731cd52f66b"
 		logic_hash = "d6ee13a2ed30bb44471593386521f67be0d6ccd6f8a0ebf8557012a099f81d3d"
 		score = 75
@@ -317418,8 +317890,8 @@ rule SIGNATURE_BASE_Oseditor : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1607-L1624"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1607-L1624"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6773c3c6575cf9cfedbb772f3476bb999d09403d"
 		logic_hash = "6531c0b3c0f6123d9eda34ed028f05054e4805e5c329da4b29e4f37f9b5fc1b2"
 		score = 75
@@ -317446,8 +317918,8 @@ rule SIGNATURE_BASE_Goodtoolset_Ms11011 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1626-L1642"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1626-L1642"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5ad7a4962acbb6b0e3b73d77385eb91feb88b386"
 		logic_hash = "99dd27eba7da44c71098446e17abfe626de91e899e28c2d2e99e7b54b9e0c825"
 		score = 75
@@ -317473,8 +317945,8 @@ rule SIGNATURE_BASE_Freeversion_Release : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1644-L1662"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1644-L1662"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f42e4b5748e92f7a450eb49fc89d6859f4afcebb"
 		logic_hash = "38722afb3b955aced2e68e2048a3268722524f61784dcb45c6a695b5684230eb"
 		score = 75
@@ -317502,8 +317974,8 @@ rule SIGNATURE_BASE_Churrasco : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1664-L1681"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1664-L1681"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a8d4c177948a8e60d63de9d0ed948c50d0151364"
 		logic_hash = "36ca7c8d1579eeb571c182c033c312b3b231313b8950c1e24eeb3df793b004c4"
 		score = 75
@@ -317530,8 +318002,8 @@ rule SIGNATURE_BASE_X64_Kiwicmd : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1682-L1697"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1682-L1697"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "569ca4ff1a5ea537aefac4a04a2c588c566c6d86"
 		logic_hash = "b49a70a49a67fbb57d643b38155482177f594bd1f01f5464c4f36b265aac48d8"
 		score = 75
@@ -317556,8 +318028,8 @@ rule SIGNATURE_BASE_Sql1433_SQL : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1699-L1715"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1699-L1715"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "025e87deadd1c50b1021c26cb67b76b476fafd64"
 		logic_hash = "5ceecc4f345cb603a0b03180f3f09f97e5f951b5d75c469aefffe3ec62916a8f"
 		score = 75
@@ -317581,8 +318053,8 @@ rule SIGNATURE_BASE_Cookietools2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1717-L1733"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1717-L1733"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cb67797f229fdb92360319e01277e1345305eb82"
 		logic_hash = "8ddb8ea0bc047877d91f25375745ab8fa66af28b6b41de36e0fb16ea8284fce5"
 		score = 75
@@ -317608,8 +318080,8 @@ rule SIGNATURE_BASE_Cyclotron : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1735-L1752"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1735-L1752"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5b63473b6dc1e5942bf07c52c31ba28f2702b246"
 		logic_hash = "f3a0edf54039479c9f4e46b20249465bbe1bca57f47afeba37965e6e3fc0127f"
 		score = 75
@@ -317636,8 +318108,8 @@ rule SIGNATURE_BASE_Xscan_Gui : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1754-L1770"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1754-L1770"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a9e900510396192eb2ba4fb7b0ef786513f9b5ab"
 		logic_hash = "366db7eb19725a0a42ce371d7bfb50a22a259f0bc0252927af626e8c1c0b9b59"
 		score = 75
@@ -317663,8 +318135,8 @@ rule SIGNATURE_BASE_CN_Tools_Hscan : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1772-L1792"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1772-L1792"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "17a743e40790985ececf5c66eaad2a1f8c4cffe8"
 		logic_hash = "9bc4800249bffcc4b8fc1191d600f0b9b2a7b0c1f067039c83c03671a0b4b5c5"
 		score = 75
@@ -317694,8 +318166,8 @@ rule SIGNATURE_BASE_Goodtoolset_Pr : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1794-L1812"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1794-L1812"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f6676daf3292cff59ef15ed109c2d408369e8ac8"
 		logic_hash = "0673bc445422f4339c9e81ff8ae8a9b2bb9bc1f107b85fe34906444a1754c43b"
 		score = 75
@@ -317723,8 +318195,8 @@ rule SIGNATURE_BASE_Hydra_7_4_1_Hydra : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1814-L1832"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1814-L1832"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3411d0380a1c1ebf58a454765f94d4f1dd714b5b"
 		logic_hash = "f52696cbf7355c982d1a1e0c73dce65324845c5ffc13c541e326720332b4788d"
 		score = 75
@@ -317752,8 +318224,8 @@ rule SIGNATURE_BASE_CN_Tools_Srss_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1834-L1856"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1834-L1856"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c418b30d004051bbf1b2d3be426936b95b5fea6f"
 		logic_hash = "e674ac7a99a67e2ebe8b4c4232e3435dd041b794f6c08a87ef7b8179127d6fc7"
 		score = 75
@@ -317784,8 +318256,8 @@ rule SIGNATURE_BASE_Dos_Ntgod : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1858-L1874"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1858-L1874"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "adefd901d6bbd8437116f0170b9c28a76d4a87bf"
 		logic_hash = "77b9204add5d25dcc36eabc07cabea2bdc67a23873c2faf7706e7fba5ed53f8b"
 		score = 75
@@ -317811,8 +318283,8 @@ rule SIGNATURE_BASE_CN_Tools_Vnclink : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1876-L1891"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1876-L1891"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cafb531822cbc0cfebbea864489eebba48081aa1"
 		logic_hash = "21328e2a871dfcfda47991a1f1e897efd27471420d644c09a94004cf5b0f9869"
 		score = 75
@@ -317837,8 +318309,8 @@ rule SIGNATURE_BASE_Tools_Ntcmd : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1893-L1911"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1893-L1911"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a3ae8659b9a673aa346a60844208b371f7c05e3c"
 		logic_hash = "c2487306a0d82ab76a048c001361c25bcd61d0f7a57a3b22df1c70299f0a72ba"
 		score = 75
@@ -317866,8 +318338,8 @@ rule SIGNATURE_BASE_Mysql_Pwd_Crack : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1913-L1930"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1913-L1930"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "57d1cb4d404688804a8c3755b464a6e6248d1c73"
 		logic_hash = "d272b98a6cf2749482ee501734d0043564ba528770161cb0ed4f032409305f22"
 		score = 75
@@ -317894,8 +318366,8 @@ rule SIGNATURE_BASE_Cmdshell64 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1932-L1951"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1932-L1951"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5b92510475d95ae5e7cd6ec4c89852e8af34acf1"
 		logic_hash = "fd8010ab2ab51feed62475f840ffaeef92cf1266c139b8f669b7fa5ff646fdab"
 		score = 75
@@ -317924,8 +318396,8 @@ rule SIGNATURE_BASE_Ms_Viru_V : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1953-L1971"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1953-L1971"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ecf4ba6d1344f2f3114d52859addee8b0770ed0d"
 		logic_hash = "028b589c11eeacb2edfeeaeaebf2da370e540cba964c9ebbb19e4c734afe190f"
 		score = 75
@@ -317953,8 +318425,8 @@ rule SIGNATURE_BASE_CN_Tools_Vscan : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1973-L1990"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1973-L1990"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0365fe05e2de0f327dfaa8cd0d988dbb7b379612"
 		logic_hash = "2bbf0a3fb2b3fc9b646c6f8fc021f65a38e1b64edd74301481051541f8938902"
 		score = 75
@@ -317981,8 +318453,8 @@ rule SIGNATURE_BASE_Dos_Iis : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L1992-L2011"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L1992-L2011"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "61ffd2cbec5462766c6f1c44bd44eeaed4f3d2c7"
 		logic_hash = "d6852af79eac659f4dfa3019793290e0498739f02a06c5540cd7d2c65b46b960"
 		score = 75
@@ -318011,8 +318483,8 @@ rule SIGNATURE_BASE_Iisputscannesr : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2013-L2027"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2013-L2027"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2dd8fee20df47fd4eed5a354817ce837752f6ae9"
 		logic_hash = "27c190050aabcdff3713b388adb0113ad2334c107a2a7b3d682c209b102cf642"
 		score = 75
@@ -318036,8 +318508,8 @@ rule SIGNATURE_BASE_HKTL_Unknown_CN_Generate : FILE
 		date = "2015-06-13"
 		modified = "2022-01-20"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2029-L2047"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2029-L2047"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2cb4c3916271868c30c7b4598da697f59e9c7a12"
 		logic_hash = "a83000880bd71f4ee6507cb448b611cb670a47a4dc47c400930d3a41ca594a5d"
 		score = 75
@@ -318064,8 +318536,8 @@ rule SIGNATURE_BASE_Pc_Rejoice : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2049-L2067"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2049-L2067"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fe634a9f5d48d5c64c8f8bfd59ac7d8965d8f372"
 		logic_hash = "9e22a98b5065a95a7f169fda8d6d4112101bffa11a1407e03ec152db41857206"
 		score = 75
@@ -318093,8 +318565,8 @@ rule SIGNATURE_BASE_Ms11080_Withcmd : FILE
 		date = "2015-06-13"
 		modified = "2022-12-21"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2069-L2087"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2069-L2087"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "745e5058acff27b09cfd6169caf6e45097881a49"
 		logic_hash = "cd7167269538a5dd197260682ad777f87e43cc2155acf3ce731d1a065395cf4a"
 		score = 75
@@ -318121,8 +318593,8 @@ rule SIGNATURE_BASE_Othertools_Xiaoa : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2089-L2107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2089-L2107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6988acb738e78d582e3614f83993628cf92ae26d"
 		logic_hash = "451ed602bd1e9dd7e4020108ea133b60c546965bd77be349d07be42150f80fee"
 		score = 75
@@ -318150,8 +318622,8 @@ rule SIGNATURE_BASE_Unknown2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2109-L2128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2109-L2128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "32508d75c3d95e045ddc82cb829281a288bd5aa3"
 		logic_hash = "dea499eaa87cc454a31672fb842539779926d50785ef827162fde84bfcdcc54a"
 		score = 75
@@ -318180,8 +318652,8 @@ rule SIGNATURE_BASE_Hydra_7_3_Hydra : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2130-L2147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2130-L2147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2f82b8bf1159e43427880d70bcd116dc9e8026ad"
 		logic_hash = "23194c2df0b8bdedc4fc66c423b0aebb10217de328a194b26560d4cc9a5531e3"
 		score = 75
@@ -318208,8 +318680,8 @@ rule SIGNATURE_BASE_Oraclescan : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2149-L2165"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2149-L2165"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "10ff7faf72fe6da8f05526367b3522a2408999ec"
 		logic_hash = "b9454f47123c32d6c6b51722aeadac9acc2a6232c259703c36ea00c83d8977e6"
 		score = 75
@@ -318235,8 +318707,8 @@ rule SIGNATURE_BASE_Sqltools : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2167-L2186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2167-L2186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "38a9caa2079afa2c8d7327e7762f7ed9a69056f7"
 		logic_hash = "35b84c3445e92d61ca5e638a2eb19128dca2174327c6325436287d8d3f0bb976"
 		score = 75
@@ -318266,8 +318738,8 @@ rule SIGNATURE_BASE_HKTL_Portscanner_533_NET_Jun15 : FILE
 		modified = "2023-12-05"
 		old_rule_name = "portscanner"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2188-L2205"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2188-L2205"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1de367d503fdaaeee30e8ad7c100dd1e320858a4"
 		logic_hash = "446cbc1b8046bfd182e0b1c98fe37c8b8ef98f600f5d80d9de83b45aeaf2b386"
 		score = 75
@@ -318293,8 +318765,8 @@ rule SIGNATURE_BASE_Kappfree : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2207-L2222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2207-L2222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e57e79f190f8a24ca911e6c7e008743480c08553"
 		logic_hash = "b1b644f9b033ac8372369e81628ee3f6fe094f80d11b8f4f6c192a5e81d2e543"
 		score = 75
@@ -318319,8 +318791,8 @@ rule SIGNATURE_BASE_Smartniff : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2224-L2239"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2224-L2239"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "67609f21d54a57955d8fe6d48bc471f328748d0a"
 		logic_hash = "bac770ae3c8e7f619da0b0ff4243716ff8212dce0f36c08c127af892548fe0b6"
 		score = 75
@@ -318345,8 +318817,8 @@ rule SIGNATURE_BASE_Chinachopper_Caidao : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2241-L2259"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2241-L2259"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "056a60ec1f6a8959bfc43254d97527b003ae5edb"
 		logic_hash = "7e16a452c98e36a4946bcede5552bef7f6fc82314b28b506307cf010a0890ea6"
 		score = 75
@@ -318374,8 +318846,8 @@ rule SIGNATURE_BASE_Kiwitaskmgr_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2261-L2276"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2261-L2276"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8bd6c9f2e8be3e74bd83c6a2d929f8a69422fb16"
 		logic_hash = "6d197e9b7bb9bbd759d6c8c882f7d7412512ba10208cb52a08fcde5e32fd1733"
 		score = 75
@@ -318400,8 +318872,8 @@ rule SIGNATURE_BASE_Kappfree_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2278-L2294"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2278-L2294"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5d578df9a71670aa832d1cd63379e6162564fb6b"
 		logic_hash = "1862f1283e8a268f523b3922b3630ebbca9a81cc5aed19e5068315e6346d25c2"
 		score = 75
@@ -318427,8 +318899,8 @@ rule SIGNATURE_BASE_X_Way2_5_Sqlcmd : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2296-L2324"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2296-L2324"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5152a57e3638418b0d97a42db1c0fc2f893a2794"
 		logic_hash = "59fd25a786d56885e456fca154800a8313cd04a23fd9374361cc37b86be109a1"
 		score = 75
@@ -318466,8 +318938,8 @@ rule SIGNATURE_BASE_Win32_Klock : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2326-L2341"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2326-L2341"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7addce4434670927c4efaa560524680ba2871d17"
 		logic_hash = "e9f1d38de15ce06d55cf276e0f2becd9f9dbf5bd22f9061de03761d7ccdd3e60"
 		score = 75
@@ -318492,8 +318964,8 @@ rule SIGNATURE_BASE_Ipsearcher : FILE
 		date = "2015-06-13"
 		modified = "2022-12-21"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2343-L2360"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2343-L2360"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1e96e9c5c56fcbea94d26ce0b3f1548b224a4791"
 		logic_hash = "e63349ede826bc7b0e9c94d122e5b294c11a598fcf7096b80be726146e796a80"
 		score = 75
@@ -318519,8 +318991,8 @@ rule SIGNATURE_BASE_Ms10048_X64 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2362-L2378"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2362-L2378"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "418bec3493c85e3490e400ecaff5a7760c17a0d0"
 		logic_hash = "f6e353a9e4f751632ca5fda1663f0ba66b16b60df90570ccdaf836eaaa6a78ca"
 		score = 75
@@ -318546,8 +319018,8 @@ rule SIGNATURE_BASE_Hscangui : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2380-L2396"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2380-L2396"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "af8aced0a78e1181f4c307c78402481a589f8d07"
 		logic_hash = "9c0eb87dcf8aa107b5289d196650aebcf49c24f57a317de0afdadd61fb5bb5b7"
 		score = 75
@@ -318573,8 +319045,8 @@ rule SIGNATURE_BASE_Goodtoolset_Ms11080 : FILE
 		date = "2015-06-13"
 		modified = "2022-12-21"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2398-L2417"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2398-L2417"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f0854c49eddf807f3a7381d3b20f9af4a3024e9f"
 		logic_hash = "a5b03dded6146dae48bca962e7c5419c2ea69f8709ae7f2c9355bd178d5d77fb"
 		score = 75
@@ -318602,8 +319074,8 @@ rule SIGNATURE_BASE_Epathobj_Exp64 : FILE
 		date = "2015-06-13"
 		modified = "2022-12-21"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2419-L2438"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2419-L2438"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "09195ba4e25ccce35c188657957c0f2c6a61d083"
 		logic_hash = "dc4073a7d319cffbbce7b3c7b7cf02b007839b72fe14ec1fbdcd3343d57cf7bf"
 		score = 75
@@ -318631,8 +319103,8 @@ rule SIGNATURE_BASE_Kelloworld_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2440-L2455"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2440-L2455"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "55d5dabd96c44d16e41f70f0357cba1dda26c24f"
 		logic_hash = "a575c30c06bd84196cbf01a9b5ef3a042cf29553610421b019227d30a2c7ad1c"
 		score = 75
@@ -318657,8 +319129,8 @@ rule SIGNATURE_BASE_Hscan_V1_20_Hscan : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2457-L2474"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2457-L2474"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "568b06696ea0270ee1a744a5ac16418c8dacde1c"
 		logic_hash = "8e30c366c5d5c34a7b50ba4dec17a46c173196b773fff6965891802bcebeb112"
 		score = 75
@@ -318685,8 +319157,8 @@ rule SIGNATURE_BASE__Project1_Generate_Rejoice : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2476-L2497"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2476-L2497"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b66bb4d392881468b33a8ee4458f33bfe7a82d34cc3927eedccd54ad94ff6a04"
 		score = 75
 		quality = 85
@@ -318717,8 +319189,8 @@ rule SIGNATURE_BASE__Hscan_Hscan_Hscangui : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2499-L2519"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2499-L2519"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5466c3dd8b2b777186bfab9d0948905eb3692ce05cf4748fb5b7b896dc3cb251"
 		score = 75
 		quality = 85
@@ -318748,8 +319220,8 @@ rule SIGNATURE_BASE_Kiwi_Tools : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2521-L2554"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2521-L2554"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ce7b3c7d57740257013d9d589444a3b53e81254619bd3f09ece917c70bba03ce"
 		score = 75
 		quality = 85
@@ -318792,8 +319264,8 @@ rule SIGNATURE_BASE_Kiwi_Tools_Gentil_Kiwi : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktools.yar#L2556-L2587"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktools.yar#L2556-L2587"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1a88bb31e985ae2119b578494ce9130204b41eece5929865c0822cdc82eaba75"
 		score = 75
 		quality = 85
@@ -318834,8 +319306,8 @@ rule SIGNATURE_BASE_MAL_Compromised_Cert_Ducktail_Stealer_Jun23 : FILE
 		date = "2023-06-16"
 		modified = "2023-08-12"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_ducktail_compromised_certs_jun23.yar#L2-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_ducktail_compromised_certs_jun23.yar#L2-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9b7916700359d662e99003727f5293f5a937254ff265c3bc8bb8763e196daa0e"
 		score = 80
 		quality = 85
@@ -318876,8 +319348,8 @@ rule SIGNATURE_BASE_Emdivi_SFX : FILE
 		date = "2015-08-20"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_bluetermite_emdivi.yar#L9-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_bluetermite_emdivi.yar#L9-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3257983c64c52f36b04e3fe7b12180a37531338349137d4df00fc6f704557b2e"
 		score = 70
 		quality = 85
@@ -318904,8 +319376,8 @@ rule SIGNATURE_BASE_Emdivi_Gen1 : FILE
 		date = "2015-08-20"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_bluetermite_emdivi.yar#L32-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_bluetermite_emdivi.yar#L32-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e1895926f6327bf301b8618f9162cacb30ad96f181f197559d399675e2cd93c6"
 		score = 80
 		quality = 85
@@ -318941,8 +319413,8 @@ rule SIGNATURE_BASE_Emdivi_Gen2 : FILE
 		date = "2015-08-20"
 		modified = "2023-01-27"
 		reference = "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_bluetermite_emdivi.yar#L62-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_bluetermite_emdivi.yar#L62-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c40306d646c5bf8c3aff1bc697b81997b4d635ccf237775e2bea96b89f7fa001"
 		score = 80
 		quality = 85
@@ -318973,8 +319445,8 @@ rule SIGNATURE_BASE_MAL_Emdivi_Gen3 : FILE
 		date = "2015-08-20"
 		modified = "2023-01-06"
 		reference = "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_bluetermite_emdivi.yar#L87-L114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_bluetermite_emdivi.yar#L87-L114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ff89a0855481d723f23e0c00f6b6eaf912e6df3a7e9ebe4ff1e6ccf2b02f0888"
 		score = 80
 		quality = 85
@@ -319004,8 +319476,8 @@ rule SIGNATURE_BASE_Emdivi_Gen4 : FILE
 		date = "2015-08-20"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/71876/new-activity-of-the-blue-termite-apt/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_bluetermite_emdivi.yar#L116-L143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_bluetermite_emdivi.yar#L116-L143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9c1645023ceefdb849cf4b0e60de8c608bfd5e15d3aac6d16d68a36140a8ebed"
 		score = 80
 		quality = 79
@@ -319041,8 +319513,8 @@ rule SIGNATURE_BASE_Greenbug_Malware_1 : FILE
 		date = "2017-01-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/urp4CD"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_greenbug.yar#L12-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_greenbug.yar#L12-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e060a197dec0ce5da385abd282f0c4397bace8945b36198955925d02444b37a3"
 		score = 75
 		quality = 85
@@ -319066,8 +319538,8 @@ rule SIGNATURE_BASE_Greenbug_Malware_2 : FILE
 		date = "2017-01-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/urp4CD"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_greenbug.yar#L28-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_greenbug.yar#L28-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "25a9e1f08187f3d3cd0ec1384a5f4647c3368b99062f2e0d7d45c6c2ffeb66e0"
 		score = 75
 		quality = 85
@@ -319102,8 +319574,8 @@ rule SIGNATURE_BASE_Greenbug_Malware_3
 		date = "2017-01-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/urp4CD"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_greenbug.yar#L56-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_greenbug.yar#L56-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f4e8672da2ed9d90d4ebfccca977c4aeb93656d9e467cf479699cefd03611f32"
 		score = 75
 		quality = 85
@@ -319130,8 +319602,8 @@ rule SIGNATURE_BASE_Greenbug_Malware_4 : FILE
 		date = "2017-01-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/urp4CD"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_greenbug.yar#L75-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_greenbug.yar#L75-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "869832536d838e062227ccd3b84f8559d2215360c0e09ec791db623d7d3d7a3b"
 		score = 75
 		quality = 85
@@ -319167,8 +319639,8 @@ rule SIGNATURE_BASE_Greenbug_Malware_5 : FILE
 		date = "2017-01-25"
 		modified = "2023-01-27"
 		reference = "https://goo.gl/urp4CD"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_greenbug.yar#L103-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_greenbug.yar#L103-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cdb4b2447e7eb3546b33a804abf5fbc20817823e5c9440109db7b44adf90899d"
 		score = 75
 		quality = 85
@@ -319199,8 +319671,8 @@ rule SIGNATURE_BASE_Greenbug_Malware_Nov17_1 : FILE
 		date = "2017-11-26"
 		modified = "2023-12-05"
 		reference = "http://www.clearskysec.com/greenbug/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_greenbug.yar#L141-L169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_greenbug.yar#L141-L169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "afd006d7e53cdedbed5938e5dea71273dd21a1382239bac03194662e95d053c8"
 		score = 75
 		quality = 83
@@ -319232,8 +319704,8 @@ rule SIGNATURE_BASE_Armitage_Msfconsole : FILE
 		date = "2017-12-24"
 		modified = "2022-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_armitage.yar#L14-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_armitage.yar#L14-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cf9df9858ca584288288fd0b55fdcf65aeea410f25531ee3d8cf48c30d23824a"
 		score = 75
 		quality = 85
@@ -319257,8 +319729,8 @@ rule SIGNATURE_BASE_Armitage_Meterpretersession_Strings : FILE
 		date = "2017-12-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_armitage.yar#L33-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_armitage.yar#L33-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3a21a42df8f15e3e81c797feb284edfe2de7d1c182547e8606f0e48dc08f6939"
 		score = 75
 		quality = 85
@@ -319285,8 +319757,8 @@ rule SIGNATURE_BASE_Armitage_OSX : FILE
 		date = "2017-12-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_armitage.yar#L52-L68"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_armitage.yar#L52-L68"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "25c94b9715fdc10d0e04eea7d5b9974e60f3e248f51b80de80542b169996fc7a"
 		score = 75
 		quality = 85
@@ -319312,12 +319784,12 @@ rule SIGNATURE_BASE_Persistence_Agent_Macos : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://ghostbin.com/paste/mz5nf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_osx_pyagent_persistence.yar#L1-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_osx_pyagent_persistence.yar#L1-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4288a81779a492b5b02bad6e90b2fa6212fa5f8ee87cc5ec9286ab523fc02446 cec7be2126d388707907b4f9d681121fd1e3ca9f828c029b02340ab1331a5524 e1cf136be50c4486ae8f5e408af80b90229f3027511b4beed69495a042af95be"
 		logic_hash = "2613fcb32cbdbb24df6c48fcb5d16549783e50246d2cdb8c473375644dd88254"
 		score = 75
-		quality = 58
+		quality = 83
 		tags = "FILE"
 
 	strings:
@@ -319345,8 +319817,8 @@ rule SIGNATURE_BASE_MAL_Crime_Win32_Loader_Guloader_1_Experimental : FILE
 		date = "2020-05-04"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/VK_Intel/status/1257206565146370050"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_guloader.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_guloader.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "03b7e0251b1c08798ce310cc4c11adfaa3071409d608c91c30d5fc7e28a079de"
 		score = 50
 		quality = 85
@@ -319369,8 +319841,8 @@ rule SIGNATURE_BASE_Visualdiscovery_Lonovo_Superfish_SSL_Hijack : FILE
 		date = "2015-02-19"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/4nc4p/status/568325493558272000"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/threat_lenovo_superfish.yar#L4-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/threat_lenovo_superfish.yar#L4-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0f156a51dccafe32467b64251507928b1c7a1b04595063aa66aa69da6c4cc4fc"
 		score = 75
 		quality = 85
@@ -319398,8 +319870,8 @@ rule SIGNATURE_BASE_Metasploit_Loader_Rsmudge : FILE
 		date = "2016-04-20"
 		modified = "2023-12-05"
 		reference = "https://github.com/rsmudge/metasploit-loader"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_loader_rsmudge.yar#L10-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_loader_rsmudge.yar#L10-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "50b1898e3087a5e0876b87179252c452af48e00bbef52297060d70acd90d0133"
 		score = 75
 		quality = 85
@@ -319427,8 +319899,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_Malicious_Samples_Mar23_1 : FILE
 		date = "2023-03-29"
 		modified = "2023-04-20"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L3-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L3-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "68f4007791d365900c84e32e076aa3cac9f3a9ed46de297f1005306554ee13f5"
 		score = 85
 		quality = 85
@@ -319459,8 +319931,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_Malicious_Samples_Mar23_2 : FILE
 		date = "2023-03-29"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/dan__mayer/status/1641170769194672128?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L32-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L32-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dec8310c1f5b304a755737a0005bb33b1762f21ed380b2b98b0f5427948ab930"
 		score = 80
 		quality = 60
@@ -319488,8 +319960,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_Malicious_Samples_Mar23_3
 		date = "2023-03-29"
 		modified = "2023-12-05"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L56-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L56-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "adfe04904d796690631e5841ee1ee10c767f9f4c340e5b9df78918e981359d4d"
 		score = 80
 		quality = 85
@@ -319516,8 +319988,8 @@ rule SIGNATURE_BASE_SUSP_APT_MAL_NK_3CX_Malicious_Samples_Mar23_1
 		date = "2023-03-29"
 		modified = "2023-04-20"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L81-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L81-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dcce1f5e769a2821d746a960cd333f8042fb71c8469aa41c29bbbd0dce79369c"
 		score = 75
 		quality = 85
@@ -319542,8 +320014,8 @@ rule SIGNATURE_BASE_APT_SUSP_NK_3CX_RC4_Key_Mar23_1 : FILE
 		date = "2023-03-29"
 		modified = "2023-12-05"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L100-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L100-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8324b537b149ad3816b12ae0f887f66a284a8e1ef4fe7cf51eb21d59c0f055b9"
 		score = 70
 		quality = 85
@@ -319569,8 +320041,8 @@ rule SIGNATURE_BASE_SUSP_3CX_App_Signed_Binary_Mar23_1 : FILE
 		date = "2023-03-29"
 		modified = "2023-12-05"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L119-L139"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L119-L139"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3834b5ebb5a0db27a452fda1c97c921b2c9c8702505738232b15a3ed4a47dc47"
 		score = 65
 		quality = 85
@@ -319595,8 +320067,8 @@ rule SIGNATURE_BASE_SUSP_3CX_MSI_Signed_Binary_Mar23_1 : FILE
 		date = "2023-03-29"
 		modified = "2023-12-05"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L141-L166"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L141-L166"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b0fa9821a02803473ce8139b19d005968b03c9765cff5b9ae5428a259d88cc9f"
 		score = 60
 		quality = 85
@@ -319622,8 +320094,8 @@ rule SIGNATURE_BASE_APT_MAL_Macos_NK_3CX_Malicious_Samples_Mar23_1 : FILE
 		date = "2023-03-30"
 		modified = "2023-12-05"
 		reference = "https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L168-L184"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L168-L184"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c2733c2f7dcca82e5a0b2301777fb54853d04dfa893bcf88ecbec34d37e1a38a"
 		score = 80
 		quality = 85
@@ -319648,8 +320120,8 @@ rule SIGNATURE_BASE_APT_MAL_Macos_NK_3CX_DYLIB_Mar23_1
 		date = "2023-03-30"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L188-L214"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e52c76de1e995cc7084ddb390b60f4bc66e5bdf89aaa28ef3fd70578ed3145a6"
 		score = 80
 		quality = 85
@@ -319681,8 +320153,8 @@ rule SIGNATURE_BASE_APT_SUSP_NK_3CX_Malicious_Samples_Mar23_1
 		date = "2023-03-30"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L216-L232"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L216-L232"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6ab8a4ac184eaba6eb56bfc49d6fa03f9b0877d75294aa9a242e9ac96482fab0"
 		score = 70
 		quality = 85
@@ -319707,8 +320179,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_Malicious_Samples_Mar23_4
 		date = "2023-03-29"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/WhichbufferArda/status/1641404343323688964?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L234-L249"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L234-L249"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "851c2c99ebafd4e5e9e140cfe3f2d03533846ca16f8151ae8ee0e83c692884b7"
 		logic_hash = "2fd56527a094b1f155cf33af402328835d4fb8aee9a058742d3e3763acef9e46"
 		score = 80
@@ -319732,8 +320204,8 @@ rule SIGNATURE_BASE_MAL_3Cxdesktopapp_Macos_Backdoor_Mar23 : FILE
 		date = "2023-03-30"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2023/03/30/3cx-supply-chain-compromise-leads-to-iconic-incident/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L251-L275"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a64fa9f1c76457ecc58402142a8728ce34ccba378c17318b3340083eeb7acc67"
 		logic_hash = "777a0a29c376f3697021dd627e716c31bda7933c5f40a8fe79b80e3cea46ce43"
 		score = 80
@@ -319758,8 +320230,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_ICONIC_Stealer_Mar23_1 : FILE
 		date = "2023-03-31"
 		modified = "2023-12-05"
 		reference = "https://github.com/volexity/threat-intel/blob/main/2023/2023-03-30%203CX/attachments/iconicstealer.7z"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L279-L304"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L279-L304"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1f57a2af4a5b9e71e2b72ddc3839400731d9d37eb4349c393b37b3f86c0c7f73"
 		score = 80
 		quality = 85
@@ -319788,8 +320260,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_3CX_Macos_Elextron_App_Mar23_1 : FILE
 		date = "2023-03-31"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L306-L328"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L306-L328"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "00dd28c3edd94e04e35ee9e3a43c30b5a0a1ad21ec8ecf2099bbeb9de2fca8d0"
 		score = 80
 		quality = 85
@@ -319815,8 +320287,8 @@ rule SIGNATURE_BASE_MAL_3Cxdesktopapp_Macos_Updateagent_Mar23 : FILE
 		date = "2023-03-30"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/patrickwardle/status/1641692164303515653?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L330-L354"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L330-L354"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9e9a5f8d86356796162cee881c843cde9eaedfb3"
 		logic_hash = "0818a8f0b59a9baaefaa0b505f8261e0e0df283e79da8e95dc71e9afdca224ab"
 		score = 80
@@ -319842,8 +320314,8 @@ rule SIGNATURE_BASE_APT_MAL_VEILEDSIGNAL_Backdoor_Apr23_2
 		date = "2023-04-29"
 		modified = "2023-12-05"
 		reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L373-L392"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L373-L392"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c4887a5cd6d98e273ba6e9ea3c1d8f770ef26239819ea24a1bfebd81d6870505"
 		logic_hash = "a15f7f06be5e620baf33d595afc35246dae0307978984af832940a74ef2c84eb"
 		score = 80
@@ -319870,8 +320342,8 @@ rule SIGNATURE_BASE_APT_MAL_VEILEDSIGNAL_Backdoor_Apr23_3
 		date = "2023-04-29"
 		modified = "2023-12-05"
 		reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L394-L410"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L394-L410"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "595392959b609caf088d027a23443cf2fefd043607ccdec3de19ad3bb43a74b1"
 		logic_hash = "58f860926db4a7dfefbd39ee35efaa0081b7e31a361efce02f5144266ab652a6"
 		score = 80
@@ -319896,8 +320368,8 @@ rule SIGNATURE_BASE_APT_MAL_VEILEDSIGNAL_Backdoor_Apr23_4
 		date = "2023-04-29"
 		modified = "2023-12-05"
 		reference = "https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_3cx_compromise_mar23.yar#L412-L428"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_3cx_compromise_mar23.yar#L412-L428"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9b0761f81afb102bb784b398b16faa965594e469a7fcfdfd553ced19cc17e70b"
 		logic_hash = "ad22df404d948073428fc35b0c8fbfea25da3bc66e46ea6397ff751ae65d5939"
 		score = 80
@@ -319922,8 +320394,8 @@ rule SIGNATURE_BASE_Fourelementsword_Config_File
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_four_element_sword.yar#L11-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_four_element_sword.yar#L11-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f05cd0353817bf6c2cab396181464c31c352d6dea07e2d688def261dd6542b27"
 		logic_hash = "680e50998093e63a4e3c7d5338ac149efef83cdb41ceb4ce0245e8bd2ab99b84"
 		score = 75
@@ -319950,8 +320422,8 @@ rule SIGNATURE_BASE_Fourelementsword_T9000 : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_four_element_sword.yar#L30-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_four_element_sword.yar#L30-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5f3d0a319ecc875cc64a40a34d2283cb329abcf79ad02f487fbfd6bef153943c"
 		logic_hash = "1c7b063cbe9d44a9d194a180570f8313460f61560ac2cda5d66e048934170faa"
 		score = 75
@@ -319979,8 +320451,8 @@ rule SIGNATURE_BASE_Fourelementsword_32DLL : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_four_element_sword.yar#L51-L68"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_four_element_sword.yar#L51-L68"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7a200c4df99887991c638fe625d07a4a3fc2bdc887112437752b3df5c8da79b6"
 		logic_hash = "b44870975f126b8603db04b97b748f7a5a75675ffe57037f613c11d6048200b1"
 		score = 75
@@ -320006,8 +320478,8 @@ rule SIGNATURE_BASE_Fourelementsword_Keyainst_EXE : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_four_element_sword.yar#L70-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_four_element_sword.yar#L70-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cf717a646a015ee72f965488f8df2dd3c36c4714ccc755c295645fe8d150d082"
 		logic_hash = "1491de3241a81cce4d80d6dc23886f1d8bf316112c48652a8138aa4cbadbb174"
 		score = 75
@@ -320033,8 +320505,8 @@ rule SIGNATURE_BASE_Fourelementsword_Elevatedll_2 : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_four_element_sword.yar#L89-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_four_element_sword.yar#L89-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9c23febc49c7b17387767844356d38d5578727ee1150956164883cf555fe7f95"
 		logic_hash = "d5fcb2bacfa0a1f78bfbd3fa7ba3084da9a60f1b8b7880c83d8f225312c179b4"
 		score = 75
@@ -320059,8 +320531,8 @@ rule SIGNATURE_BASE_Fourelementsword_Fslapi_Dll_Gui : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_four_element_sword.yar#L106-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_four_element_sword.yar#L106-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2a6ef9dde178c4afe32fe676ff864162f104d85fac2439986de32366625dc083"
 		logic_hash = "909b187f864a240268d0ffcef904b85cd1eaad97dd3a3a808aad58968fbb76c2"
 		score = 75
@@ -320085,8 +320557,8 @@ rule SIGNATURE_BASE_Fourelementsword_Powershell_Start
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_four_element_sword.yar#L123-L137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_four_element_sword.yar#L123-L137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9b6053e784c5762fdb9931f9064ba6e52c26c2d4b09efd6ff13ca87bbb33c692"
 		logic_hash = "7b1986845d97dcd11c8baddb0b49350ad30c6fff98840275befef4ad0b906b54"
 		score = 75
@@ -320110,8 +320582,8 @@ rule SIGNATURE_BASE_Fourelementsword_Resn32Dll
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_four_element_sword.yar#L139-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_four_element_sword.yar#L139-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bf1b00b7430899d33795ef3405142e880ef8dcbda8aab0b19d80875a14ed852f"
 		logic_hash = "9658ae3d1267993551cfb939f75f3d78de18cbeb2f524c2576b849103f3cacdc"
 		score = 75
@@ -320136,8 +320608,8 @@ rule SIGNATURE_BASE_Fourelementsword_Elevatedll : FILE
 		date = "2016-04-18"
 		modified = "2023-12-05"
 		reference = "https://www.arbornetworks.com/blog/asert/four-element-sword-engagement/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_four_element_sword.yar#L158-L179"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_four_element_sword.yar#L158-L179"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d110bae02f00d14c5a71ecf5991e9fc38b29d8056d1e551dc36376875d2e1333"
 		score = 75
 		quality = 85
@@ -320166,8 +320638,8 @@ rule SIGNATURE_BASE_SUSP_NET_Msil_Suspicious_Use_Strreverse : FILE
 		date = "2023-01-31"
 		modified = "2023-02-22"
 		reference = "https://github.com/dr4k0nia/yara-rules"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_net_msil.yar#L2-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_net_msil.yar#L2-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "02ce0980427dea835fc9d9eed025dd26672bf2c15f0b10486ff8107ce3950701"
 		logic_hash = "a7440600ee4826568d465d204e0a602f61752e4ffcfa3b4f29e5bc81c4d67b46"
 		score = 70
@@ -320195,8 +320667,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Sep1_A1 : FILE
 		date = "2017-09-12"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dragonfly.yar#L13-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dragonfly.yar#L13-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d235dc964ac74d2b635251d07b2a9119b731a6c3c45b6b2a81ca88e6fc8b63b7"
 		score = 75
 		quality = 85
@@ -320216,8 +320688,8 @@ rule SIGNATURE_BASE_Dragonfly_APT_Sep17_1 : FILE
 		date = "2017-09-12"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dragonfly.yar#L29-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dragonfly.yar#L29-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c885fb690b7e047203529f0c4a6dd60dea822ce60a47e42b52d3216bc26da62e"
 		score = 75
 		quality = 85
@@ -320242,8 +320714,8 @@ rule SIGNATURE_BASE_Dragonfly_APT_Sep17_2 : FILE
 		date = "2017-09-12"
 		modified = "2023-01-06"
 		reference = "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dragonfly.yar#L46-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dragonfly.yar#L46-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "433711dd15c8d1044b381046747194e47402288df06da6bbc61055dc9c90f52a"
 		score = 75
 		quality = 85
@@ -320273,8 +320745,8 @@ rule SIGNATURE_BASE_Dragonfly_APT_Sep17_3 : FILE
 		date = "2017-09-12"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dragonfly.yar#L68-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dragonfly.yar#L68-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f564685eb1426d1a3eb888a888bfdf3a8fa9bc96af07fb0bc5f10c0a324f1d9d"
 		score = 75
 		quality = 85
@@ -320300,8 +320772,8 @@ rule SIGNATURE_BASE_Dragonfly_APT_Sep17_4 : FILE
 		date = "2017-09-12"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/connect/blogs/dragonfly-western-energy-sector-targeted-sophisticated-attack-group"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dragonfly.yar#L91-L109"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dragonfly.yar#L91-L109"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "61af81f0cd1eccba3a1000e6715c9715e8e67849e5edd4279728a7e47bd8cb75"
 		score = 75
 		quality = 85
@@ -320329,8 +320801,8 @@ rule SIGNATURE_BASE_ROKRAT_Malware : FILE
 		date = "2017-04-03"
 		modified = "2021-09-14"
 		reference = "http://blog.talosintelligence.com/2017/04/introducing-rokrat.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_rokrat.yar#L8-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_rokrat.yar#L8-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8b8fa3f97ce13e501cc25b89e2cfdaf785f1cb9f57a9dbd3461596b1bc6178c2"
 		score = 75
 		quality = 85
@@ -320364,8 +320836,8 @@ rule SIGNATURE_BASE_ROKRAT_Dropper_Nov17 : FILE
 		date = "2017-11-28"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_rokrat.yar#L48-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_rokrat.yar#L48-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4a444342a4fb4d10aaf8efb5c26954847ce1089c9cec37d1ab3b03e0ac566c6c"
 		score = 75
 		quality = 85
@@ -320386,8 +320858,8 @@ rule SIGNATURE_BASE_Freeenki_Infostealer_Nov17 : FILE
 		date = "2017-11-28"
 		modified = "2023-01-06"
 		reference = "http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_rokrat.yar#L63-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_rokrat.yar#L63-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e823ef5506b2fdf30a6ff9bdf6eee552b767b66a6c007a30618fc212d598b540"
 		score = 75
 		quality = 85
@@ -320420,8 +320892,8 @@ rule SIGNATURE_BASE_Freeenki_Infostealer_Nov17_Export_Sig_Testing : FILE
 		date = "2017-11-28"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2017/11/ROKRAT-Reloaded.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_rokrat.yar#L94-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_rokrat.yar#L94-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2c6d8784aa976501a77441c4e705b7fdc9654277e8cd3f6d966967fb2e1cd724"
 		score = 50
 		quality = 85
@@ -320441,8 +320913,8 @@ rule SIGNATURE_BASE_ROKRAT_Nov17_1 : FILE
 		date = "2017-11-28"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_rokrat.yar#L110-L127"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_rokrat.yar#L110-L127"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "12641d417408ef32292204f620efa3d1347238fa1c6f63b2b6f09a6c660e9e24"
 		score = 75
 		quality = 85
@@ -320469,8 +320941,8 @@ rule SIGNATURE_BASE_Tscookie_RAT : FILE
 		date = "2018-03-06"
 		modified = "2023-12-05"
 		reference = "http://blog.jpcert.or.jp/2018/03/malware-tscooki-7aa0.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_tscookie_rat.yar#L13-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_tscookie_rat.yar#L13-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c6121c541a77219b17351787973a4bc06a8d941ebd5f9e5e1e14ad4740a3fe7b"
 		score = 75
 		quality = 85
@@ -320496,11 +320968,11 @@ rule SIGNATURE_BASE_Rtf_CVE_2018_0802 : CVE_2018_0802 FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://www.freebuf.com/vuls/159789.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2018_0802.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2018_0802.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ac1cd4f2162d2c8415e2ee5167cabb8e8aff08a06afe244f5bfe099f2d3fbeb4"
 		score = 75
-		quality = 58
+		quality = 83
 		tags = "CVE-2018-0802, FILE"
 
 	strings:
@@ -320519,8 +320991,8 @@ rule SIGNATURE_BASE_APT_Apt_Duqu2_Loaders : FILE
 		date = "2015-06-09"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_kaspersky_duqu2.yar#L10-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_kaspersky_duqu2.yar#L10-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "79f205745e61b55c43c239d9da9086fd72312ea2741351183d32f7c227174ff8"
 		score = 75
 		quality = 83
@@ -320557,8 +321029,8 @@ rule SIGNATURE_BASE_APT_Apt_Duqu2_Drivers : FILE
 		date = "2015-06-09"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_kaspersky_duqu2.yar#L40-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_kaspersky_duqu2.yar#L40-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "023a51408f86814a8f810d0f89b185aca07dd60a1abb6de47f86ad8eeda4c4c4"
 		score = 75
 		quality = 85
@@ -320586,8 +321058,8 @@ rule SIGNATURE_BASE_Duqu2_Generic1 : FILE
 		date = "2015-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/7yKyOj"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_kaspersky_duqu2.yar#L61-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_kaspersky_duqu2.yar#L61-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "742934198391bd30da654bf8efedc2a18c58dd0de357b2bcdbdbe8066187b0c2"
 		score = 75
 		quality = 85
@@ -320626,8 +321098,8 @@ rule SIGNATURE_BASE_APT_Kaspersky_Duqu2_Procexp : FILE
 		date = "2015-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/7yKyOj"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_kaspersky_duqu2.yar#L92-L114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_kaspersky_duqu2.yar#L92-L114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dd63f0eebc88fa0737905f20dc30dc968df81b7976a86ed8ed5646f7708c4b4a"
 		score = 75
 		quality = 85
@@ -320658,8 +321130,8 @@ rule SIGNATURE_BASE_APT_Kaspersky_Duqu2_Samsungprint : FILE
 		date = "2015-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/7yKyOj"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_kaspersky_duqu2.yar#L116-L134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_kaspersky_duqu2.yar#L116-L134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ce39f41eb4506805efca7993d3b0b506ab6776ca"
 		logic_hash = "9b2d80cfe3c47ac315b76c773acc3290668e06e4bbd99402e203b72af593fab8"
 		score = 75
@@ -320687,8 +321159,8 @@ rule SIGNATURE_BASE_APT_Kaspersky_Duqu2_Msi3_32 : FILE
 		date = "2015-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/7yKyOj"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_kaspersky_duqu2.yar#L136-L157"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_kaspersky_duqu2.yar#L136-L157"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "53d9ef9e0267f10cc10f78331a9e491b3211046b"
 		logic_hash = "718223d1ff82ffa0f3204e0cdaf0d441ed133f1f069d9ba2eb818bd3445f63ca"
 		score = 75
@@ -320719,8 +321191,8 @@ rule SIGNATURE_BASE_Bitpaymer_1
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://blog.morphisec.com/bitpaymer-ransomware-with-new-custom-packer-framework"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_crime_bitpaymer.yar#L1-L12"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_crime_bitpaymer.yar#L1-L12"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0c236794c04f0805d4611cfaf43369eeb4d0e65d6c697e6c5e6afd321fbca629"
 		score = 75
 		quality = 85
@@ -320742,8 +321214,8 @@ rule SIGNATURE_BASE_APT28_Hospitalitymalware_Document : FILE
 		date = "2017-10-02"
 		modified = "2023-12-05"
 		reference = "http://csecybsec.com/download/zlab/APT28_Hospitality_Malware_report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_hospitality.yar#L3-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_hospitality.yar#L3-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "33c69e03e00c90dc0b673cdb042f8f979552086414bda9c9f17f3785214b05af"
 		score = 75
 		quality = 85
@@ -320767,8 +321239,8 @@ rule SIGNATURE_BASE_APT28_Hospitalitymalware_Mvtband_File
 		date = "2017-10-02"
 		modified = "2023-12-05"
 		reference = "http://csecybsec.com/download/zlab/APT28_Hospitality_Malware_report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_hospitality.yar#L20-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_hospitality.yar#L20-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d5da333444e7c9f023d9c6d8d1dec617859efdb26f9f6bc41e22ef27d2e3059a"
 		score = 75
 		quality = 85
@@ -320791,8 +321263,8 @@ rule SIGNATURE_BASE_MAL_PHISH_Shellcode_Enc_Payload_Feb25 : FILE
 		date = "2025-02-14"
 		modified = "2025-03-20"
 		reference = "https://x.com/dtcert/status/1890384162818802135"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_phish_feb25.yar#L1-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_phish_feb25.yar#L1-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "247e6a648bb22d35095ba02ef4af8cfe0a4cdfa25271117414ff2e3a21021886"
 		logic_hash = "144323294a8353956adf7a9b2a316e1e7606e882f85b8187c016d5acdcc254cc"
 		score = 80
@@ -320814,8 +321286,8 @@ rule SIGNATURE_BASE_MAL_PHISH_Final_Payload_Feb25
 		date = "2025-02-14"
 		modified = "2025-03-20"
 		reference = "https://x.com/dtcert/status/1890384162818802135"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_phish_feb25.yar#L16-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_phish_feb25.yar#L16-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "de384aba6b0c6800095eb530954aa718d4ed96cccfc0b1e5e4d01404f3518a77"
 		logic_hash = "3251d68a019d873987966d46c9e474e5a1ebbca4a33a8bf1e3c3ce119db8ab8c"
 		score = 80
@@ -320843,8 +321315,8 @@ rule SIGNATURE_BASE_SUSP_Sysinternals_Desktops_Anomaly_Feb25 : FILE
 		date = "2025-02-14"
 		modified = "2025-03-20"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_phish_feb25.yar#L37-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_phish_feb25.yar#L37-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5b8f64e090c7c9012e656c222682dfae7910669c7b7afaca35829cd1cc2eac17"
 		hash = "d0f7f3f58e0dfcfd81235379bb5a236f40be490207d3bf45f190a264879090db"
 		hash = "a83dc4d69a3de72aed4d1933db2ca120657f06adc6683346afbd267b8b7d27d0"
@@ -320874,8 +321346,8 @@ rule SIGNATURE_BASE_SUSP_PE_Compromised_Certificate_Feb25 : FILE
 		date = "2025-02-14"
 		modified = "2025-03-20"
 		reference = "https://x.com/DTCERT/status/1890384162818802135"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_phish_feb25.yar#L62-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_phish_feb25.yar#L62-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5b8f64e090c7c9012e656c222682dfae7910669c7b7afaca35829cd1cc2eac17"
 		hash = "d0f7f3f58e0dfcfd81235379bb5a236f40be490207d3bf45f190a264879090db"
 		hash = "a83dc4d69a3de72aed4d1933db2ca120657f06adc6683346afbd267b8b7d27d0"
@@ -320905,8 +321377,8 @@ rule SIGNATURE_BASE_Teledoor_Backdoor : FILE
 		date = "2017-07-05"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/CpfJQQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_teledoor.yar#L11-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_teledoor.yar#L11-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "785360fa19a61a547309fc7a8968c94d4887be001c6a66b41c7adb9dcd13cb82"
 		score = 75
 		quality = 85
@@ -320933,8 +321405,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_Keylogger_Unknown_Nov19_1 : FILE
 		date = "2019-11-06"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/CNMF_VirusAlert/status/1192131508007505921"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_gen.yar#L2-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_gen.yar#L2-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a3b5c82cb8aa09e3c1b955bb175046e86f96da1f187eb46df83caaaf9e1370b2"
 		score = 75
 		quality = 85
@@ -320976,8 +321448,8 @@ rule SIGNATURE_BASE_MAL_Backnet_Nov18_1 : FILE
 		date = "2018-11-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/valsov/BackNet"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_backnet.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_backnet.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ea809a65a3cd786efe03ff7d831847e658851f76ee9dd084cb6c622b6e44c75f"
 		score = 75
 		quality = 85
@@ -321005,8 +321477,8 @@ rule SIGNATURE_BASE_Emissary_APT_Malware_1 : FILE
 		date = "2016-01-02"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/V0epcf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_emissary.yar#L8-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_emissary.yar#L8-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cab20ac0c17dcc5cb9d0c9f4cffe47e5880acd9dee935cb0eb1ef59579a23f17"
 		score = 75
 		quality = 85
@@ -321050,8 +321522,8 @@ rule SIGNATURE_BASE_Fidelis_Advisory_Purchase_Order_Pps
 		date = "2015-06-09"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/ZjJyti"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fidelis_phishing_plain_sight.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fidelis_phishing_plain_sight.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "45cfee6413accff36a39ced861a29c611d6efe24e1ca87f17467106f8565642b"
 		score = 75
 		quality = 85
@@ -321073,8 +321545,8 @@ rule SIGNATURE_BASE_Fidelis_Advisory_Cedt370
 		date = "2015-06-09"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/ZjJyti"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fidelis_phishing_plain_sight.yar#L16-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fidelis_phishing_plain_sight.yar#L16-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1070d3c63a7091c0982e67134f9dc3cd790bb0b5c2ac08f3a00e3b97ef53d64b"
 		score = 75
 		quality = 85
@@ -321098,8 +321570,8 @@ rule SIGNATURE_BASE_ATM_Malware_XFSADM_1 : FILE
 		date = "2019-06-21"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/r3c0nst/status/1149043362244308992"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_atm_xfsadm.yar#L1-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_atm_xfsadm.yar#L1-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f2c1761407c5e499be43e546badd27428821f828a470fd3e3dcddd08db04aaa5"
 		score = 75
 		quality = 85
@@ -321131,8 +321603,8 @@ rule SIGNATURE_BASE_APT28_CHOPSTICK : FILE
 		date = "2015-06-02"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/v3ebal"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt28.yar#L10-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt28.yar#L10-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f4db2e0881f83f6a2387ecf446fcb4a4c9f99808"
 		logic_hash = "750b2d5157856e0ffd840406eec601ded51ced7ccb20b577f336bbaf32681835"
 		score = 60
@@ -321163,8 +321635,8 @@ rule SIGNATURE_BASE_APT28_Sourface_Malware1 : FILE
 		date = "2015-06-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt28.yar#L34-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt28.yar#L34-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2ec1e5db74b5abe1da0d454b5e901bd808a0be318235f25d713cfdc4aea8d6d7"
 		score = 60
 		quality = 85
@@ -321189,8 +321661,8 @@ rule SIGNATURE_BASE_APT28_Sourface_Malware2 : FILE
 		date = "2015-06-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt28.yar#L52-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt28.yar#L52-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ed0424e61ca3243241e32d4f744398d263d7e35de15d94e9c6f816dc7349c267"
 		score = 60
 		quality = 85
@@ -321219,8 +321691,8 @@ rule SIGNATURE_BASE_APT28_Sourface_Malware3 : FILE
 		date = "2015-06-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2014/10/apt28-a-window-into-russias-cyber-espionage-operations.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt28.yar#L74-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt28.yar#L74-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "894fc2913cf1fa8aecb3052e762d4403124fcbdb2148edb23a9117c2f2b8eddc"
 		score = 60
 		quality = 85
@@ -321253,8 +321725,8 @@ rule SIGNATURE_BASE_APT28_Skinnyboy_Dropper : RUSSIA FILE
 		date = "2021-05-24"
 		modified = "2023-12-05"
 		reference = "https://cluster25.io/wp-content/uploads/2021/05/2021-05_FancyBear.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt28.yar#L103-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt28.yar#L103-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9e29ed985fac8701f72f0860fe101272c3c3342ef6857e30d32f5fea14822945"
 		score = 75
 		quality = 85
@@ -321278,8 +321750,8 @@ rule SIGNATURE_BASE_APT28_Skinnyboy_Launcher : RUSSIA FILE
 		date = "2021-05-24"
 		modified = "2023-12-05"
 		reference = "https://cluster25.io/wp-content/uploads/2021/05/2021-05_FancyBear.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt28.yar#L120-L141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt28.yar#L120-L141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cbb7a6e0114a9556a99ab3f5601664f430b650b2de0b44fe0178a99f21082e8d"
 		score = 75
 		quality = 85
@@ -321311,8 +321783,8 @@ rule SIGNATURE_BASE_APT28_Skinnyboy_Implanter : RUSSIA FILE
 		date = "2021-05-24"
 		modified = "2023-12-05"
 		reference = "https://cluster25.io/wp-content/uploads/2021/05/2021-05_FancyBear.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt28.yar#L143-L159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt28.yar#L143-L159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f5b8944910297988ecf5aecf23d20c384cf141a3a0972baadfacc4969dc46e7c"
 		score = 75
 		quality = 85
@@ -321338,8 +321810,8 @@ rule SIGNATURE_BASE_EXT_HKTL_Nighthawk_RAT : FILE
 		date = "2022-11-22"
 		modified = "2025-07-01"
 		reference = "https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_nighthawk_c2.yar#L3-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_nighthawk_c2.yar#L3-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "46404445e1fee89b598b0d42888f793dd602533cff2f72524800597af5b61197"
 		score = 75
 		quality = 85
@@ -321370,8 +321842,8 @@ rule SIGNATURE_BASE_HKTL_MAL_Nighthawk_Nov_2022_1 : NIGHTHAWK BEACON FILE
 		date = "2022-11-22"
 		modified = "2025-07-01"
 		reference = "https://web.archive.org/web/20221125224850/https://www.proofpoint.com/us/blog/threat-insight/nighthawk-and-coming-pentest-tool-likely-gain-threat-actor-notice"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_nighthawk_c2.yar#L32-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_nighthawk_c2.yar#L32-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8dec7752ee6e1af87129ce7ac09130f94a20807c4f45ceb1fce434358ac727bf"
 		score = 75
 		quality = 85
@@ -321398,8 +321870,8 @@ rule SIGNATURE_BASE_Apt_Nix_Elf_Derusbi_1 : FILE
 		date = "2016-02-29"
 		modified = "2023-05-04"
 		reference = "https://github.com/fideliscyber/indicators/tree/master/FTA-1021"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turbo_campaign.yar#L1-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turbo_campaign.yar#L1-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "61ef65a1500d3def3376a82bc376db451d202d18b03855ee279b6c01757deb2a"
 		score = 75
 		quality = 83
@@ -321456,8 +321928,8 @@ rule SIGNATURE_BASE_Apt_Nix_Elf_Derusbi_Kernelmodule_1 : FILE
 		date = "2016-02-29"
 		modified = "2023-05-04"
 		reference = "https://github.com/fideliscyber/indicators/tree/master/FTA-1021"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turbo_campaign.yar#L51-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turbo_campaign.yar#L51-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fab37e2dbe05c694da6e428aa922747b276c2827cbbd2b6c8002f0cc30c2870c"
 		score = 75
 		quality = 85
@@ -321497,8 +321969,8 @@ rule SIGNATURE_BASE_Apt_Nix_Elf_Derusbi_Linux_Sharedmemcreation_1 : FILE
 		date = "2016-02-29"
 		modified = "2023-12-05"
 		reference = "https://github.com/fideliscyber/indicators/tree/master/FTA-1021"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turbo_campaign.yar#L85-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turbo_campaign.yar#L85-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "adbdccea9ea7aefcca18d659c027a49e7e2e053873b77ddaf369203b3e301033"
 		score = 75
 		quality = 85
@@ -321519,8 +321991,8 @@ rule SIGNATURE_BASE_Apt_Nix_Elf_Derusbi_Linux_Strings_1 : FILE
 		date = "2016-02-29"
 		modified = "2023-12-05"
 		reference = "https://github.com/fideliscyber/indicators/tree/master/FTA-1021"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turbo_campaign.yar#L98-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turbo_campaign.yar#L98-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b54b406a562247d4c3d4a9c4d1b7584bdcecfe5b6c76867c04770e016eeb8c9a"
 		score = 75
 		quality = 83
@@ -321554,8 +322026,8 @@ rule SIGNATURE_BASE_Apt_Win_Exe_Trojan_Derusbi_1 : FILE
 		date = "2016-02-29"
 		modified = "2023-12-05"
 		reference = "https://github.com/fideliscyber/indicators/tree/master/FTA-1021"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turbo_campaign.yar#L130-L189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turbo_campaign.yar#L130-L189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "02fb4da724b257aef0ec0fecfe5b7a25a23fe4dd5baae0ddd2d21350b9af34e9"
 		score = 75
 		quality = 83
@@ -321605,8 +322077,8 @@ rule SIGNATURE_BASE_Apt_Sofacy_Xtunnel : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_xtunnel_bundestag.yar#L3-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_xtunnel_bundestag.yar#L3-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2478d9d8996bf4a142e39eac0e2d6af718d364be080a89530812615595777efd"
 		score = 75
 		quality = 85
@@ -321642,8 +322114,8 @@ rule SIGNATURE_BASE_Winexe_Remoteexec : FILE
 		date = "2015-06-19"
 		modified = "2021-02-11"
 		reference = "http://dokumente.linksfraktion.de/inhalt/report-orig.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_xtunnel_bundestag.yar#L26-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_xtunnel_bundestag.yar#L26-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9e944f07b43b934346c0e88685014c05ff81561ac2f7c3374b55b9c4523b98c1"
 		score = 70
 		quality = 85
@@ -321670,8 +322142,8 @@ rule SIGNATURE_BASE_Sofacy_Mal2 : FILE
 		date = "2015-06-19"
 		modified = "2023-12-05"
 		reference = "http://dokumente.linksfraktion.de/inhalt/report-orig.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_xtunnel_bundestag.yar#L50-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_xtunnel_bundestag.yar#L50-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "566ab945f61be016bfd9e83cc1b64f783b9b8deb891e6d504d3442bc8281b092"
 		logic_hash = "c325ed815b7de3338363d064f4097edf0596644d4ef8d642fda3664a2a16c2eb"
 		score = 70
@@ -321696,8 +322168,8 @@ rule SIGNATURE_BASE_Sofacy_Mal3 : FILE
 		date = "2015-06-19"
 		modified = "2023-01-06"
 		reference = "http://dokumente.linksfraktion.de/inhalt/report-orig.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_xtunnel_bundestag.yar#L69-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_xtunnel_bundestag.yar#L69-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5f6b2a0d1d966fc4f1ed292b46240767f4acb06c13512b0061b434ae2a692fa1"
 		logic_hash = "80c433cf5b3d042e46b5441a1b027c5ecf571f30571064904a33e92677633e66"
 		score = 70
@@ -321731,8 +322203,8 @@ rule SIGNATURE_BASE_Sofacy_Bundestag_Batch : FILE
 		date = "2015-06-19"
 		modified = "2023-12-05"
 		reference = "http://dokumente.linksfraktion.de/inhalt/report-orig.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_xtunnel_bundestag.yar#L101-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_xtunnel_bundestag.yar#L101-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "05d6df161042a65f9eeec4be4046001a03fa61747a9ea123f13e6e75d6664ac7"
 		score = 70
 		quality = 85
@@ -321757,8 +322229,8 @@ rule SIGNATURE_BASE_APT_APT10_Malware_Imphash_Dec18_1 : FILE
 		date = "2018-12-28"
 		modified = "2023-12-05"
 		reference = "AlienVault OTX IOCs - statistical sample analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt10.yar#L1390-L1406"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt10.yar#L1390-L1406"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d6e2f23f3809e7a7064bfe4859db3480454a9c8b21ffac2e1e8b7b8a8906de93"
 		score = 75
 		quality = 85
@@ -321776,12 +322248,12 @@ rule SIGNATURE_BASE_FE_Webshell_PL_ATRIUM_1
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_pulsesecure.yar#L12-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_pulsesecure.yar#L12-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ca0175d86049fa7c796ea06b413857a3"
 		logic_hash = "869b397616495c644beb997602eac84ddcdbacce4c14755c555f5bda36663ca2"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = ""
 
 	strings:
@@ -321801,12 +322273,12 @@ rule SIGNATURE_BASE_FE_Trojan_SH_ATRIUM_1
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_pulsesecure.yar#L29-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_pulsesecure.yar#L29-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a631b7a8a11e6df3fccb21f4d34dbd8a"
 		logic_hash = "672a293660d89d5d7d62a658c360bad0b6408611d8794744b17a81e6a75ceea7"
 		score = 75
-		quality = 35
+		quality = 60
 		tags = ""
 
 	strings:
@@ -321827,12 +322299,12 @@ rule SIGNATURE_BASE_FE_APT_Webshell_PL_HARDPULSE
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_pulsesecure.yar#L46-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_pulsesecure.yar#L46-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "980cba9e82faf194edb6f3cc20dc73ff"
 		logic_hash = "37fc40fd998d3294edb05707170bc2deec524fc6451bff212901f9ac3e34bb35"
 		score = 75
-		quality = 58
+		quality = 83
 		tags = ""
 
 	strings:
@@ -321856,8 +322328,8 @@ rule SIGNATURE_BASE_FE_APT_Trojan_Linux32_LOCKPICK_1 : FILE
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_pulsesecure.yar#L66-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_pulsesecure.yar#L66-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e8bfd3f5a2806104316902bbe1195ee8"
 		logic_hash = "1623c2dc63fe7d595069a024b715bbca267ec1c9400afcadc377ae58afb81a2a"
 		score = 75
@@ -321880,8 +322352,8 @@ rule SIGNATURE_BASE_FE_APT_Trojan_Linux32_PACEMAKER : FILE
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_pulsesecure.yar#L81-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_pulsesecure.yar#L81-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d7881c4de4d57828f7e1cab15687274b"
 		logic_hash = "f3f89744ce558179f36da3b412ba4afb3798684e6d976ef59de565b5a3323ad6"
 		score = 75
@@ -321907,8 +322379,8 @@ rule SIGNATURE_BASE_FE_APT_Trojan_Linux_PACEMAKER : FILE
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_pulsesecure.yar#L99-L115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_pulsesecure.yar#L99-L115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d7881c4de4d57828f7e1cab15687274b"
 		logic_hash = "cf83024cbbd500a301ac3c859b680cd79acabc232ea6f42c23fe9f8918a8d914"
 		score = 75
@@ -321933,8 +322405,8 @@ rule SIGNATURE_BASE_FE_APT_Webshell_PL_PULSECHECK_1
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_pulsesecure.yar#L116-L136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_pulsesecure.yar#L116-L136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a1dcdf62aafc36dd8cf64774dea80d79fb4e24ba2a82adf4d944d9186acd1cc1"
 		logic_hash = "aba457dd33232ef37ca145c5b7cd9c5fe809730339a55c5e90ac46b4a136f6cb"
 		score = 75
@@ -321963,12 +322435,12 @@ rule SIGNATURE_BASE_FE_APT_Trojan_PL_PULSEJUMP_1
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_pulsesecure.yar#L137-L153"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_pulsesecure.yar#L137-L153"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "91ee23ee24e100ba4a943bb4c15adb4c"
 		logic_hash = "c9aa2b9ef8aff14c20ed6597b1a71eafc3e3c181aabf9a3a68df18945207ff86"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = ""
 
 	strings:
@@ -321989,12 +322461,12 @@ rule SIGNATURE_BASE_FE_APT_Trojan_PL_QUIETPULSE
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_pulsesecure.yar#L154-L172"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_pulsesecure.yar#L154-L172"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "00575bec8d74e221ff6248228c509a16"
 		logic_hash = "226a56369e141834d4834400bbf1a006bbb6e9b39e16e24b0106bff1a9c202a9"
 		score = 75
-		quality = 58
+		quality = 83
 		tags = ""
 
 	strings:
@@ -322017,12 +322489,12 @@ rule SIGNATURE_BASE_FE_APT_Trojan_PL_RADIALPULSE_1
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_pulsesecure.yar#L173-L190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_pulsesecure.yar#L173-L190"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d72daafedf41d484f7f9816f7f076a9249a6808f1899649b7daa22c0447bb37b"
 		logic_hash = "d65a466cc15214d8e26597588c039a6b9fb4637ef8f3b1ebea27f016fbd5cba8"
 		score = 75
-		quality = 58
+		quality = 83
 		tags = ""
 
 	strings:
@@ -322044,12 +322516,12 @@ rule SIGNATURE_BASE_FE_APT_Trojan_PL_RADIALPULSE_2
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_pulsesecure.yar#L191-L208"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_pulsesecure.yar#L191-L208"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4a2a7cbc1c8855199a27a7a7b51d0117"
 		logic_hash = "4ade993176c918ec23e99fc585e9ab14d9f9e93a7eca00f2c3b0ebbd13d6ec5b"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = ""
 
 	strings:
@@ -322071,12 +322543,12 @@ rule SIGNATURE_BASE_FE_APT_Trojan_PL_RADIALPULSE_3
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_pulsesecure.yar#L209-L226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_pulsesecure.yar#L209-L226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4a2a7cbc1c8855199a27a7a7b51d0117"
 		logic_hash = "025308591e058de284f949fd4f788e4a4f46bb2f6c0e1161237f1f811d8179ba"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = ""
 
 	strings:
@@ -322098,8 +322570,8 @@ rule SIGNATURE_BASE_FE_APT_Backdoor_Linux32_SLOWPULSE_1 : FILE
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_pulsesecure.yar#L227-L244"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_pulsesecure.yar#L227-L244"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cd09ec795a8f4b6ced003500a44d810f49943514e2f92c81ab96c33e1c0fbd68"
 		logic_hash = "c1d92ea4ed8e5934c8356e1e52092935c53a138e454026737448f7f523ea06be"
 		score = 75
@@ -322125,8 +322597,8 @@ rule SIGNATURE_BASE_FE_APT_Webshell_PL_STEADYPULSE_1
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_pulsesecure.yar#L265-L284"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_pulsesecure.yar#L265-L284"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "168976797d5af7071df257e91fcc31ce1d6e59c72ca9e2f50c8b5b3177ad83cc"
 		logic_hash = "a0e3ebdd02ccf5cc8fc0a83c1d0224aed45dc5094eb85bd855e5b74b34e3aaaf"
 		score = 75
@@ -322154,8 +322626,8 @@ rule SIGNATURE_BASE_Windivert_Driver : FILE
 		date = "2017-10-02"
 		modified = "2023-12-05"
 		reference = "https://www.reqrypt.org/windivert.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_pua.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_pua.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "db2933396e015e906114bd04f75a5b5caf0564494224f533a6e00c1fa5421568"
 		score = 40
 		quality = 85
@@ -322183,8 +322655,8 @@ rule SIGNATURE_BASE_APT_MAL_RU_WIN_Snake_Malware_May23_1 : MEMORY
 		date = "2023-05-10"
 		modified = "2025-03-21"
 		reference = "https://media.defense.gov/2023/May/09/2003218554/-1/-1/0/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_mal_ru_snake_may23.yar#L17-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_mal_ru_snake_may23.yar#L17-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7cff7152259bb17a9b72b91f0fbef220aad2f35a1d2758d7225316a9896bf845"
 		score = 70
 		quality = 71
@@ -322214,8 +322686,8 @@ rule SIGNATURE_BASE_APT_MAL_RU_Snake_Indicators_May23_1
 		date = "2023-05-10"
 		modified = "2025-03-21"
 		reference = "https://media.defense.gov/2023/May/09/2003218554/-1/-1/0/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_mal_ru_snake_may23.yar#L45-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_mal_ru_snake_may23.yar#L45-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cb7a4ad2ee0868f17b6235f070e4c03e2394e3c252253f334b29ad26116b09e5"
 		score = 85
 		quality = 35
@@ -322259,8 +322731,8 @@ rule SIGNATURE_BASE_WEBSHELL_PAS_Webshell : FILE
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_centreon.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_centreon.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "977ee0fdf0e92ccea6b71fea7b2c7aed2965c6966d8af86230ccb0f95b286694"
 		score = 70
 		quality = 85
@@ -322286,8 +322758,8 @@ rule SIGNATURE_BASE_WEBSHELL_PAS_Webshell_Ziparchivefile
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_centreon.yar#L30-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_centreon.yar#L30-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c15e7022f45ec211ba635d6cd31bab16f4fb0d3038fb19d5765e0f751c14a826"
 		score = 80
 		quality = 85
@@ -322308,8 +322780,8 @@ rule SIGNATURE_BASE_WEBSHELL_PAS_Webshell_Perlnetworkscript : FILE
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_centreon.yar#L44-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_centreon.yar#L44-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b170c07a005e737c8069f2cc63f869d4d3ff6593b3bfca5bcaf02d7808da6852"
 		score = 90
 		quality = 85
@@ -322334,8 +322806,8 @@ rule SIGNATURE_BASE_WEBSHELL_PAS_Webshell_Sqldumpfile
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_centreon.yar#L64-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_centreon.yar#L64-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c34abcada22fdf462fd66cc2da18ab9e54215defc6f7a7a95b5a80d1155a2ffe"
 		score = 90
 		quality = 85
@@ -322356,8 +322828,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Configuration_Key
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_centreon.yar#L78-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_centreon.yar#L78-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "056503a2c240a641cd2292a30ab1090e3a358cb4d57dca83b836ecb1bc62ed6b"
 		score = 80
 		quality = 85
@@ -322378,8 +322850,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Configuration_Name_Encrypted
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_centreon.yar#L92-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_centreon.yar#L92-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f65d59381403534a2c2f39d66c7c62bf1540eafc9aad1ad73de1809e91c42446"
 		score = 80
 		quality = 85
@@ -322400,11 +322872,11 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Configuration_File_Plaintext
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_centreon.yar#L106-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_centreon.yar#L106-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "536327d5216372a3fd2f4dad0a21be2778ce2930212daf0a8628ecbdab49b46e"
 		score = 80
-		quality = 60
+		quality = 85
 		tags = ""
 
 	strings:
@@ -322422,8 +322894,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Configuration_File_Ciphertext
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_centreon.yar#L120-L132"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_centreon.yar#L120-L132"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9dc7ee5b0a218a2b5be652e137fa090c944c3ddb0f699f521a72896668210813"
 		score = 80
 		quality = 85
@@ -322444,8 +322916,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Socket_Path
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_centreon.yar#L134-L146"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_centreon.yar#L134-L146"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8c049b5a7b508ca0f160d166f3c726e4a23a2c5b3105d075d7bf7a301a1c58f6"
 		score = 80
 		quality = 85
@@ -322466,8 +322938,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Task_Names
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_centreon.yar#L148-L167"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_centreon.yar#L148-L167"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "193482da1e2b9509fa9c65d46edc56057f7b5d44b7408d918d4a9cbb60736dab"
 		score = 80
 		quality = 85
@@ -322495,8 +322967,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Struct
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_centreon.yar#L169-L185"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_centreon.yar#L169-L185"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "312d0598fa85837f94023036468fcae50e8b2de532430a944befa8090afe79f6"
 		score = 80
 		quality = 85
@@ -322521,8 +322993,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Strings_Typo
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_centreon.yar#L187-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_centreon.yar#L187-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "65e6de743eb9fc742674c7e54eef8a376963a6fd4380bacd03fe6f92d4235920"
 		score = 80
 		quality = 85
@@ -322546,8 +323018,8 @@ rule SIGNATURE_BASE_APT_MAL_Sandworm_Exaramel_Strings
 		date = "2021-02-15"
 		modified = "2024-05-25"
 		reference = "https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_centreon.yar#L204-L232"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_centreon.yar#L204-L232"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9d2790e60184ed973b2735263d0a997f32af0beacc9ea8ef65926fe6507011d5"
 		score = 80
 		quality = 85
@@ -322580,8 +323052,8 @@ rule SIGNATURE_BASE_PHISH_02Dez2015_Dropped_P0O6543F_1 : FILE
 		date = "2015-12-02"
 		modified = "2023-12-05"
 		reference = "http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limited-word-doc-or-excel-xls-spreadsheet-malware/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_phish_gina_dec15.yar#L8-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_phish_gina_dec15.yar#L8-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "db788d6d3a8ed1a6dc9626852587f475e7671e12fa9c9faa73b7277886f1e210"
 		logic_hash = "91fc1b4682c1490b916b11685e1ecc74a964d657e544c0b84e8301b299154d02"
 		score = 75
@@ -322612,8 +323084,8 @@ rule SIGNATURE_BASE_PHISH_02Dez2015_Dropped_P0O6543F_2 : FILE
 		date = "2015-12-03"
 		modified = "2023-12-05"
 		reference = "http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limited-word-doc-or-excel-xls-spreadsheet-malware/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_phish_gina_dec15.yar#L31-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_phish_gina_dec15.yar#L31-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f5eb21d0f635171e1edcfecc909bc3508dfb6c32e7fdd7263edd5cd98e6ba411"
 		score = 75
 		quality = 85
@@ -322639,8 +323111,8 @@ rule SIGNATURE_BASE_PHISH_02Dez2015_Attach_P_ORD_C_10156_124658 : FILE
 		date = "2015-12-02"
 		modified = "2023-12-05"
 		reference = "http://myonlinesecurity.co.uk/purchase-order-124658-gina-harrowell-clinimed-limited-word-doc-or-excel-xls-spreadsheet-malware/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_phish_gina_dec15.yar#L49-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_phish_gina_dec15.yar#L49-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a2820b024b371447eab71f153b6251776719cfe55e08cb2a3cda5ee6da29949d"
 		score = 75
 		quality = 85
@@ -322674,8 +323146,8 @@ rule SIGNATURE_BASE_HTA_With_Wscript_Shell
 		date = "2017-06-21"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/msftmmpc/status/877396932758560768"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_hta_anomalies.yar#L11-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_hta_anomalies.yar#L11-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7ce2728fbd3023a6b96291cdb63f30dc9b71e5fc506f8b00ad97e3062b103478"
 		score = 80
 		quality = 85
@@ -322699,8 +323171,8 @@ rule SIGNATURE_BASE_HTA_Embedded
 		date = "2017-06-21"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/msftmmpc/status/877396932758560768"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_hta_anomalies.yar#L28-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_hta_anomalies.yar#L28-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "843f0ad5e39e5492db8ff7372f6d2038e7dbb7823ec9b33f863ab891a108b1ec"
 		score = 50
 		quality = 85
@@ -322723,8 +323195,8 @@ rule SIGNATURE_BASE_Apolmy_Privesc_Trojan : FILE
 		date = "2015-08-04"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_terracotta.yar#L11-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_terracotta.yar#L11-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d7bd289e6cee228eb46a1be1fcdc3a2bd5251bc1eafb59f8111756777d8f373d"
 		logic_hash = "8cce828806d5829735d6ac8d28a48c9b016b96b4370b2f3ac139799a9fe13c4a"
 		score = 80
@@ -322749,8 +323221,8 @@ rule SIGNATURE_BASE_Mithozhan_Trojan : FILE
 		date = "2015-08-04"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_terracotta.yar#L29-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_terracotta.yar#L29-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8553b945e2d4b9f45c438797d6b5e73cfe2899af1f9fd87593af4fd7fb51794a"
 		logic_hash = "a7beb030368cc6e1119617991b68e6fa1bf2d1f6eee28e83fef7862313f19d30"
 		score = 70
@@ -322775,8 +323247,8 @@ rule SIGNATURE_BASE_Remoteexec_Tool : FILE
 		date = "2015-08-04"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_terracotta.yar#L47-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_terracotta.yar#L47-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a550131e106ff3c703666f15d55d9bc8c816d1cb9ac1b73c2e29f8aa01e53b78"
 		logic_hash = "951cc65e14c2ff035ccc06d080730b1c25208caa1d30129074a6150557a5cebe"
 		score = 75
@@ -322804,8 +323276,8 @@ rule SIGNATURE_BASE_Liudoor_Malware_1 : FILE
 		date = "2015-08-04"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_terracotta.yar#L69-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_terracotta.yar#L69-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9ef9fcc5df910e796d8b015396cf37614982ebbf9be6f6a4a8d271d4263a36a9"
 		score = 70
 		quality = 85
@@ -322834,8 +323306,8 @@ rule SIGNATURE_BASE_Liudoor_Malware_2 : FILE
 		date = "2015-08-04"
 		modified = "2023-12-05"
 		reference = "https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_terracotta.yar#L91-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_terracotta.yar#L91-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "12cc72fb147f2d580f9f9e2a9bdfbec3f7b0e977871a27ccc941cd0b1aaa634c"
 		score = 70
 		quality = 85
@@ -322862,8 +323334,8 @@ rule SIGNATURE_BASE_Datper_Backdoor : FILE
 		date = "2017-08-21"
 		modified = "2023-12-05"
 		reference = "http://blog.jpcert.or.jp/2017/08/detecting-datper-malware-from-proxy-logs.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_tick_datper.yar#L13-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_tick_datper.yar#L13-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eacdc648226f20fa3847f0b5e8cafcee59cc1c6274cabb885db297f5b5fceafb"
 		score = 75
 		quality = 85
@@ -322896,8 +323368,8 @@ rule SIGNATURE_BASE_SUSP_Email_Suspicious_Onenote_Attachment_Jan23_1 : FILE
 		date = "2023-01-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_onenote_phish.yar#L2-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_onenote_phish.yar#L2-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c7c5fc86f1dbe54da2d3ff8f039c5e53c3d1f67c9271cb467b2318310f744f93"
 		score = 65
 		quality = 85
@@ -322935,8 +323407,8 @@ rule SIGNATURE_BASE_SUSP_Email_Suspicious_Onenote_Attachment_Jan23_2 : FILE
 		date = "2023-01-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_onenote_phish.yar#L41-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_onenote_phish.yar#L41-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eb6f992ce186022f04613af3bf4df629b00d85eac151f8bbd4b8ef96e6892eab"
 		score = 65
 		quality = 85
@@ -322961,8 +323433,8 @@ rule SIGNATURE_BASE_SUSP_Onenote_Embedded_Filedatastoreobject_Type_Jan23_1 : FIL
 		date = "2023-01-27"
 		modified = "2023-02-27"
 		reference = "https://blog.didierstevens.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_onenote_phish.yar#L63-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_onenote_phish.yar#L63-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d91ca297ea96f80534085f174d335ffe961c569534f043c5c2ae8d6a9f7ac083"
 		score = 65
 		quality = 85
@@ -323012,8 +323484,8 @@ rule SIGNATURE_BASE_SUSP_Onenote_Embedded_Filedatastoreobject_Type_Jan23_2 : FIL
 		date = "2023-01-27"
 		modified = "2023-12-05"
 		reference = "https://blog.didierstevens.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_onenote_phish.yar#L108-L125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_onenote_phish.yar#L108-L125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bc07598570b6d4ebc5d14cedfed146c1ad309b8890bc0b9ee5f9ad645c1352e2"
 		score = 65
 		quality = 85
@@ -323035,8 +323507,8 @@ rule SIGNATURE_BASE_Quarkspwdump_Gen
 		date = "2015-09-29"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_quarkspwdump.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_quarkspwdump.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "327235260076f97c29acc1ca997205d08ef55fad795594fe2268f1d8e666d636"
 		score = 80
 		quality = 85
@@ -323068,8 +323540,8 @@ rule SIGNATURE_BASE_Badrabbit_Gen : FILE
 		date = "2017-10-25"
 		modified = "2023-12-05"
 		reference = "https://pastebin.com/Y7pJv3tK"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_badrabbit.yar#L11-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_badrabbit.yar#L11-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "21c63a02d0284ce759b087f4869c4ed8e6b50c37ffeb724538567e28aeae16ac"
 		score = 75
 		quality = 85
@@ -323107,8 +323579,8 @@ rule SIGNATURE_BASE_Badrabbit_Mimikatz_Comp : FILE
 		date = "2017-10-25"
 		modified = "2023-12-05"
 		reference = "https://pastebin.com/Y7pJv3tK"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_badrabbit.yar#L42-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_badrabbit.yar#L42-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9d12d9331686a54e8d32f94761e4889710bbd2432d4cb2e4e7e3f21ef6aa082a"
 		score = 75
 		quality = 85
@@ -323134,8 +323606,8 @@ rule SIGNATURE_BASE_EXPL_LNX_CUPS_CVE_2024_47177_Sep24 : CVE_2024_47177 FILE
 		date = "2024-09-27"
 		modified = "2024-12-12"
 		reference = "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cups_sep24.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cups_sep24.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "633314dea5e3cbdf3cef6e4f18c2efca261dfc600bb9c11d0834fdae102ac9e6"
 		score = 75
 		quality = 85
@@ -323157,8 +323629,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_LNX_CUPS_CVE_2024_47177_Sep24 : CVE_2024_47177
 		date = "2024-09-27"
 		modified = "2024-12-12"
 		reference = "https://github.com/OpenPrinting/cups-browsed/security/advisories/GHSA-rj88-6mr5-rcw8"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cups_sep24.yar#L17-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cups_sep24.yar#L17-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2158ca8a08cb7552e2a437de025e3aad63ddc5417245e6ede7283d3bd0fc159b"
 		score = 65
 		quality = 85
@@ -323188,8 +323660,8 @@ rule SIGNATURE_BASE_Mal_Lockbit4_Hashing_Alg_Win_Feb24 : FILE
 		date = "2024-02-16"
 		modified = "2025-03-20"
 		reference = "https://0x0d4y.blog/lockbit4-0-evasion-tales/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_lockbit4_hashing_alg_win_feb24.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_lockbit4_hashing_alg_win_feb24.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "062311f136d83f64497fd81297360cd4"
 		logic_hash = "41497ea30a4cfdd111726a5819ec404a1eeba1693f5d6b89ac38558eb1c6bde9"
 		score = 100
@@ -323215,8 +323687,8 @@ rule SIGNATURE_BASE_Sofacy_Jun16_Sample1 : FILE
 		date = "2016-06-14"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/mzAa97"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_jun16.yar#L10-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_jun16.yar#L10-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "761cec3d04e6b5273cfb450000023ed10ea73d17648c0af7660f4ef2b37fc31c"
 		score = 85
 		quality = 85
@@ -323240,8 +323712,8 @@ rule SIGNATURE_BASE_Sofacy_Jun16_Sample2 : FILE
 		date = "2016-06-14"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/mzAa97"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_jun16.yar#L27-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_jun16.yar#L27-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a1f334996527556334c34d0308da6165e9d2a3d7eb8b2ecc322b574dea4d4844"
 		score = 85
 		quality = 85
@@ -323271,8 +323743,8 @@ rule SIGNATURE_BASE_Sofacy_Jun16_Sample3 : FILE
 		date = "2016-06-14"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/mzAa97"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_jun16.yar#L51-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_jun16.yar#L51-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bdc6fcc30ebd7a966391747e4156a6d94dc9187e8b8898de4c441540ec4e637e"
 		score = 85
 		quality = 85
@@ -323295,8 +323767,8 @@ rule SIGNATURE_BASE_PS_AMSI_Bypass : FILE
 		date = "2017-07-19"
 		modified = "2023-12-05"
 		reference = "https://gist.github.com/mattifestation/46d6a2ebb4a1f4f0e7229503dc012ef1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_scripts.yar#L4-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_scripts.yar#L4-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "87188c6cbb7d89c25faafb297a7c0e52321c661c84cdefd5604785c687190fcd"
 		score = 65
 		quality = 85
@@ -323318,8 +323790,8 @@ rule SIGNATURE_BASE_JS_Suspicious_Obfuscation_Dropbox
 		date = "2017-07-19"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ItsReallyNick/status/887705105239343104"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_scripts.yar#L19-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_scripts.yar#L19-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "19d1dd25c4a5e18dca131709a64c3537278754ec9d67b0bb49bde9b1493d3dc7"
 		score = 70
 		quality = 85
@@ -323342,8 +323814,8 @@ rule SIGNATURE_BASE_JS_Suspicious_MSHTA_Bypass
 		date = "2017-07-19"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ItsReallyNick/status/887705105239343104"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_scripts.yar#L35-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_scripts.yar#L35-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "df68cac0da19c5705353f26fc3f2a99556b7230f9d4f52e7a2e35cb48997b699"
 		score = 70
 		quality = 85
@@ -323367,8 +323839,8 @@ rule SIGNATURE_BASE_Javascript_Run_Suspicious
 		date = "2017-08-23"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/craiu/status/900314063560998912"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_scripts.yar#L52-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_scripts.yar#L52-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "39d2292d3749c63780dc7ca7a2414ba02e2b0e1edec7ec6a16b42aba2c44c23a"
 		score = 60
 		quality = 85
@@ -323391,8 +323863,8 @@ rule SIGNATURE_BASE_Certutil_Decode_OR_Download : FILE
 		date = "2017-08-29"
 		modified = "2023-10-19"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_scripts.yar#L70-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_scripts.yar#L70-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5640dcfedc028cc40b0376d328758b504eb1ff860da94648b435eadb760d9724"
 		score = 40
 		quality = 85
@@ -323420,8 +323892,8 @@ rule SIGNATURE_BASE_Suspicious_JS_Script_Content : FILE
 		date = "2017-12-02"
 		modified = "2023-12-05"
 		reference = "Research on Leviathan https://goo.gl/MZ7dRg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_scripts.yar#L95-L112"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_scripts.yar#L95-L112"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1dbc1a266d710a70a77c81d5b872d0d324423250a9f34455faef53ac4c41b5f2"
 		score = 70
 		quality = 85
@@ -323447,8 +323919,8 @@ rule SIGNATURE_BASE_Universal_Exploit_Strings : FILE
 		date = "2017-12-02"
 		modified = "2023-12-05"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_scripts.yar#L114-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_scripts.yar#L114-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6436a1cf6d0acc3162ec99c95ef20b3e6dd110c77d5a0b26ac790551316c0a69"
 		score = 50
 		quality = 85
@@ -323474,8 +323946,8 @@ rule SIGNATURE_BASE_VBS_Obfuscated_Mal_Feb18_1 : FILE
 		date = "2018-02-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/zPsn83"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_scripts.yar#L133-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_scripts.yar#L133-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0bbd388a3103744df2434956c2b7ac12dacd72f9041b4cc014d31eec4115aedd"
 		score = 75
 		quality = 85
@@ -323506,8 +323978,8 @@ rule SIGNATURE_BASE_Rottenpotato_Potato : FILE
 		date = "2017-02-07"
 		modified = "2022-12-21"
 		reference = "https://github.com/foxglovesec/RottenPotato"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_rottenpotato.yar#L10-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_rottenpotato.yar#L10-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "79d2dfd5c2cfd12301c1924dce2ca2a2c3cc070565671c3e0cd69123d2245b1c"
 		score = 90
 		quality = 85
@@ -323538,8 +324010,8 @@ rule SIGNATURE_BASE_M_APT_Downloader_BEATDROP : FILE
 		date = "2022-04-28"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_nobelium_apr22.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_nobelium_apr22.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7a766682cc9a057798cc569111bfcb611648c4a052c0dd664d983b80d5891255"
 		score = 90
 		quality = 85
@@ -323564,8 +324036,8 @@ rule SIGNATURE_BASE_M_APT_Downloader_BOOMMIC : FILE
 		date = "2022-04-28"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_nobelium_apr22.yar#L19-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_nobelium_apr22.yar#L19-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c561b19464597f896d31307c0383fbc639cf4211600513e1251a3f59405bfed6"
 		score = 75
 		quality = 85
@@ -323589,8 +324061,8 @@ rule SIGNATURE_BASE_Apt3_Bemstour_Strings : FILE
 		date = "2019-06-25"
 		modified = "2023-12-04"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt3_bemstour.yar#L1-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt3_bemstour.yar#L1-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0b28433a2b7993da65e95a45c2adf7bc37edbd2a8db717b85666d6c88140698a"
 		logic_hash = "8aa7491b1dc3595f67ae1229d33f79261616b0f27485b7a27705db63a6111c07"
 		score = 75
@@ -323657,8 +324129,8 @@ rule SIGNATURE_BASE_Apt3_Bemstour_Implant_Byte_Patch
 		date = "2019-06-25"
 		modified = "2023-12-04"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt3_bemstour.yar#L69-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt3_bemstour.yar#L69-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0b28433a2b7993da65e95a45c2adf7bc37edbd2a8db717b85666d6c88140698a"
 		logic_hash = "08de2c885ccb24cb247efdcc06bbcbea144d652744b2d38aaa2aabfd341e4f91"
 		score = 75
@@ -323689,8 +324161,8 @@ rule SIGNATURE_BASE_Apt3_Bemstour_Implant_Command_Stack_Variable
 		date = "2019-06-25"
 		modified = "2023-12-04"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt3_bemstour.yar#L107-L275"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt3_bemstour.yar#L107-L275"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0b28433a2b7993da65e95a45c2adf7bc37edbd2a8db717b85666d6c88140698a"
 		logic_hash = "36710db313a52db2a0c0af356e701d3a36e5597203e87fd7f8586d202738be33"
 		score = 75
@@ -323782,8 +324254,8 @@ rule SIGNATURE_BASE_Bronzebutler_Daserf_Delphi_1 : FILE
 		date = "2017-10-14"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_bronze_butler.yar#L13-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_bronze_butler.yar#L13-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6034a6746a5bd762d869ad2e791d80aca8a1251afa9386d6b657f23092c6fc42"
 		score = 75
 		quality = 85
@@ -323817,8 +324289,8 @@ rule SIGNATURE_BASE_Bronzebutler_Daserf_C_1 : FILE
 		date = "2017-10-14"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_bronze_butler.yar#L38-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_bronze_butler.yar#L38-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0b0c05db41d6b6ac48b31d8c22aead301470f465c2840ddc98ed9577d0aaa50b"
 		score = 75
 		quality = 85
@@ -323862,8 +324334,8 @@ rule SIGNATURE_BASE_Bronzebutler_Dget_1 : FILE
 		date = "2017-10-14"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_bronze_butler.yar#L80-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_bronze_butler.yar#L80-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2d5537f581039fa4561950402a34cbd9abd54c167d659fbbe74f1cb83217e3fb"
 		score = 75
 		quality = 85
@@ -323886,8 +324358,8 @@ rule SIGNATURE_BASE_Bronzebutler_Uacbypass_1 : FILE
 		date = "2017-10-14"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_bronze_butler.yar#L95-L113"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_bronze_butler.yar#L95-L113"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "64b70b9f5963be9009025c14a6e98be9642599af5226f77946b6255116fc22d8"
 		score = 75
 		quality = 85
@@ -323915,8 +324387,8 @@ rule SIGNATURE_BASE_Bronzebutler_Xxmm_1 : FILE
 		date = "2017-10-14"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_bronze_butler.yar#L115-L140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_bronze_butler.yar#L115-L140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eb9c12cbe2fe132a9588b744d10caee12716f622c31da8a1cee4c0f88d693e8e"
 		score = 75
 		quality = 85
@@ -323947,8 +324419,8 @@ rule SIGNATURE_BASE_Bronzebutler_Rarstar_1 : FILE
 		date = "2017-10-14"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/research/bronze-butler-targets-japanese-businesses"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_bronze_butler.yar#L142-L158"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_bronze_butler.yar#L142-L158"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0e418e595020d91c575051c3b1639b09efad150c625b62eec3d1331f9792641b"
 		score = 75
 		quality = 85
@@ -323974,8 +324446,8 @@ rule SIGNATURE_BASE_Daserf_Nov1_Bronzebutler : FILE
 		date = "2017-11-08"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/ffeCfd"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_bronze_butler.yar#L170-L196"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_bronze_butler.yar#L170-L196"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "75edc17c51f4ea82ff7722df2f5825721ff64445fb8c78b450f1333bd32b5829"
 		score = 75
 		quality = 85
@@ -324008,8 +324480,8 @@ rule SIGNATURE_BASE_HKTL_Bruteratel_Badger_Indicators_Oct22_4 : FILE
 		date = "2022-10-12"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/embee_research/status/1580030310778953728"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/hktl_bruteratel_c4_badger.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/hktl_bruteratel_c4_badger.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9af05225f462c8d4ec1fb14dc06bb789f76b0d818cb82c3dfcd5abc693727f33"
 		score = 75
 		quality = 85
@@ -324033,8 +324505,8 @@ rule SIGNATURE_BASE_Mal_Lockbit4_Rc4_Win_Feb24 : FILE
 		date = "2024-02-13"
 		modified = "2025-03-20"
 		reference = "https://0x0d4y.blog/lockbit4-0-evasion-tales/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_lockbit4_rc4_win_feb24.yar#L1-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_lockbit4_rc4_win_feb24.yar#L1-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "062311f136d83f64497fd81297360cd4"
 		logic_hash = "85e8087f875c45ce39b7014fc0737dc86f1e18d4643fdbb0a80d18feff774680"
 		score = 100
@@ -324060,8 +324532,8 @@ rule SIGNATURE_BASE_Seaduke_Sample : FILE
 		date = "2015-07-14"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/MJ0c2M"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_seaduke_unit42.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_seaduke_unit42.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d2e570129a12a47231a1ecb8176fa88a1bf415c51dabd885c513d98b15f75d4e"
 		logic_hash = "3bec2bedaafddd17ee65747f8be773287eda784bdfa8fc11e8378737139ef94e"
 		score = 70
@@ -324089,12 +324561,12 @@ rule SIGNATURE_BASE_EXPL_Office_Templateinjection_Aug19 : FILE
 		modified = "2025-03-20"
 		old_rule_name = "EXPL_Office_TemplateInjection"
 		reference = "https://attack.mitre.org/techniques/T1221/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/susp_office_template_injection.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/susp_office_template_injection.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f2bdf3716b39d29a9c6c3b7b3355e935594b8d8e9149a784a59dc2381fa1628a"
 		logic_hash = "8f79a12a7d1e7284fe19d925910988dbbe7448e73df8d5d075310997d09a6348"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -324115,8 +324587,8 @@ rule SIGNATURE_BASE_Microcin_Sample_1 : FILE
 		date = "2017-09-26"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_microcin.yar#L13-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_microcin.yar#L13-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e7eb967035257490db2537ba46fd1f1e378fc33f93e7f65412949e987194a9db"
 		score = 75
 		quality = 85
@@ -324145,8 +324617,8 @@ rule SIGNATURE_BASE_Microcin_Sample_2 : FILE
 		date = "2017-09-26"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_microcin.yar#L38-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_microcin.yar#L38-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "99feb3e1672f69c4cf41a100e9ba64421fd75c3554306a1bf1475da6f1e14ed1"
 		score = 75
 		quality = 85
@@ -324170,8 +324642,8 @@ rule SIGNATURE_BASE_Microcin_Sample_3 : FILE
 		date = "2017-09-26"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_microcin.yar#L54-L68"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_microcin.yar#L54-L68"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bf1227460f1fc4a7bede853b0d4f15b520db870ac7ce2e6684dc195ea6322e82"
 		score = 75
 		quality = 85
@@ -324195,8 +324667,8 @@ rule SIGNATURE_BASE_Microcin_Sample_4 : FILE
 		date = "2017-09-26"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_microcin.yar#L70-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_microcin.yar#L70-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1293fbd1a6b440168bb1d7b250df0c8a1a7f99a7fb603a6abec7fe7ba20cf4f5"
 		score = 75
 		quality = 85
@@ -324225,8 +324697,8 @@ rule SIGNATURE_BASE_Microcin_Sample_5 : FILE
 		date = "2017-09-26"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_microcin.yar#L92-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_microcin.yar#L92-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "18b9b80ad3c27f32c71197f33e5e99742662cf5cf4ed5f83d574d44ba63f8b5f"
 		score = 75
 		quality = 85
@@ -324254,8 +324726,8 @@ rule SIGNATURE_BASE_Microcin_Sample_6 : FILE
 		date = "2017-09-26"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/files/2017/09/Microcin_Technical-PDF_eng_final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_microcin.yar#L112-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_microcin.yar#L112-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "280fb17b5ed5ff1c8018e426969f75e18589eabeb2a20e0e623f206e72e8958d"
 		score = 75
 		quality = 85
@@ -324282,8 +324754,8 @@ rule SIGNATURE_BASE_MAL_Gandcrab_Apr18_1 : FILE
 		date = "2018-04-23"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/MarceloRivero/status/988455516094550017"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_mal_grandcrab.yar#L3-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_mal_grandcrab.yar#L3-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "70fc8deb91126a7404095aaa512e9b7542fe8605f83a037a10f8ccff76c27d4f"
 		score = 75
 		quality = 85
@@ -324303,8 +324775,8 @@ rule SIGNATURE_BASE_SUSP_BAT2EXE_Bdargo_Converted_BAT : FILE
 		date = "2018-07-28"
 		modified = "2022-06-23"
 		reference = "https://www.majorgeeks.com/files/details/advanced_bat_to_exe_converter.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_bat2exe.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_bat2exe.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "978aa25f1abd0cbd36e55da2b1ed4478a3a5b8b814988669c70e219cc2dd1afd"
 		score = 45
 		quality = 85
@@ -324334,8 +324806,8 @@ rule SIGNATURE_BASE_Suspicious_Autoit_By_Microsoft : FILE
 		date = "2017-12-14"
 		modified = "2025-08-13"
 		reference = "Internal Research - VT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/generic_anomalies.yar#L381-L396"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/generic_anomalies.yar#L381-L396"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7dfbaf7d136bd9e151c533b49394a9a596450d9cc2643dc144cb693290004591"
 		score = 60
 		quality = 85
@@ -324359,8 +324831,8 @@ rule SIGNATURE_BASE_SUSP_Size_Of_ASUS_Tuningtool : FILE
 		date = "2018-10-17"
 		modified = "2022-12-21"
 		reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/generic_anomalies.yar#L398-L413"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/generic_anomalies.yar#L398-L413"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5aadb48f61947ff0362bde5f80830b835ca9e3cb7e1c632d153d0ea5f8bbad6c"
 		score = 60
 		quality = 85
@@ -324383,8 +324855,8 @@ rule SIGNATURE_BASE_SUSP_Piratedoffice_2007 : FILE
 		date = "2018-12-04"
 		modified = "2025-08-13"
 		reference = "https://twitter.com/pwnallthethings/status/743230570440826886?lang=en"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/generic_anomalies.yar#L415-L428"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/generic_anomalies.yar#L415-L428"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ff94483944a4a4e4bc3cba26fc08fc2a5239f27b301b2ca7cca5edc092c2fc73"
 		score = 40
 		quality = 85
@@ -324406,8 +324878,8 @@ rule SIGNATURE_BASE_SUSP_Scheduled_Task_Bigsize : FILE
 		date = "2018-12-06"
 		modified = "2025-08-13"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/generic_anomalies.yar#L430-L446"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/generic_anomalies.yar#L430-L446"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dcc06261b1ea39c587d8bcefbb8e85e6b9016da01bf66c2eefe5bd7bbdfc6968"
 		score = 65
 		quality = 85
@@ -324432,8 +324904,8 @@ rule SIGNATURE_BASE_SUSP_Putty_Unnormal_Size : FILE
 		date = "2019-01-07"
 		modified = "2022-06-30"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/generic_anomalies.yar#L448-L498"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/generic_anomalies.yar#L448-L498"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2f2c21cc25eaba8c1812db617203427a59e9a55f8620676e4bbe4cb3cd4071fd"
 		score = 50
 		quality = 85
@@ -324461,8 +324933,8 @@ rule SIGNATURE_BASE_SUSP_RTF_Header_Anomaly : FILE
 		date = "2019-01-20"
 		modified = "2022-09-15"
 		reference = "https://twitter.com/ItsReallyNick/status/975705759618158593"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/generic_anomalies.yar#L500-L512"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/generic_anomalies.yar#L500-L512"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c0be95894edc861cf322309f2c86a8ab986bb111dfdeea1990b4a074d5ab9ea3"
 		score = 50
 		quality = 85
@@ -324480,8 +324952,8 @@ rule SIGNATURE_BASE_Telebots_Intercepterng : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4if3HG"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_telebots.yar#L10-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_telebots.yar#L10-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cbf0d44d871ec471e891fb909612f58263ec0b0c702f87875f6e027362409318"
 		score = 75
 		quality = 85
@@ -324511,8 +324983,8 @@ rule SIGNATURE_BASE_Telebots_Killdisk_1 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4if3HG"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_telebots.yar#L32-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_telebots.yar#L32-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e70d324c408bae1bb42b16f19cd0e6b87e8228c7480d571fef5266eee5695fd2"
 		score = 75
 		quality = 85
@@ -324541,8 +325013,8 @@ rule SIGNATURE_BASE_Telebots_Killdisk_2 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4if3HG"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_telebots.yar#L53-L68"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_telebots.yar#L53-L68"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e4ae09a226c4eecae18e685423ef30b3776be518609f89a078c647fe8ee00f19"
 		score = 75
 		quality = 85
@@ -324567,8 +325039,8 @@ rule SIGNATURE_BASE_Telebots_Credraptor_Password_Stealer : FILE
 		date = "2016-12-14"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/4if3HG"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_telebots.yar#L70-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_telebots.yar#L70-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ed884cb7643a61109f87e2887bed7ddb838c73bce28812b76c35bb807629e116"
 		score = 75
 		quality = 85
@@ -324595,8 +325067,8 @@ rule SIGNATURE_BASE_Telebots_VBS_Backdoor_1 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4if3HG"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_telebots.yar#L90-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_telebots.yar#L90-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4ff4963058674cf71c123af74c0947da2edf3b5e2622261d14200f406dbe2992"
 		score = 75
 		quality = 85
@@ -324622,8 +325094,8 @@ rule SIGNATURE_BASE_Telebots_VBS_Backdoor_2 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4if3HG"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_telebots.yar#L108-L123"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_telebots.yar#L108-L123"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "299a2ca6eacc29b4a7697a8502a56cffda4f6bc6b3354d3cc133712c1755c476"
 		score = 75
 		quality = 85
@@ -324648,8 +325120,8 @@ rule SIGNATURE_BASE_Telebots_Win64_Spy_Keylogger_G : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4if3HG"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_telebots.yar#L125-L144"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_telebots.yar#L125-L144"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1b4db8f290bd4f943a90669afd5bff6b766d0723fb3ee9c69d7097e737beadc8"
 		score = 75
 		quality = 85
@@ -324678,11 +325150,11 @@ rule SIGNATURE_BASE_EXPL_Exchange_Proxyshell_Failed_Aug21_1 : SCRIPT
 		date = "2021-08-08"
 		modified = "2021-08-09"
 		reference = "https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxyshell.yar#L1-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxyshell.yar#L1-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "690e74633ac8671727fe47f6398e536c1b7a4ac469d27d3f7507c75e175716bd"
 		score = 50
-		quality = 35
+		quality = 85
 		tags = "SCRIPT"
 
 	strings:
@@ -324701,11 +325173,11 @@ rule SIGNATURE_BASE_EXPL_Exchange_Proxyshell_Successful_Aug21_1 : SCRIPT
 		date = "2021-08-08"
 		modified = "2025-03-21"
 		reference = "https://blog.orange.tw/2021/08/proxylogon-a-new-attack-surface-on-ms-exchange-part-1.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxyshell.yar#L17-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxyshell.yar#L17-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "06ab609a8efe3b36b6356a9cf7b7b11b2fc2a556ec1df6995008a9df86b3fcee"
 		score = 65
-		quality = 58
+		quality = 83
 		tags = "SCRIPT"
 
 	strings:
@@ -324726,8 +325198,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Aug21_2 : FILE
 		date = "2021-08-13"
 		modified = "2025-09-05"
 		reference = "https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-servers-are-getting-hacked-via-proxyshell-exploits/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxyshell.yar#L35-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxyshell.yar#L35-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4ede197d482f0a9e553ba857b5049e7b7405e3df92460e19418fa0653c844982"
 		score = 75
 		quality = 85
@@ -324748,8 +325220,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Aug21_3 : FILE
 		date = "2021-08-23"
 		modified = "2025-09-05"
 		reference = "https://twitter.com/gossithedog/status/1429175908905127938?s=12"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxyshell.yar#L50-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxyshell.yar#L50-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f071aaa8918b359f786f2ac7447eeaedb5a6fca9e0a0c0e8820e011244424503"
 		score = 75
 		quality = 85
@@ -324770,8 +325242,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Sep21_1 : FILE
 		date = "2021-09-17"
 		modified = "2025-09-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxyshell.yar#L66-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxyshell.yar#L66-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "219468c10d2b9d61a8ae70dc8b6d2824ca8fbe4e53bbd925eeca270fef0fd640"
 		logic_hash = "233ec15dff8da5f2beaa931eb06849aa37e548947c1068d688a1695d977605d8"
 		score = 75
@@ -324793,8 +325265,8 @@ rule SIGNATURE_BASE_APT_IIS_Config_Proxyshell_Artifacts : FILE
 		date = "2021-08-25"
 		modified = "2025-09-05"
 		reference = "https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxyshell.yar#L82-L105"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxyshell.yar#L82-L105"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a4557694629448d258b8b2fefc278e059217560e7a0ec3279863a16fb9b3989c"
 		score = 90
 		quality = 85
@@ -324824,8 +325296,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Exploitation_Aug21_1 : FILE
 		date = "2021-08-25"
 		modified = "2025-09-05"
 		reference = "https://twitter.com/VirITeXplorer/status/1430206853733097473"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxyshell.yar#L107-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxyshell.yar#L107-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8a2417bb85c7f91d98143d2f4c26d30416b3a01ba8abc1445ccfae5609825b4d"
 		score = 90
 		quality = 85
@@ -324846,8 +325318,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Proxyshell_Aug15 : FILE
 		date = "2021-09-04"
 		modified = "2025-09-04"
 		reference = "https://github.com/hvs-consulting/ioc_signatures/tree/main/Proxyshell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxyshell.yar#L121-L146"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxyshell.yar#L121-L146"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d08f4e196185fbecd193724449281d63250ff75346bc53f414f3fbfd9a3961c8"
 		score = 75
 		quality = 85
@@ -324877,8 +325349,8 @@ rule SIGNATURE_BASE_WEBSHELL_Mailbox_Export_PST_Proxyshell_Aug26 : FILE
 		date = "2021-09-04"
 		modified = "2025-09-05"
 		reference = "https://github.com/hvs-consulting/ioc_signatures/tree/main/Proxyshell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxyshell.yar#L148-L174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxyshell.yar#L148-L174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "07acbf74a4bf169fc128cd085759f33e89917e217703b3c6557ba5f954822fd4"
 		score = 85
 		quality = 85
@@ -324909,8 +325381,8 @@ rule SIGNATURE_BASE_SUSP_IIS_Config_Proxyshell_Artifacts : FILE
 		date = "2021-08-25"
 		modified = "2025-09-05"
 		reference = "https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxyshell.yar#L180-L195"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxyshell.yar#L180-L195"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f2822a2b762c8e683c5e3a3f4a8232faa187b9a36182ea71e5286158b0e8115c"
 		score = 70
 		quality = 85
@@ -324933,8 +325405,8 @@ rule SIGNATURE_BASE_SUSP_IIS_Config_Virtualdir : FILE
 		date = "2021-08-25"
 		modified = "2022-09-17"
 		reference = "https://www.huntress.com/blog/rapid-response-microsoft-exchange-servers-still-vulnerable-to-proxyshell-exploit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxyshell.yar#L197-L217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxyshell.yar#L197-L217"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0b9be085957f368bc1890c42e3f1e8b974eed8c77ecb4d2ba6add4d877a9b488"
 		score = 60
 		quality = 85
@@ -324959,8 +325431,8 @@ rule SIGNATURE_BASE_SUSP_ASPX_Possibledropperartifact_Aug21 : FILE
 		date = "2021-08-23"
 		modified = "2025-09-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxyshell.yar#L219-L249"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxyshell.yar#L219-L249"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7e2fc61897ed859d5165aca7360d8a27891f842a7a8e4894af3926427ac95ceb"
 		score = 60
 		quality = 85
@@ -324982,8 +325454,8 @@ rule SIGNATURE_BASE_WEBSHELL_Proxyshell_Exploitation_Nov21_1
 		date = "2021-11-01"
 		modified = "2025-09-05"
 		reference = "https://www.deepinstinct.com/blog/do-not-exchange-it-has-a-shell-inside"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxyshell.yar#L251-L265"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxyshell.yar#L251-L265"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d9812d3f53c346c4e318609e0c7de66811b27ffa7528a6ddeb6ac8436da59ef5"
 		score = 85
 		quality = 85
@@ -325006,8 +325478,8 @@ rule SIGNATURE_BASE_HKTL_Nim_Nimpackt : EXE FILE HKTL
 		date = "2022-01-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/chvancooten/NimPackt-v1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_nimpackt.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_nimpackt.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2bda7acb440d1c72efeaddcb18b736343d658d59feccf6c9339b313cd35f32eb"
 		score = 80
 		quality = 79
@@ -325033,8 +325505,8 @@ rule SIGNATURE_BASE_MAL_WIN_Megazord_Apr25 : FILE
 		date = "2025-04-11"
 		modified = "2025-04-16"
 		reference = "https://ish.com.br/wp-content/uploads/2025/04/A-Anatomia-do-Ransomware-Akira-e-sua-expansao-multiplataforma.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_win_megazord_apr25.yar#L1-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_win_megazord_apr25.yar#L1-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fd380db23531bb7bb610a7b32fc2a6d5"
 		logic_hash = "1a73e67b9a43c4f1bbe9f3dbebeb428bbfa705f7c858909a7bbf0673951d677e"
 		score = 80
@@ -325068,8 +325540,8 @@ rule SIGNATURE_BASE_APT_ME_Bigbang_Gen_Jul18_1 : FILE
 		date = "2018-07-09"
 		modified = "2023-12-05"
 		reference = "https://research.checkpoint.com/apt-attack-middle-east-big-bang/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_bigbang.yar#L3-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_bigbang.yar#L3-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "496994ee035aa09233c648cf4ec0d1e84ceb970917b4dc5208a1390ec6eb39c2"
 		score = 75
 		quality = 85
@@ -325102,8 +325574,8 @@ rule SIGNATURE_BASE_APT_ME_Bigbang_Mal_Jul18_1 : FILE
 		date = "2018-07-09"
 		modified = "2023-12-05"
 		reference = "https://research.checkpoint.com/apt-attack-middle-east-big-bang/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_bigbang.yar#L31-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_bigbang.yar#L31-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "da45482b465549fce0f088c5818dff4a734faa2e4fbcec43b750893d1c3fefad"
 		score = 75
 		quality = 85
@@ -325133,8 +325605,8 @@ rule SIGNATURE_BASE_Hatman_Compiled_Python : HATMAN
 		date = "2017-12-19"
 		modified = "2023-12-05"
 		reference = "https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hatman.yar#L86-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hatman.yar#L86-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a18018e4c6ea5b7ab6e1dbdc050e565f66520676565db6d352f58a786097960f"
 		score = 75
 		quality = 85
@@ -325152,8 +325624,8 @@ rule SIGNATURE_BASE_Hatman_Injector : HATMAN
 		date = "2017-12-19"
 		modified = "2023-01-09"
 		reference = "https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hatman.yar#L96-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hatman.yar#L96-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "19edf44bec6e1cbccefa145c5ae1bf0820729a80ac3ef1c8e7100b465b487e3c"
 		score = 75
 		quality = 85
@@ -325171,8 +325643,8 @@ rule SIGNATURE_BASE_Hatman_Payload : HATMAN
 		date = "2017-12-19"
 		modified = "2023-12-05"
 		reference = "https://ics-cert.us-cert.gov/MAR-17-352-01-HatMan%E2%80%94Safety-System-Targeted-Malware"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hatman.yar#L107-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hatman.yar#L107-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9a6e5d2c2f2be35e6dc8b418e33419977460006923ecd9f029cacf51d8c0477a"
 		score = 75
 		quality = 85
@@ -325190,8 +325662,8 @@ rule SIGNATURE_BASE_MAL_Qbot_HTML_Smuggling_Indicators_Oct22_1 : FILE
 		date = "2022-10-07"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ankit_anubhav/status/1578257383133876225?s=20&t=Bu3CCJCzImpTGOQX_KGsdA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_qbot_payloads.yar#L2-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_qbot_payloads.yar#L2-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a5bd9eb72205f1398ec0b8773751309699b3267e0272dacf2728f8495c0c0ec2"
 		score = 75
 		quality = 83
@@ -325242,8 +325714,8 @@ rule SIGNATURE_BASE_APT_SH_Codecov_Hack_Apr21_1 : FILE
 		date = "2021-04-16"
 		modified = "2023-12-05"
 		reference = "https://about.codecov.io/security-update/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_codecov_hack.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_codecov_hack.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1aa7723982a1b675ba6694f1af0eb28e5926b974874580bd727cf33a3f8d893a"
 		score = 75
 		quality = 85
@@ -325266,8 +325738,8 @@ rule SIGNATURE_BASE_WEBSHELL_Z_Webshell_2 : FILE
 		modified = "2023-12-05"
 		old_rule_name = "z_webshell"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta18_074A.yar#L9-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta18_074A.yar#L9-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2c9095c965a55efc46e16b86f9b7d6c6"
 		logic_hash = "d41aa107e54af5d45531a46d24b24f9f14635dbcb50ed26f7c787883854f961f"
 		score = 75
@@ -325290,8 +325762,8 @@ rule SIGNATURE_BASE_TA18_074A_Screen : FILE
 		date = "2018-03-16"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA18-074A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta18_074A.yar#L34-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta18_074A.yar#L34-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e96f70e3d9c7ff5812724111788365c47e2b478a35b39771c12a3d3636a6a020"
 		score = 75
 		quality = 85
@@ -325318,8 +325790,8 @@ rule SIGNATURE_BASE_TA18_074A_Scripts : FILE
 		date = "2018-03-16"
 		modified = "2022-08-18"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA18-074A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta18_074A.yar#L53-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta18_074A.yar#L53-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "888ddd59b388033604474fc008f830159a9a104683fb052e7497b83118cbb8aa"
 		score = 75
 		quality = 85
@@ -325342,8 +325814,8 @@ rule SIGNATURE_BASE_EXPL_Shitrix_Exploit_Code_Jan20_1 : FILE CVE_2019_19781
 		date = "2020-01-13"
 		modified = "2023-12-05"
 		reference = "https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+Overview+of+Observed+Payloads/25704/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_shitrix.yar#L2-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_shitrix.yar#L2-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "00687b30235be5ef3c00432b5b96bbc325dee553e7c0cb565d6f389b1bce12de"
 		score = 70
 		quality = 85
@@ -325378,8 +325850,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Keywords_May20_1 : CVE_2019_10149 FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_exim_expl.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_exim_expl.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9f9a81ff0c576f05ac063eaca7a5882dbdb09c9a0778610cca2864636a00efce"
 		score = 75
 		quality = 85
@@ -325401,8 +325873,8 @@ rule SIGNATURE_BASE_APT_Sandworm_SSH_Key_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_exim_expl.yar#L17-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_exim_expl.yar#L17-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "23a43849dfaa80bad2ca4f46b53181b3a4855ee89673ae9b658c854069b9aaa9"
 		score = 75
 		quality = 85
@@ -325425,8 +325897,8 @@ rule SIGNATURE_BASE_APT_Sandworm_SSHD_Config_Modification_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_exim_expl.yar#L33-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_exim_expl.yar#L33-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5775588b3a9d44e9eb2c8ef0f50351d7e3b06f1005f669775fae7187900d5999"
 		score = 75
 		quality = 85
@@ -325450,8 +325922,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Initfile_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_exim_expl.yar#L51-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_exim_expl.yar#L51-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "989f37069820d9ecf67dc71e4761a7cde2c1adf8db40b5f8a47e9c610ddec2e6"
 		score = 75
 		quality = 85
@@ -325475,8 +325947,8 @@ rule SIGNATURE_BASE_APT_Sandworm_User_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_exim_expl.yar#L68-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_exim_expl.yar#L68-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d052792a674dfa2d93a048b550ea085c3b9225662fdb09bf4a602093b0527e38"
 		score = 75
 		quality = 85
@@ -325501,8 +325973,8 @@ rule SIGNATURE_BASE_APT_WEBSHELL_PHP_Sandworm_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_exim_expl.yar#L86-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_exim_expl.yar#L86-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0d10f618c7b465c7691d6054e994a76f56c12eb0a36d2d98b5accd2c1e2c1da7"
 		score = 75
 		quality = 85
@@ -325526,8 +325998,8 @@ rule SIGNATURE_BASE_APT_SH_Sandworm_Shell_Script_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_exim_expl.yar#L103-L129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_exim_expl.yar#L103-L129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b9116585e74ad6159cd31c0c8a84566f981a62ca5b5f82ace8b855a180461071"
 		score = 75
 		quality = 60
@@ -325560,8 +326032,8 @@ rule SIGNATURE_BASE_APT_RU_Sandworm_PY_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/billyleonard/status/1266054881225236482"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_exim_expl.yar#L131-L148"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_exim_expl.yar#L131-L148"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2ccc4c7fc75c04cbcab34904de2e7ab055a15c1017ec0f8d01b06454f4395047"
 		score = 75
 		quality = 85
@@ -325585,8 +326057,8 @@ rule SIGNATURE_BASE_APT_RU_Sandworm_PY_May20_2 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/billyleonard/status/1266054881225236482"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_exim_expl.yar#L150-L167"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_exim_expl.yar#L150-L167"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5fb61a9cef64ecf97adc78bf67db667cfd9e5e6f3e03f1bba8f3cdbf6c257520"
 		score = 75
 		quality = 85
@@ -325611,8 +326083,8 @@ rule SIGNATURE_BASE_Quasar_RAT_Jan18_1 : FILE
 		date = "2018-01-29"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_quasar_vermin.yar#L11-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_quasar_vermin.yar#L11-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4b2c8695a053a714e97f3e108f0f359d9e49151297a21e460b3201d8f4e72a89"
 		score = 75
 		quality = 85
@@ -325643,8 +326115,8 @@ rule SIGNATURE_BASE_Vermin_Keylogger_Jan18_1 : FILE
 		date = "2018-01-29"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/01/unit42-vermin-quasar-rat-custom-malware-used-ukraine/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_quasar_vermin.yar#L35-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_quasar_vermin.yar#L35-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a8afe017f32400e1e498d23746f5cb59c3c67f6abefe9b2e36bec81ca82ecfed"
 		score = 75
 		quality = 85
@@ -325686,8 +326158,8 @@ rule SIGNATURE_BASE_M_APT_VIRTUALPITA_1 : FILE
 		date = "2023-11-25"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unc3886_virtualpita.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unc3886_virtualpita.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fe34b7c071d96dac498b72a4a07cb246"
 		logic_hash = "7641f964cc4a7671a9a3438aad1c653ef3fda3887313846cbe838b275a098190"
 		score = 60
@@ -325709,8 +326181,8 @@ rule SIGNATURE_BASE_M_APT_VIRTUALPITA_2 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unc3886_virtualpita.yar#L17-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unc3886_virtualpita.yar#L17-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fe34b7c071d96dac498b72a4a07cb246"
 		logic_hash = "56a3e1b13f0955a780f882e62003f721e409a1fdf61120dd295941605dbf21a4"
 		score = 75
@@ -325732,8 +326204,8 @@ rule SIGNATURE_BASE_M_APT_VIRTUALPITA_3 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unc3886_virtualpita.yar#L30-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unc3886_virtualpita.yar#L30-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fe34b7c071d96dac498b72a4a07cb246"
 		logic_hash = "6f44d516b3cbe54542ae0991aad49274fc4728570e9498b319fc98840ceb7d7d"
 		score = 75
@@ -325755,8 +326227,8 @@ rule SIGNATURE_BASE_M_APT_VIRTUALPITA_4 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unc3886_virtualpita.yar#L43-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unc3886_virtualpita.yar#L43-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fe34b7c071d96dac498b72a4a07cb246"
 		logic_hash = "aaf2ff682c619d2a254fe069d477654a161658db6315239f1b956141b6a72c01"
 		score = 75
@@ -325778,12 +326250,12 @@ rule SIGNATURE_BASE_M_Hunting_Python_Backdoor_Commandparser_1 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unc3886_virtualpita.yar#L57-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unc3886_virtualpita.yar#L57-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "61ab3f6401d60ec36cd3ac980a8deb75"
 		logic_hash = "eefc255079e914ac81d53baf4ae159052bfda4c670e8300306c0899b3ad00a48"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -325806,8 +326278,8 @@ rule SIGNATURE_BASE_SUSP_PS1_JAB_Pattern_Jun22_1 : FILE
 		date = "2022-06-10"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_ps_jab.yar#L2-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_ps_jab.yar#L2-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9ad61dca5c945ed87642668e3b834b12c813af244437903a5abb5c69459b9456"
 		score = 70
 		quality = 85
@@ -325831,8 +326303,8 @@ rule SIGNATURE_BASE_Honeybee_Dropper_Maldoc : FILE
 		date = "2018-03-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/JAHZVL"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_honeybee.yar#L13-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_honeybee.yar#L13-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8bc680a59a7bd269eea001c2c74e41ecd93a9b848210779fc7d9c24dfab7767a"
 		score = 75
 		quality = 85
@@ -325864,8 +326336,8 @@ rule SIGNATURE_BASE_Ophoneybee_Malware_1 : FILE
 		date = "2018-03-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/JAHZVL"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_honeybee.yar#L37-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_honeybee.yar#L37-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5cd37bc515bc1dd61ee58cfdf34622e4f884cc771d1fa2c793986be94b751a70"
 		score = 75
 		quality = 85
@@ -325903,8 +326375,8 @@ rule SIGNATURE_BASE_Ophoneybee_Maocheng_Dropper : FILE
 		date = "2018-03-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/JAHZVL"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_honeybee.yar#L73-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_honeybee.yar#L73-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "85bcde1d821c052636a75dce4d8c3753188dd7da5fce2b3401d51c02d1c2fa6b"
 		score = 75
 		quality = 85
@@ -325927,8 +326399,8 @@ rule SIGNATURE_BASE_APT_MAL_RANSOM_Vicesociety_Polyvice_Jan23_1 : FILE
 		date = "2023-01-12"
 		modified = "2023-01-13"
 		reference = "https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ransom_vicesociety_dec22.yar#L2-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ransom_vicesociety_dec22.yar#L2-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3c7b76a693e5666515afee5c819b21e119ce5f1b0be675252673e6a24251ce8d"
 		score = 75
 		quality = 60
@@ -325959,8 +326431,8 @@ rule SIGNATURE_BASE_APT_MAL_RANSOM_Vicesociety_Chily_Jan23_1 : FILE
 		date = "2023-01-12"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/labs/custom-branded-ransomware-the-vice-society-group-and-the-threat-of-outsourced-development/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ransom_vicesociety_dec22.yar#L33-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ransom_vicesociety_dec22.yar#L33-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fc2967d86bf73033e68b8b9409a197ae8f7fcdf06e1e2a17e3d277d243caa541"
 		score = 80
 		quality = 83
@@ -325992,8 +326464,8 @@ rule SIGNATURE_BASE_HKTL_EXPL_WIN_PS1_Badsuccessor_May25 : FILE
 		date = "2025-05-22"
 		modified = "2025-05-22"
 		reference = "https://www.akamai.com/blog/security-research/abusing-dmsa-for-privilege-escalation-in-active-directory"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/hktl_badsuccessor_helper_may25.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/hktl_badsuccessor_helper_may25.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a023bced4aec2b2c601088367766f42a3fcf36053c7eb92985cc7468c7cd6cb0"
 		score = 75
 		quality = 85
@@ -326016,8 +326488,8 @@ rule SIGNATURE_BASE_VULN_Keepass_DB_Brute_Forcible : FILE
 		date = "2023-07-20"
 		modified = "2023-12-05"
 		reference = "https://keepass.info/help/base/security.html#secdictprotect"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vuln_keepass_brute_forcible.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vuln_keepass_brute_forcible.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "14460f7d4976a3bbd6de2f7cfccfbfec35eb780ab762396a6490669ddde59ce8"
 		score = 60
 		quality = 85
@@ -326039,8 +326511,8 @@ rule SIGNATURE_BASE_EXT_SUSP_OBFUSC_Macos_Roothelper_Obfuscated : FILE
 		date = "2021-06-07"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/imp0rtp3/status/1401912205621202944"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_hktl_roothelper.yar#L2-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_hktl_roothelper.yar#L2-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2121de0409f3f8e4c4e079944efb605776e0475cadc25607eb888cc6461ecaf3"
 		score = 65
 		quality = 83
@@ -326081,8 +326553,8 @@ rule SIGNATURE_BASE_Rtf_Cve2017_11882_Ole : MALICIOUS EXPLOIT CVE_2017_11882
 		date = "2025-06-03"
 		modified = "2025-06-03"
 		reference = "https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2017_11882.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2017_11882.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "51cf2a6c0c1a29abca9fd13cb22421da"
 		logic_hash = "6856d3c78cc06899d2bc1f876dce6b718513ebad80f37d7b5914a14d1da5064c"
 		score = 60
@@ -326106,8 +326578,8 @@ rule SIGNATURE_BASE_Rtf_Cve2017_11882 : MALICIOUS EXPLOIT CVE_2017_1182
 		date = "2025-06-03"
 		modified = "2025-06-03"
 		reference = "https://embedi.com/blog/skeleton-closet-ms-office-vulnerability-you-didnt-know-about"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2017_11882.yar#L20-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2017_11882.yar#L20-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "51cf2a6c0c1a29abca9fd13cb22421da"
 		logic_hash = "37a65f086d393aae3dc88b3dd2520fff6e96b92fd6ae1be0a110f4eb826ae12d"
 		score = 60
@@ -326135,11 +326607,11 @@ rule SIGNATURE_BASE_Packager_Cve2017_11882 : CVE_2017_11882 FILE
 		date = "2025-06-03"
 		modified = "2025-06-03"
 		reference = "https://github.com/rxwx/CVE-2017-11882/blob/master/packager_exec_CVE-2017-11882.py"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2017_11882.yar#L41-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2017_11882.yar#L41-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "94e0c70e8140bb7fa3d184447617b534a8b9a24cdad535e6818be9662f0b9144"
 		score = 60
-		quality = 54
+		quality = 79
 		tags = "CVE-2017-11882, FILE"
 
 	strings:
@@ -326160,8 +326632,8 @@ rule SIGNATURE_BASE_CVE_2017_11882_RTF : CVE_2017_11882 FILE
 		date = "2018-02-13"
 		modified = "2025-06-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2017_11882.yar#L58-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2017_11882.yar#L58-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "729fa8215a24990371369158d4582cc0ba9387eb0e7221860bf7216046c447cb"
 		score = 60
 		quality = 85
@@ -326189,8 +326661,8 @@ rule SIGNATURE_BASE_EXP_Potential_CVE_2017_11882 : FILE
 		date = "2025-06-03"
 		modified = "2025-06-03"
 		reference = "https://www.reversinglabs.com/newsroom/news/reversinglabs-yara-rule-detects-cobalt-strike-payload-exploiting-cve-2017-11882.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2017_11882.yar#L82-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2017_11882.yar#L82-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a6e91e5b9807c94d32bac8a21c2c009320d16830155aae129a7fc2c67d393141"
 		score = 75
 		quality = 60
@@ -326225,8 +326697,8 @@ rule SIGNATURE_BASE_Keyboys_Malware_1 : FILE
 		date = "2017-11-02"
 		modified = "2023-12-05"
 		reference = "http://www.pwc.co.uk/issues/cyber-security-data-privacy/research/the-keyboys-are-back-in-town.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_keyboys.yar#L13-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_keyboys.yar#L13-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "78fb48c4b3e09f0d55ca6049601ea62dd526167481725b48de6624bb27fb943b"
 		score = 75
 		quality = 85
@@ -326265,8 +326737,8 @@ rule SIGNATURE_BASE_Keyboy_Installclient : FILE
 		date = "2018-03-26"
 		modified = "2023-12-05"
 		reference = "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_keyboys.yar#L52-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_keyboys.yar#L52-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "701b87785562dc391191b1e59573c6027b27c4fffe1c9155a82114521c85bc59"
 		score = 75
 		quality = 85
@@ -326296,8 +326768,8 @@ rule SIGNATURE_BASE_Keyboy_Wab32Res : FILE
 		date = "2018-03-26"
 		modified = "2023-12-05"
 		reference = "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_keyboys.yar#L75-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_keyboys.yar#L75-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5e23bfeed0587ac69527234dd3f8b4f8c5628128ab667af7b99c4d75ca99459b"
 		score = 75
 		quality = 85
@@ -326328,8 +326800,8 @@ rule SIGNATURE_BASE_Keyboy_Rasauto : FILE
 		date = "2018-03-26"
 		modified = "2023-12-05"
 		reference = "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_keyboys.yar#L98-L126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_keyboys.yar#L98-L126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "87529000522d5fad4346a0228c96d3adf122587d91b0cff083948787e53cc024"
 		score = 75
 		quality = 85
@@ -326362,8 +326834,8 @@ rule SIGNATURE_BASE_Keyboy_876_0X4E20000 : FILE
 		date = "2018-03-26"
 		modified = "2023-12-05"
 		reference = "https://blog.trendmicro.com/trendlabs-security-intelligence/tropic-trooper-new-strategy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_keyboys.yar#L128-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_keyboys.yar#L128-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "092bb19cd7a4250560ea71a3e54780a8fd34a229caa294e4cd5b6d522850d519"
 		score = 75
 		quality = 85
@@ -326396,8 +326868,8 @@ rule SIGNATURE_BASE_APT_FIN7_Strings_Aug18_1
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L13-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L13-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "89d2f8f28a7ab0e78c53d8c41b45efa60cfa9ff72306c49197f52342d9a3c546"
 		score = 75
 		quality = 85
@@ -326424,8 +326896,8 @@ rule SIGNATURE_BASE_APT_FIN7_Sample_Aug18_2 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L32-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L32-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a46492383db5af8f60984b42c53a792632f836f1668fca2d564e0f1f1ed313f2"
 		score = 75
 		quality = 85
@@ -326452,8 +326924,8 @@ rule SIGNATURE_BASE_APT_FIN7_Maldoc_Aug18_1 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L51-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L51-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f3ecf77a5f909361f4a6af5ca0f25ec85721570587500a8ce2ef203158472e47"
 		score = 75
 		quality = 85
@@ -326476,8 +326948,8 @@ rule SIGNATURE_BASE_APT_FIN7_Sample_Aug18_1 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L66-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L66-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5ff078f8cb93a841b68521cfbc120b18952c7ff5b56ab2f3b0eebf63a10aa572"
 		score = 75
 		quality = 85
@@ -326513,8 +326985,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_1 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L95-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L95-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7144d4c7651e3fb288ef608fdff07af6cb223c90c34fb780d65184760386d5c7"
 		score = 75
 		quality = 85
@@ -326537,8 +327009,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_2 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L110-L124"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L110-L124"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8e62c9488f211635ae30633a0d894b00e0ba2a7e7d4cb628117a166d4f0f9697"
 		score = 75
 		quality = 85
@@ -326562,8 +327034,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_3 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L126-L140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L126-L140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3f757bc4a6d46be85732fe33dd0a323c5774cbc1f0da2b984c5db14c1362745a"
 		score = 75
 		quality = 85
@@ -326587,8 +327059,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_4 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L142-L157"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L142-L157"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cd8a33c4e4f626d744e03f48e093f6a45223c74088b03185833ece8034614ca4"
 		score = 75
 		quality = 85
@@ -326613,8 +327085,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_5 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L159-L173"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L159-L173"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "893e144d86025db750b32ae69964578ec92862face706339a5bafb393e3c7091"
 		score = 75
 		quality = 85
@@ -326639,8 +327111,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_6 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L175-L198"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L175-L198"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "33db8e61b6220d9e16191228573d3d375cce9528241dcf1ad74d641f0959f03b"
 		score = 75
 		quality = 85
@@ -326670,8 +327142,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_7 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L200-L214"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L200-L214"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "212bc13d22d7bc6b0ef10ae034ea09c7ea0d0e66afd212fb55c09cf43344c2ec"
 		score = 75
 		quality = 85
@@ -326695,8 +327167,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_8 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L216-L229"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L216-L229"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f15a8dfd3efb094ab73caebe9bffb5735762960445ca421cd49eaa091ecea300"
 		score = 75
 		quality = 85
@@ -326719,8 +327191,8 @@ rule SIGNATURE_BASE_APT_FIN7_EXE_Sample_Aug18_10 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L231-L248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L231-L248"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1d6dba0c858eacea5bd67682a588105a2ff09d10bb60d9888ace07609c9b33de"
 		score = 75
 		quality = 85
@@ -326746,8 +327218,8 @@ rule SIGNATURE_BASE_APT_FIN7_Sample_EXE_Aug18_1 : FILE
 		date = "2018-08-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2018/08/fin7-pursuing-an-enigmatic-and-evasive-global-criminal-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L250-L275"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L250-L275"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "780e2cb9a704e0df0383737928c2cfc8aa5de5a8f3c9dc67de866d5ac73b8402"
 		score = 75
 		quality = 85
@@ -326779,8 +327251,8 @@ rule SIGNATURE_BASE_APT_FIN7_Msdoc_Sep21_1 : FILE
 		date = "2021-09-07"
 		modified = "2023-12-05"
 		reference = "https://www.anomali.com/blog/cybercrime-group-fin7-using-windows-11-alpha-themed-docs-to-drop-javascript-backdoor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L277-L301"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L277-L301"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ffc91cdad91b8ab24840c6ef1a6c39aad081d986c21a88b3f2ea3ec1bcd3b52b"
 		score = 85
 		quality = 85
@@ -326807,8 +327279,8 @@ rule SIGNATURE_BASE_SUSP_OBFUSC_JS_Sept21_2 : FILE
 		date = "2021-09-07"
 		modified = "2023-12-05"
 		reference = "https://www.anomali.com/blog/cybercrime-group-fin7-using-windows-11-alpha-themed-docs-to-drop-javascript-backdoor"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fin7.yar#L303-L323"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fin7.yar#L303-L323"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "235ff8fe5c033fd90d77ecf9ce80b59be7bf6ae5a2863a1c9365d8b125a7ff3f"
 		score = 65
 		quality = 85
@@ -326834,8 +327306,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Byteencoder_Jan25 : FILE
 		date = "2025-01-23"
 		modified = "2025-03-20"
 		reference = "https://www.securityweek.com/newly-discovered-turla-malware-targets-linux-systems/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/seaspy_backdoor_jan25.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/seaspy_backdoor_jan25.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3e0312ce8d0c1e5c192dbb93cac4770a1205c56dc9d02a0510c7e10a15251de5"
 		hash = "301d58a6a1819466e77209dbf8ca635cbee3b45516e5ee228fea50ae4a27b7d5"
 		hash = "957c0c135b50d1c209840ec7ead60912a5ccefd2873bf5722cb85354cea4eb37"
@@ -326863,8 +327335,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Stackstring_Technique_Jan25 : FILE
 		date = "2025-01-23"
 		modified = "2025-03-20"
 		reference = "https://www.securityweek.com/newly-discovered-turla-malware-targets-linux-systems/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/seaspy_backdoor_jan25.yar#L24-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/seaspy_backdoor_jan25.yar#L24-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0e65a80c6331a0e8d7df05ac217a8a7fe03b88f1d304f2ff0a26b92ed89153f3"
 		hash = "3e0312ce8d0c1e5c192dbb93cac4770a1205c56dc9d02a0510c7e10a15251de5"
 		hash = "301d58a6a1819466e77209dbf8ca635cbee3b45516e5ee228fea50ae4a27b7d5"
@@ -326892,8 +327364,8 @@ rule SIGNATURE_BASE_MSIL_SUSP_OBFUSC_Xorstringsnet : FILE
 		date = "2023-03-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/dr4k0nia/yara-rules"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_net_xorstrings.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_net_xorstrings.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6d023a80bd8f5709721c3ace8a7230b847ca4bd2a1aff502a25333ffc8bf75ca"
 		score = 75
 		quality = 85
@@ -326922,8 +327394,8 @@ rule SIGNATURE_BASE_Beepservice_Hacktool : FILE
 		date = "2016-05-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/p32Ozf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_beepservice.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_beepservice.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "176136e8a5ffec258caebf8d6b452b556093c5998414a7c9a4451ad78482f862"
 		score = 85
 		quality = 85
@@ -326952,8 +327424,8 @@ rule SIGNATURE_BASE_MAL_Backdoor_SPAREPART_Sleepgenerator
 		date = "2022-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_ru_sparepart_dec22.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_ru_sparepart_dec22.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f9cd5b145e372553dded92628db038d8"
 		logic_hash = "41a9fdb2ba7aefcaf6ef2477b598e98b9045ef17ce9bfe46f3169d0b2e0dd289"
 		score = 50
@@ -326981,8 +327453,8 @@ rule SIGNATURE_BASE_MAL_Backdoor_SPAREPART_Struct : FILE
 		date = "2022-12-14"
 		modified = "2023-12-05"
 		reference = "https://www.mandiant.com/resources/blog/trojanized-windows-installers-ukrainian-government"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_ru_sparepart_dec22.yar#L22-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_ru_sparepart_dec22.yar#L22-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f9cd5b145e372553dded92628db038d8"
 		logic_hash = "807c7404146c08995440987aef78ecde11224f7d6cad1a0d22269b2bf46a44e5"
 		score = 50
@@ -327006,8 +327478,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_1 : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_molerats_jul17.yar#L11-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_molerats_jul17.yar#L11-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1b7f00dfb83f5da46663d94f238b55e375743edbdb01701a78922b87c72c518a"
 		score = 75
 		quality = 85
@@ -327030,8 +327502,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_2 : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_molerats_jul17.yar#L27-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_molerats_jul17.yar#L27-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "35a517039474dcc5d503a48ca17e544166ee2ed44417ea5e7711093d3956f80c"
 		score = 75
 		quality = 85
@@ -327056,8 +327528,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_3 : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_molerats_jul17.yar#L44-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_molerats_jul17.yar#L44-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4829905ede523fd9ed2cdf610f8fce4c0a5d993885e1897d1782ca70e96fa9a2"
 		score = 75
 		quality = 85
@@ -327082,8 +327554,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_4 : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_molerats_jul17.yar#L61-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_molerats_jul17.yar#L61-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dec058ae52a860f4850d7b8024b96c5a9044fdcebadbc12b384f5a6dfae91634"
 		score = 75
 		quality = 85
@@ -327108,8 +327580,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_5 : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_molerats_jul17.yar#L78-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_molerats_jul17.yar#L78-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eb2bb54fc1749d8422cdc8e084e1fa66981611128f56e7d7d678f177d37b7cdd"
 		score = 75
 		quality = 85
@@ -327135,8 +327607,8 @@ rule SIGNATURE_BASE_Molerats_Jul17_Sample_Dropper : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "https://mymalwareparty.blogspot.de/2017/07/operation-desert-eagle.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_molerats_jul17.yar#L97-L112"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_molerats_jul17.yar#L97-L112"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b356d8dbca8f4d11dda976e7eb03c993d05af35d13113b8c85fb07531a0203dc"
 		score = 75
 		quality = 85
@@ -327161,8 +327633,8 @@ rule SIGNATURE_BASE_Saudi_Phish_Trojan : FILE
 		date = "2017-10-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/Z3JUAA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_saudi_aramco_phish.yar#L10-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_saudi_aramco_phish.yar#L10-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f7199d2e408cc057d88234e4041c7d87652d1ed361eaaf75bb37da45900e9f38"
 		score = 75
 		quality = 85
@@ -327189,8 +327661,8 @@ rule SIGNATURE_BASE_Winnti_Fonfig : FILE
 		date = "2017-01-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/VbvJtL"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_ms_report_201701.yar#L10-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_ms_report_201701.yar#L10-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "715892268431bf76cf9bf0bdbeaf4129befdc590b5b2dcae479d95dfe77561a4"
 		score = 75
 		quality = 85
@@ -327214,8 +327686,8 @@ rule SIGNATURE_BASE_Winnti_Nlaifsvc : FILE
 		date = "2017-01-25"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/VbvJtL"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_ms_report_201701.yar#L26-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_ms_report_201701.yar#L26-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7268c79baf37174e04b391ae42cdd6014f17478c5b89d0c7b8042eb839324f87"
 		score = 75
 		quality = 85
@@ -327240,11 +327712,11 @@ rule SIGNATURE_BASE_Groups_Cpassword : FILE
 		date = "2015-09-08"
 		modified = "2023-12-05"
 		reference = "http://www.grouppolicy.biz/2013/11/why-passwords-in-group-policy-preference-are-very-bad/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_gpp_cpassword.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_gpp_cpassword.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "de37dc77d9a2462f5d54ad5225405c6d95dad39e67a893f5442b26dc641a20f9"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 
@@ -327266,8 +327738,8 @@ rule SIGNATURE_BASE_Waterbear_1_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbear.yar#L11-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbear.yar#L11-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f1d5bd0c9f85dd90217bdbd7e44100bcfbf77839f83416ad17121713c189b9fd"
 		score = 75
 		quality = 85
@@ -327291,8 +327763,8 @@ rule SIGNATURE_BASE_Waterbear_2_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbear.yar#L27-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbear.yar#L27-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ec0b8d7313f925adafb7f03c8b7fd12c0176b75c74c642eeee900e911e0662a7"
 		score = 75
 		quality = 85
@@ -327318,8 +327790,8 @@ rule SIGNATURE_BASE_Waterbear_4_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbear.yar#L45-L68"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbear.yar#L45-L68"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "46c43dbdcbc183995a8cd00c9888afcdd3adb9f3caf38ed42a0af1e7df39715f"
 		score = 75
 		quality = 85
@@ -327351,8 +327823,8 @@ rule SIGNATURE_BASE_Waterbear_5_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbear.yar#L70-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbear.yar#L70-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a1572db08242fffadedbfb89f3652b2eb93c910f3b61f9db0622bc18d069827c"
 		score = 75
 		quality = 85
@@ -327380,8 +327852,8 @@ rule SIGNATURE_BASE_Waterbear_6_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbear.yar#L92-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbear.yar#L92-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "af5c2a29e0a62c54e706492ae85b9786a6d9e5f42fe4d9c43693576e1a63b825"
 		score = 75
 		quality = 85
@@ -327405,8 +327877,8 @@ rule SIGNATURE_BASE_Waterbear_7_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbear.yar#L108-L125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbear.yar#L108-L125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6a760abca78e799b194864ad56457ccb0b05123307da6bfcad0c66da47f485a1"
 		score = 75
 		quality = 85
@@ -327433,8 +327905,8 @@ rule SIGNATURE_BASE_Waterbear_8_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbear.yar#L127-L145"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbear.yar#L127-L145"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3b1dfe486ea141342f253963ce6cc1e73d063ce880cf2fcee1aaa6aa6e919349"
 		score = 75
 		quality = 85
@@ -327461,8 +327933,8 @@ rule SIGNATURE_BASE_Waterbear_9_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbear.yar#L147-L166"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbear.yar#L147-L166"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b54f3032b31c5a48e879e49bd97adf3222db46a7789afc4ea2f5eca32536a2e4"
 		score = 75
 		quality = 85
@@ -327489,8 +327961,8 @@ rule SIGNATURE_BASE_Waterbear_10_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbear.yar#L168-L182"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbear.yar#L168-L182"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1e71a317f782b73c876f0cb5fee25b69d8f1c45c20c58e4f204b7aeb7484cf14"
 		score = 75
 		quality = 85
@@ -327514,8 +327986,8 @@ rule SIGNATURE_BASE_Waterbear_11_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbear.yar#L185-L201"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbear.yar#L185-L201"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ea61c348847614ad2872bfd385f433c5a30c7f6b5f5a2f135a7d83c553157ccd"
 		score = 75
 		quality = 85
@@ -327541,8 +328013,8 @@ rule SIGNATURE_BASE_Waterbear_12_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbear.yar#L203-L217"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbear.yar#L203-L217"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "343e6f36190372cd5599a84834edc3935d27a1e01aeab53c5765598b5b4071fe"
 		score = 75
 		quality = 85
@@ -327566,8 +328038,8 @@ rule SIGNATURE_BASE_Waterbear_13_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbear.yar#L219-L243"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbear.yar#L219-L243"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b34c3d643309b8bbaa122a753e7f58dd9340cfa33962dbab1454c8080afd1664"
 		score = 75
 		quality = 85
@@ -327601,8 +328073,8 @@ rule SIGNATURE_BASE_Waterbear_14_Jun17 : FILE
 		date = "2017-06-23"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/L9g9eR"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbear.yar#L245-L261"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbear.yar#L245-L261"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9ebe46590556e8eba2eef1c007549f6141c917bab97d46a0d58eca56257e24e2"
 		score = 75
 		quality = 85
@@ -327629,11 +328101,11 @@ rule SIGNATURE_BASE_APT_Lazarus_Dropper_Jun18_1 : FILE
 		date = "2018-06-01"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DrunkBinary/status/1002587521073721346"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_jun18.yar#L13-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_jun18.yar#L13-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "868297209177471f29c9653747d3205f55a14b74a5da64562b20ebeadb14b1cf"
 		score = 60
-		quality = 40
+		quality = 65
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		hash1 = "086a50476f5ceee4b10871c1a8b0a794e96a337966382248a8289598b732bd47"
@@ -327656,8 +328128,8 @@ rule SIGNATURE_BASE_APT_Lazarus_RAT_Jun18_1 : FILE
 		date = "2018-06-01"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DrunkBinary/status/1002587521073721346"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_jun18.yar#L34-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_jun18.yar#L34-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7260f766ffd1122319ca69a6c87b0baa98d5727929f2e063a5b2edb05a44d827"
 		score = 75
 		quality = 85
@@ -327693,8 +328165,8 @@ rule SIGNATURE_BASE_APT_Lazarus_RAT_Jun18_2 : FILE
 		date = "2018-06-01"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DrunkBinary/status/1002587521073721346"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_jun18.yar#L68-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_jun18.yar#L68-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b22b8386791e86f787efc40a394bbabdb4a009fc2d1a7b87aaf5039fc977a5bd"
 		score = 75
 		quality = 85
@@ -327719,8 +328191,8 @@ rule SIGNATURE_BASE_Winagent_Badpatch_1 : FILE
 		date = "2017-10-20"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/RvDwwA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_bad_patch.yar#L11-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_bad_patch.yar#L11-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "568086edb8884877f9dcb0cffa1e4c05164e6884bf80ce50692cedfa3e8d5750"
 		score = 75
 		quality = 85
@@ -327757,8 +328229,8 @@ rule SIGNATURE_BASE_Winagent_Badpatch_2 : FILE
 		date = "2017-10-20"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/RvDwwA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_bad_patch.yar#L41-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_bad_patch.yar#L41-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "649cfca8fa9d3b9f12b56fd81d4133a00eb5449e67fca2abe85fbfb778912df8"
 		score = 75
 		quality = 85
@@ -327801,8 +328273,8 @@ rule SIGNATURE_BASE_APT_MAL_DTRACK_Oct19_1 : FILE
 		date = "2019-10-28"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/a_tweeter_user/status/1188811977851887616?s=21"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dtrack.yar#L2-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dtrack.yar#L2-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b99bc8ec4df7185da306365dc2a24a0849ff0d5d92269daaa1efbb20f5e5bf83"
 		score = 75
 		quality = 85
@@ -327850,8 +328322,8 @@ rule SIGNATURE_BASE_Hunting_Rule_Shikataganai
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/10/shikata-ga-nai-encoder-still-going-strong.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_shikataganai.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_shikataganai.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "733522cb1d61f4bbb300d73ff21d9d7d10a78aae06e03408fce4b88e4c51f662"
 		score = 50
 		quality = 85
@@ -327884,8 +328356,8 @@ rule SIGNATURE_BASE_MAL_Icedid_GZIP_LDR_202104 : FILE
 		date = "2021-04-12"
 		modified = "2023-01-27"
 		reference = "https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_icedid.yar#L14-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_icedid.yar#L14-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7a7cc6c7dcbf43bace6a1f259af38560327c34386517e719ad81068b2d9b6659"
 		score = 75
 		quality = 85
@@ -327916,8 +328388,8 @@ rule SIGNATURE_BASE_Exp_EPS_CVE20152545 : CVE_2015_2545 FILE
 		date = "2017-07-19"
 		modified = "2023-12-05"
 		reference = "Internal Research - ME"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2015_2545.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2015_2545.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e1aac80a06dd71352d2776b4dfccce901d47363459853a37669af69be6e962c7"
 		score = 70
 		quality = 85
@@ -327940,8 +328412,8 @@ rule SIGNATURE_BASE_SVG_Loadurl : FILE
 		date = "2015-05-24"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/psjCCc"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cryptowall_svg.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cryptowall_svg.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d9e40694e2d0099495289a2074e266bace9b0d9d776391020a1527eaabd2a395"
 		score = 50
 		quality = 85
@@ -327969,8 +328441,8 @@ rule SIGNATURE_BASE_CN_Tools_Xbat : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktool_scripts.yar#L10-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktool_scripts.yar#L10-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a7005acda381a09803b860f04d4cae3fdb65d594"
 		logic_hash = "c6dae76bbda7b43eef348c61e1330405923baf724f1aa5d2b51132dde89248fe"
 		score = 75
@@ -327994,8 +328466,8 @@ rule SIGNATURE_BASE_CN_Tools_Temp : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktool_scripts.yar#L26-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktool_scripts.yar#L26-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c3327ef63b0ed64c4906e9940ef877c76ebaff58"
 		logic_hash = "05fd1cb3f7c8b96ccf824013c130a0b21f43724463f8658e23239d009be7f4fe"
 		score = 75
@@ -328021,8 +328493,8 @@ rule SIGNATURE_BASE_CN_Tools_Srss : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktool_scripts.yar#L44-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktool_scripts.yar#L44-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "092ab0797947692a247fe80b100fb4df0f9c37a0"
 		logic_hash = "e01fd60adc32be26b0940ecc127a17bfcfe2ebfcf6cefea76ba6adc61d3c18d4"
 		score = 75
@@ -328046,8 +328518,8 @@ rule SIGNATURE_BASE_Dll_Unreg : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktool_scripts.yar#L60-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktool_scripts.yar#L60-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d5e24ba86781c332d0c99dea62f42b14e893d17e"
 		logic_hash = "0e534e475a5b4338aa53bea09325dd63a3d451a13b46a70b5208cabd2deecabe"
 		score = 75
@@ -328071,8 +328543,8 @@ rule SIGNATURE_BASE_Dll_Reg : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktool_scripts.yar#L76-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktool_scripts.yar#L76-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cb8a92fe256a3e5b869f9564ecd1aa9c5c886e3f"
 		logic_hash = "db2032d5689f9fcfc446d5ebe8a6d28c6dbd8bcd1d93769ec969d76f8add4f9d"
 		score = 75
@@ -328096,8 +328568,8 @@ rule SIGNATURE_BASE_Sbin_Squid : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktool_scripts.yar#L92-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktool_scripts.yar#L92-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8b795a8085c3e6f3d764ebcfe6d59e26fdb91969"
 		logic_hash = "c440bcfda55f926354ea5e462fe1e6a0e9e9585bb1c1539c0aa0588405a46105"
 		score = 75
@@ -328123,8 +328595,8 @@ rule SIGNATURE_BASE_Sql1433_Creck : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktool_scripts.yar#L110-L125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktool_scripts.yar#L110-L125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "189c11a3b268789a3fbcfac3bd4e03cbfde87b1d"
 		logic_hash = "2d9ff5f130d625450e7de41832695839f0427a6186569280a224f20e89fe1d8a"
 		score = 75
@@ -328149,8 +328621,8 @@ rule SIGNATURE_BASE_Sql1433_Start : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_hacktool_scripts.yar#L127-L145"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_hacktool_scripts.yar#L127-L145"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bd4be10f4c3a982647b2da1a8fb2e19de34eaf01"
 		logic_hash = "b7dfc2b04e838fa3a71487287a50e183443eb62b69cd23494294f231b43baf2f"
 		score = 75
@@ -328178,8 +328650,8 @@ rule SIGNATURE_BASE_Locky_Ransomware
 		date = "2016-02-17"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/qScSrE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_locky.yar#L8-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_locky.yar#L8-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5e945c1d27c9ad77a2b63ae10af46aee7d29a6a43605a9bfbf35cebbcff184d8"
 		logic_hash = "c7584ea39c4aceedeb0ea2952be6ff212461674175855274f1783eef80ffba86"
 		score = 75
@@ -328202,8 +328674,8 @@ rule SIGNATURE_BASE_MAL_Github_Repo_Compromise_Myjino_Ru_Aug22
 		date = "2022-08-03"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/stephenlacy/status/1554697077430505473"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_github_repo_compromise_myjino_ru.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_github_repo_compromise_myjino_ru.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5cbe6ee46a68d89b1e772762e29baa907458235cd014f20a0d0932e95c046f19"
 		score = 90
 		quality = 85
@@ -328225,8 +328697,8 @@ rule SIGNATURE_BASE_APT_MAL_Winntilinux_Dropper_Azazelfork_May19 : AZAZEL_FORK F
 		date = "2019-05-15"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_linux.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_linux.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4741c2884d1ca3a40dadd3f3f61cb95a59b11f99a0f980dbadc663b85eb77a2a"
 		logic_hash = "0af32675dccfd0ad0c7919683fddced6ad49c65800ffa523773b7342b431379f"
 		score = 75
@@ -328252,8 +328724,8 @@ rule SIGNATURE_BASE_APT_MAL_Winntilinux_Main_Azazelfork_May19 : FILE
 		date = "2019-05-15"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_linux.yar#L18-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_linux.yar#L18-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ae9d6848f33644795a0cc3928a76ea194b99da3c10f802db22034d9f695a0c23"
 		logic_hash = "3ff38795179f6c32f2ff014b06ac126ae3a0de3fe7515f0e49f12f9c8ff14b43"
 		score = 75
@@ -328285,8 +328757,8 @@ rule SIGNATURE_BASE_Bytes_Used_In_AES_Key_Generation : FILE
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ncsc_report_04_2018.yar#L9-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ncsc_report_04_2018.yar#L9-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b5278301da06450fe4442a25dda2d83d21485be63598642573f59c59e980ad46"
 		logic_hash = "221f5ea0a0224a96588912e7ddfbafd20b0b10c119395ca14d1138c284d7b79e"
 		score = 75
@@ -328308,8 +328780,8 @@ rule SIGNATURE_BASE_Partial_Implant_ID : FILE
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ncsc_report_04_2018.yar#L24-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ncsc_report_04_2018.yar#L24-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b5278301da06450fe4442a25dda2d83d21485be63598642573f59c59e980ad46"
 		logic_hash = "d0a29bed3c19007cb08427769918b0a02d5d247211a1ceaff31aed5839c78966"
 		score = 75
@@ -328331,8 +328803,8 @@ rule SIGNATURE_BASE_Sleep_Timer_Choice : FILE
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ncsc_report_04_2018.yar#L39-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ncsc_report_04_2018.yar#L39-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b5278301da06450fe4442a25dda2d83d21485be63598642573f59c59e980ad46"
 		logic_hash = "5d2b656aabb113c50805d4af0faa62f579547dd4ec328ff2778fab64d778b8b9"
 		score = 75
@@ -328354,8 +328826,8 @@ rule SIGNATURE_BASE_User_Function_String
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ncsc_report_04_2018.yar#L54-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ncsc_report_04_2018.yar#L54-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b5278301da06450fe4442a25dda2d83d21485be63598642573f59c59e980ad46"
 		logic_hash = "04821d1d5c12b5a9aca3c5b4be9f7a7d35320ad1503ccbdadebc7710c613a976"
 		score = 75
@@ -328381,8 +328853,8 @@ rule SIGNATURE_BASE_Generic_Shellcode_Downloader_Specific : FILE
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ncsc_report_04_2018.yar#L73-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ncsc_report_04_2018.yar#L73-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b8bc0611a7fd321d2483a0a9a505251e15c22402e0cfdc62c0258af53ed3658a"
 		logic_hash = "9315ad03b5a28030c32fea5547db3ae421a1ebdae0b96a8a4c2f92660c41bc40"
 		score = 75
@@ -328408,8 +328880,8 @@ rule SIGNATURE_BASE_Batch_Script_To_Run_Psexec
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ncsc_report_04_2018.yar#L91-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ncsc_report_04_2018.yar#L91-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b7d7c4bc8f9fd0e461425747122a431f93062358ed36ce281147998575ee1a18"
 		logic_hash = "9bdaa14aa535c178914f83c12b23484162f085c6fc6041d379268546ee99f462"
 		score = 75
@@ -328435,8 +328907,8 @@ rule SIGNATURE_BASE_Batch_Powershell_Invoke_Inveigh
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ncsc_report_04_2018.yar#L109-L124"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ncsc_report_04_2018.yar#L109-L124"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0a6b1b29496d4514f6485e78680ec4cd0296ef4d21862d8bf363900a4f8e3fd2"
 		logic_hash = "5048a180df301707622e9ad0b949da9e39d2f55f16fc43e7344a8181596a836c"
 		score = 75
@@ -328461,8 +328933,8 @@ rule SIGNATURE_BASE_Lnk_Detect : FILE
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ncsc_report_04_2018.yar#L126-L149"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ncsc_report_04_2018.yar#L126-L149"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ae8796877d70f8ddd56bac8ed474231f26d9bc8e73625e65d5d927ab804996b3"
 		score = 75
 		quality = 85
@@ -328493,8 +328965,8 @@ rule SIGNATURE_BASE_RDP_Brute_Strings
 		date = "2018-04-06"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ncsc_report_04_2018.yar#L151-L174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ncsc_report_04_2018.yar#L151-L174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8234bf8a1b53efd2a452780a69666d1aedcec9eb1bb714769283ccc2c2bdcc65"
 		logic_hash = "80c51d82a57271409d298b5175505c4234a6c3ec8a8763c93b669d1f0a8d59ba"
 		score = 75
@@ -328528,8 +329000,8 @@ rule SIGNATURE_BASE_WEBSHELL_Z_Webshell_1
 		modified = "2023-12-05"
 		old_rule_name = "Z_WebShell"
 		reference = "https://www.ncsc.gov.uk/alerts/hostile-state-actors-compromising-uk-organisations-focus-engineering-and-industrial-control"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ncsc_report_04_2018.yar#L176-L192"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ncsc_report_04_2018.yar#L176-L192"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ace12552f3a980f1eed4cadb02afe1bfb851cafc8e58fb130e1329719a07dbf0"
 		logic_hash = "1dfc546a7493c1443527ebe74ed8cd2b06ee032b9a3f736b830e16288e616d43"
 		score = 75
@@ -328554,8 +329026,8 @@ rule SIGNATURE_BASE_ONHAT_Proxy_Hacktool : FILE
 		date = "2016-05-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/p32Ozf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_onhat_proxy.yar#L8-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_onhat_proxy.yar#L8-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d8c088ecdedbd74ca174244c407c3bb27ccd082ec515c62ee19c93e0d45d3f3b"
 		score = 100
 		quality = 85
@@ -328587,8 +329059,8 @@ rule SIGNATURE_BASE_Crime_Win32_Parallax_Loader_1 : FILE
 		date = "2020-02-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/VK_Intel/status/1227976106227224578"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_parallax_rat.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_parallax_rat.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1331e7b69fd9b14b5d2dae45b452b385e48018290d91de33a4f4a5ebcce4805b"
 		score = 75
 		quality = 85
@@ -328611,8 +329083,8 @@ rule SIGNATURE_BASE_Crime_Win32_Parallax_Payload_1 : FILE
 		date = "2020-02-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/VK_Intel/status/1227976106227224578"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_parallax_rat.yar#L20-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_parallax_rat.yar#L20-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3a1718d7caea5bd6741dd39fc16f955e1d3c73a282d51eda5b63c3352404529e"
 		score = 75
 		quality = 85
@@ -328636,8 +329108,8 @@ rule SIGNATURE_BASE_APT_MAL_BKA_Goldenspy_Aug20_1 : FILE
 		date = "2020-08-21"
 		modified = "2023-12-05"
 		reference = "https://www.bka.de/SharedDocs/Kurzmeldungen/DE/Warnhinweise/200821_Cyberspionage.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_goldenspy.yar#L1-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_goldenspy.yar#L1-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ba81a2b081842aaf06bbf623640a87946894df83fd0d7b7149c48afa8ed0a081"
 		score = 75
 		quality = 85
@@ -328666,8 +329138,8 @@ rule SIGNATURE_BASE_ME_Campaign_Malware_1 : FILE
 		date = "2018-02-07"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_middle_east_talosreport.yar#L13-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_middle_east_talosreport.yar#L13-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e5ea689de4be64a02aed31c85a4bd56561ba932587998bc276ddba248d73fa2d"
 		score = 75
 		quality = 85
@@ -328688,8 +329160,8 @@ rule SIGNATURE_BASE_ME_Campaign_Malware_2 : FILE
 		date = "2018-02-07"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_middle_east_talosreport.yar#L28-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_middle_east_talosreport.yar#L28-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "414e7760c56d2a1713258bb5c5f65e4fb561523ae037f8715d7fba5914ef9211"
 		score = 75
 		quality = 85
@@ -328716,8 +329188,8 @@ rule SIGNATURE_BASE_ME_Campaign_Malware_3 : FILE
 		date = "2018-02-07"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_middle_east_talosreport.yar#L50-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_middle_east_talosreport.yar#L50-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7d45f9f624285ed13a16901335585490459f22ef8af157c38b720118735ed432"
 		score = 75
 		quality = 85
@@ -328744,8 +329216,8 @@ rule SIGNATURE_BASE_ME_Campaign_Malware_4 : FILE
 		date = "2018-02-07"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_middle_east_talosreport.yar#L68-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_middle_east_talosreport.yar#L68-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "83340b2d8f5f58f886eb318b80d7fbb0b9a4f5ad634db857edc405932f3ea5bc"
 		score = 75
 		quality = 85
@@ -328765,8 +329237,8 @@ rule SIGNATURE_BASE_ME_Campaign_Malware_5 : FILE
 		date = "2018-02-07"
 		modified = "2022-08-18"
 		reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_middle_east_talosreport.yar#L81-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_middle_east_talosreport.yar#L81-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b958a09be09de03e702a0653cf51148698b35c29bed90edbc3a65e485f0c3aa6"
 		score = 75
 		quality = 85
@@ -328794,8 +329266,8 @@ rule SIGNATURE_BASE_APT_Equation_Group_Op_Triangulation_Triangledb_Implant_Jun23
 		date = "2023-06-21"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/triangledb-triangulation-implant/110050/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_triangulation_jun23.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_triangulation_jun23.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "486b19ddb8b182dbba882359f7eb416735e76f9cda5aea1b290fb5c6b44960c5"
 		score = 80
 		quality = 85
@@ -328819,8 +329291,8 @@ rule SIGNATURE_BASE_MAL_Winnti_BR_Report_Twinpeaks : FILE
 		date = "2019-07-24"
 		modified = "2023-12-05"
 		reference = "https://github.com/br-data/2019-winnti-analyse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_br.yar#L3-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_br.yar#L3-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "76457f5aa4cc4bf4f43ffbaa60d63006455977e881f1d74b845835c505a93fed"
 		score = 75
 		quality = 85
@@ -328843,8 +329315,8 @@ rule SIGNATURE_BASE_MAL_BR_Report_Thedao : FILE
 		date = "2019-07-24"
 		modified = "2023-12-05"
 		reference = "https://github.com/br-data/2019-winnti-analyse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_br.yar#L17-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_br.yar#L17-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "798b092b7667462aa66590603504cb0cd1166e4ac3472627cd8cd8fdf8f0b778"
 		score = 75
 		quality = 60
@@ -328865,8 +329337,8 @@ rule SIGNATURE_BASE_MAL_Winnti_BR_Report_Mockingjay : FILE
 		date = "2019-07-24"
 		modified = "2023-12-05"
 		reference = "https://github.com/br-data/2019-winnti-analyse"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_br.yar#L30-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_br.yar#L30-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7a63b6f10cc5feebba16e585cb29d741876e1dc7f4dde3ef43ac76db9c7ad135"
 		score = 75
 		quality = 85
@@ -328889,8 +329361,8 @@ rule SIGNATURE_BASE_COZY_FANCY_BEAR_Hunt : FILE
 		date = "2016-06-14"
 		modified = "2023-12-05"
 		reference = "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fancybear_dnc.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fancybear_dnc.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9009f181eeecce0ae322ba24335426399cf4484dfc9b7ea6905fb163b4bf0a25"
 		score = 75
 		quality = 85
@@ -328918,8 +329390,8 @@ rule SIGNATURE_BASE_COZY_FANCY_BEAR_Pagemgr_Hunt : FILE
 		date = "2016-06-14"
 		modified = "2023-12-05"
 		reference = "https://www.crowdstrike.com/blog/bears-midst-intrusion-democratic-national-committee/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fancybear_dnc.yar#L30-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fancybear_dnc.yar#L30-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c6055b7cd04b994c80395276e83bec664b7dd32f8093411bfde0850cca39e9f7"
 		score = 75
 		quality = 85
@@ -328941,8 +329413,8 @@ rule SIGNATURE_BASE_LOG_APT_WEBSHELL_Solarwinds_SUNBURST_Report_Webshell_Dec20_2
 		date = "2020-12-21"
 		modified = "2023-12-05"
 		reference = "https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_solarwinds_susp_sunburst.yar#L21-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_solarwinds_susp_sunburst.yar#L21-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ec52e244a483ace0f6932b553b159b23b767c00d1f64a4711e5f359832e846f5"
 		score = 75
 		quality = 60
@@ -328963,8 +329435,8 @@ rule SIGNATURE_BASE_GRIZZLY_STEPPE_Malware_1 : FILE
 		date = "2016-12-29"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/WVflzO"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d4a06fbf875ba2dbe64abcc21fab4eea1fe1b092498a09d9a310214562c1869e"
 		score = 75
 		quality = 85
@@ -328992,8 +329464,8 @@ rule SIGNATURE_BASE_GRIZZLY_STEPPE_Malware_2 : FILE
 		date = "2016-12-29"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/WVflzO"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L30-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L30-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "134a76129ef2169ac60f21541ef51a223720badfad02f0822acc7fd6d49cf7e7"
 		score = 75
 		quality = 85
@@ -329022,8 +329494,8 @@ rule SIGNATURE_BASE_PAS_TOOL_PHP_WEB_KIT_Mod : FILE
 		date = "2016-12-29"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L52-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L52-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fab894d9609c1fca4a85457e6799d082dfd3eb9ca0564abc04a1a0dd07a7b546"
 		score = 75
 		quality = 85
@@ -329050,8 +329522,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Web_Kit_V3 : FILE
 		date = "2016-01-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/wordfence/grizzly"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L76-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L76-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "21bf0afcd3f8de813ddfe41ef32e45806e9f9d7d3b08ae7ce65017c35e32a868"
 		score = 75
 		quality = 85
@@ -329077,8 +329549,8 @@ rule SIGNATURE_BASE_Webshell_PHP_Web_Kit_V4 : FILE
 		date = "2016-01-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/wordfence/grizzly"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L97-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L97-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e2eaa0abd14f4dd08815c44797df707a08df1ea4e04ae69ba67d128a0fe4eff5"
 		score = 75
 		quality = 85
@@ -329103,8 +329575,8 @@ rule SIGNATURE_BASE_APT_APT29_Wellmess_Dotnet_Unique_Strings : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L120-L136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L120-L136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2285a264ffab59ab5a1eb4e2b9bcab9baf26750b6c551ee3094af56a4442ac41"
 		logic_hash = "90e8480aa50e18202007bcffdc8348290ad0ac0588c924b4f75ea425a6cae32d"
 		score = 75
@@ -329131,8 +329603,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Encryption_Key_Schedule : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L138-L153"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L138-L153"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "d4f7ec82e51f1063b4d61302e5ff9268dd3233bb44269fc32cb57fb9240f96e2"
 		score = 75
@@ -329158,8 +329630,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Encryption_Key_2B62 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L155-L167"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L155-L167"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "39ad6de70883fbe0377379c3cab15962372793043ebbf4054efb7cee3aff9104"
 		score = 75
@@ -329181,8 +329653,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Directory_Enumeration_Output_Strings : FI
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L169-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L169-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "8f029269f5a383737f38af04b05a16a71af5453bffe83e04ac53191eaa49d3e7"
 		score = 75
@@ -329206,8 +329678,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Command_Elem_Cookie_Ga_Boundary_String :
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L185-L199"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L185-L199"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "65b31a12d8abb88fbb99fcc6b2707bec90e4edc35d0cf21903213eda5cacec88"
 		score = 75
@@ -329231,8 +329703,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Encryption_Round_Function : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L201-L214"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L201-L214"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "c4979b7ec31581b43b6975be5d4b1bfa5562e5fe25bbb51bb7c388550ed80ac6"
 		score = 75
@@ -329255,8 +329727,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Add_Random_Commas_Spaces : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L216-L229"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L216-L229"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "046e222aabc9e596d9536702521b4729d990e1f327ded004ca984b73a8511a83"
 		score = 75
@@ -329279,8 +329751,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Modify_Alphabet_Custom_Encode : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L231-L243"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L231-L243"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "f0f5bcad52b0b15dc74a51973ef2752234bd12d677c846b2f96fe569d906ea3b"
 		score = 75
@@ -329303,8 +329775,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Custom_Encode_Decode : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L245-L274"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L245-L274"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "536147bda9603d68748010f9db260af732fe0865a601ae1104538933b19c519b"
 		score = 75
@@ -329343,8 +329815,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Remove_Chars_Comma_Space_Dot : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L276-L289"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L276-L289"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "58d8e65976b53b77645c248bfa18c3b87a6ecfb02f306fe6ba4944db96a5ede2"
 		logic_hash = "652607e0cfe6f5ad6ede169e28f63e8262fc37cbc7baa2525e52e79572d9a468"
 		score = 75
@@ -329368,8 +329840,8 @@ rule SIGNATURE_BASE_APT_APT29_Sorefang_Disk_Enumeration_Strings : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/advisory-apt29-targets-covid-19-vaccine-development"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt29_grizzly_steppe.yar#L291-L310"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt29_grizzly_steppe.yar#L291-L310"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a4b790ddffb3d2e6691dcacae08fb0bfa1ae56b6c73d70688b097ffa831af064"
 		logic_hash = "4a225b767dc922625c333aea866638bc5e239137592e46c17563b9cc380b0eea"
 		score = 75
@@ -329398,8 +329870,8 @@ rule SIGNATURE_BASE_APT_Malware_Commentcrew_Miniasp : FILE
 		date = "2015-06-03"
 		modified = "2023-12-05"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_miniasp.yar#L2-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_miniasp.yar#L2-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f382dd802f0332c99b1d33cf1dcd99ba7fad344a381152ebadfb69bc74c4e58f"
 		score = 75
 		quality = 85
@@ -329440,8 +329912,8 @@ rule SIGNATURE_BASE_Projectm_Darkcomet_1 : FILE
 		date = "2016-03-26"
 		modified = "2023-01-27"
 		reference = "http://researchcenter.paloaltonetworks.com/2016/03/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_m.yar#L10-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_m.yar#L10-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cc488690ce442e9f98bac651218f4075ca36c355d8cd83f7a9f5230970d24157"
 		logic_hash = "81ffaa382bb6f817fe2917a096a3eee49d2e8c281271da551ccd65679692712f"
 		score = 75
@@ -329469,8 +329941,8 @@ rule SIGNATURE_BASE_Projectm_Crimsondownloader : FILE
 		date = "2016-03-26"
 		modified = "2023-12-05"
 		reference = "http://researchcenter.paloaltonetworks.com/2016/03/unit42-projectm-link-found-between-pakistani-actor-and-operation-transparent-tribe/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_m.yar#L32-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_m.yar#L32-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "dc8bd60695070152c94cbeb5f61eca6e4309b8966f1aa9fdc2dd0ab754ad3e4c"
 		logic_hash = "3c9a4f5aca4c9fc26d371027a32e349a456ef25d6b403a66b9afb1ee19dd4d00"
 		score = 75
@@ -329499,8 +329971,8 @@ rule SIGNATURE_BASE_Elise_Jan18_1 : FILE
 		date = "2018-01-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/blu3_team/status/955971742329135105"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lotusblossom_elise.yar#L13-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lotusblossom_elise.yar#L13-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d43486db0d4263f91924da89f1922ad965ed91eadd07ae0705eecd371f31fa44"
 		score = 75
 		quality = 85
@@ -329525,8 +329997,8 @@ rule SIGNATURE_BASE_MAL_ME_Rawdisk_Agent_Jan20_1 : FILE
 		date = "2020-01-02"
 		modified = "2022-12-21"
 		reference = "Saudi National Cybersecurity Authority - Destructive Attack DUSTMAN"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dustman.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dustman.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "90345b8358d72b6616c6277222fb1091cb3a88b844391ac3766e7d1ee1192fbe"
 		score = 65
 		quality = 85
@@ -329555,8 +330027,8 @@ rule SIGNATURE_BASE_MAL_ME_Rawdisk_Agent_Jan20_2 : FILE
 		date = "2020-01-02"
 		modified = "2022-12-21"
 		reference = "https://twitter.com/jfslowik/status/1212501454549741568?s=09"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dustman.yar#L26-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dustman.yar#L26-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "73e4a88b749e3b2654e9021290932d2e556c29cfa772785b23bebad9f3a3f90a"
 		score = 65
 		quality = 85
@@ -329586,8 +330058,8 @@ rule SIGNATURE_BASE_VULN_Confluence_Questions_Plugin_CVE_2022_26138_Jul22_1 : CV
 		date = "2022-07-21"
 		modified = "2023-12-05"
 		reference = "https://www.bleepingcomputer.com/news/security/atlassian-fixes-critical-confluence-hardcoded-credentials-flaw/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vul_confluence_questions_plugin_cve_2022_26138.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vul_confluence_questions_plugin_cve_2022_26138.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c164bd3d9ed1e155d51112e14340b814f6ea782604540c84a6e9efb5c6041156"
 		score = 50
 		quality = 85
@@ -329615,8 +330087,8 @@ rule SIGNATURE_BASE_Invoke_Osiris : FILE
 		date = "2017-03-27"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_ps_osiris.yar#L10-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_ps_osiris.yar#L10-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9a93308d6595de647a96716df0799ec690d91b2fb87e0b4a2f47e6b8b52eed97"
 		score = 70
 		quality = 85
@@ -329640,8 +330112,8 @@ rule SIGNATURE_BASE_HKTL_Keyword_Injectdll : FILE
 		date = "2019-04-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/zerosum0x0/koadic"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_hacktool.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_hacktool.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "51c54026672e9ad36d2d68ae8dba61437f8808fbf2ad3c3c7bb086d8abb63987"
 		score = 60
 		quality = 85
@@ -329664,8 +330136,8 @@ rule SIGNATURE_BASE_HKTL_Python_Sectools
 		date = "2023-01-27"
 		modified = "2023-12-05"
 		reference = "https://github.com/p0dalirius/sectools"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_hacktool.yar#L18-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_hacktool.yar#L18-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "814ba1aa62bbb7aba886edae0f4ac5370818de15ca22a52a6ab667b4e93abf84"
 		hash = "b3328ac397d311e6eb79f0a5b9da155c4d1987e0d67487ea681ea59d93641d9e"
 		hash = "8cd205d5380278cff6673520439057e78fb8bf3d2b1c3c9be8463e949e5be4a1"
@@ -329691,8 +330163,8 @@ rule SIGNATURE_BASE_Fakem_Generic : FILE
 		date = "2016-01-25"
 		modified = "2023-01-06"
 		reference = "http://researchcenter.paloaltonetworks.com/2016/01/scarlet-mimic-years-long-espionage-targets-minority-activists/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fakem_backdoor.yar#L8-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fakem_backdoor.yar#L8-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0ee606be48961d1e4c1fd9e0e10b53603cfd62cec652baef62f893c0a9e9684c"
 		score = 85
 		quality = 85
@@ -329736,8 +330208,8 @@ rule SIGNATURE_BASE_MAL_LNX_Linadoor_Rootkit_May22 : FILE
 		date = "2022-05-19"
 		modified = "2023-05-16"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lnx_linadoor_rootkit.yar#L2-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lnx_linadoor_rootkit.yar#L2-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "546c34d4c204c7266884bb3b5b6ada418e83029ab88f72e5ffb094f50d9ed28e"
 		score = 85
 		quality = 85
@@ -329775,8 +330247,8 @@ rule SIGNATURE_BASE_Custom_Ssh_Backdoor_Server
 		date = "2015-05-14"
 		modified = "2022-08-18"
 		reference = "https://goo.gl/S46L3o"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_backdoor_ssh_python.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_backdoor_ssh_python.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0953b6c2181249b94282ca5736471f85d80d41c9"
 		logic_hash = "7bb142b69a75003e8f26d462c0895a3d807d5c326684e83d756178a3b91669dc"
 		score = 75
@@ -329800,8 +330272,8 @@ rule SIGNATURE_BASE_RUAG_Tavdig_Malformed_Executable : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/N5MEj0"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ruag.yar#L9-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ruag.yar#L9-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2a6eb90cc77f4556da0b5b0211bf0c4759dae0d78e9c6b765eff0e9a34f52e0f"
 		score = 60
 		quality = 85
@@ -329819,8 +330291,8 @@ rule SIGNATURE_BASE_RUAG_Bot_Config_File : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/N5MEj0"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ruag.yar#L21-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ruag.yar#L21-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "256808511233da446ec69db4f5a5e23a237296c100e79e78bbe5e4964fa5dde6"
 		score = 60
 		quality = 85
@@ -329843,8 +330315,8 @@ rule SIGNATURE_BASE_RUAG_Cobra_Malware : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/N5MEj0"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ruag.yar#L36-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ruag.yar#L36-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5576e8e465eb289e8da44009cb2237080c5b5c3eb6d7a337634d91c5d68ecd80"
 		score = 60
 		quality = 85
@@ -329865,8 +330337,8 @@ rule SIGNATURE_BASE_RUAG_Cobra_Config_File : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/N5MEj0"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ruag.yar#L49-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ruag.yar#L49-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "703a89562f3a2e5692883892f468288276459ad528cd371b1ac226e1d1c4be02"
 		score = 60
 		quality = 85
@@ -329897,8 +330369,8 @@ rule SIGNATURE_BASE_RUAG_Exfil_Config_File : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/N5MEj0"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ruag.yar#L73-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ruag.yar#L73-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "379e8762932ca565f3bd35ec241aef2d0445fbe6182a041e4d4e16a1170202ef"
 		score = 60
 		quality = 85
@@ -329924,8 +330396,8 @@ rule SIGNATURE_BASE_Merlinagent
 		date = "2017-12-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/Ne0nd0g/merlin"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_merlin_agent.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_merlin_agent.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "21743230556cc11a78942de30be476ad8e73731bbda9a4feb83bd8140a703d01"
 		score = 75
 		quality = 85
@@ -329959,11 +330431,11 @@ rule SIGNATURE_BASE_EXPL_LOG_Cacti_Commandinjection_CVE_2022_46169_Dec22_1 : CVE
 		date = "2022-12-27"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cve_2022_46169_cacti.yar#L1-L13"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cve_2022_46169_cacti.yar#L1-L13"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6ccd3b830deb5c5d65519274c4c528203a2a14a177382334da87e288174e2cfe"
 		score = 70
-		quality = 60
+		quality = 85
 		tags = "CVE-2022-46169"
 
 	strings:
@@ -329982,8 +330454,8 @@ rule SIGNATURE_BASE_Agent_BTZ_Proxy_DLL_1 : FILE
 		date = "2017-08-07"
 		modified = "2023-12-05"
 		reference = "http://www.intezer.com/new-variants-of-agent-btz-comrat-found/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_agent_btz.yar#L13-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_agent_btz.yar#L13-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ea430b2888b487a5c7a91b73e8a7893b53d67e8ac95ae85fe9d15c633b2ee660"
 		score = 75
 		quality = 85
@@ -330008,8 +330480,8 @@ rule SIGNATURE_BASE_Agent_BTZ_Proxy_DLL_2 : FILE
 		date = "2017-08-07"
 		modified = "2023-12-05"
 		reference = "http://www.intezer.com/new-variants-of-agent-btz-comrat-found/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_agent_btz.yar#L29-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_agent_btz.yar#L29-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "41960e6deaee5d087b0eeee515b323cef8ead45ad305d053f6eb1897e204b003"
 		score = 75
 		quality = 85
@@ -330043,8 +330515,8 @@ rule SIGNATURE_BASE_Agent_BTZ_Aug17 : FILE
 		date = "2017-08-07"
 		modified = "2023-12-05"
 		reference = "http://www.intezer.com/new-variants-of-agent-btz-comrat-found/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_agent_btz.yar#L54-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_agent_btz.yar#L54-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cf4fc7820d516cf0322bf25460301b4d04f914814fc2a069164814dd4e1158be"
 		score = 75
 		quality = 85
@@ -330070,8 +330542,8 @@ rule SIGNATURE_BASE_APT_Turla_Agent_BTZ_Gen_1 : FILE
 		date = "2018-06-16"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_agent_btz.yar#L75-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_agent_btz.yar#L75-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8616d95e683f213916f06a7bf672ced90b2fa55cb4331176021614b4f0b03aed"
 		score = 80
 		quality = 85
@@ -330106,8 +330578,8 @@ rule SIGNATURE_BASE_VULN_PUA_GIGABYTE_Driver_Jul22_1 : FILE
 		date = "2022-07-25"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/malmoeb/status/1551449425842786306"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vuln_gigabyte_driver.yar#L2-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vuln_gigabyte_driver.yar#L2-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8aeae559b52b8e01ceab8caba24653b949b3bec694a14b36c819b0a7c9f8b7c6"
 		score = 65
 		quality = 85
@@ -330140,8 +330612,8 @@ rule SIGNATURE_BASE_Uboatrat : FILE
 		date = "2017-11-29"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_uboat_rat.yar#L9-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_uboat_rat.yar#L9-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3d0837607d1a5efd9986eccf98f108633502a09dbf8c4c94fc0f0247060bc3a8"
 		score = 75
 		quality = 83
@@ -330179,8 +330651,8 @@ rule SIGNATURE_BASE_Uboatrat_Dropper : FILE
 		date = "2017-11-29"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/11/unit42-uboatrat-navigates-east-asia/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_uboat_rat.yar#L52-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_uboat_rat.yar#L52-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6f8dcc8559fa0ab1644ef6bab9bc875f3d62391c157b373e0355ad03d35e5601"
 		score = 75
 		quality = 85
@@ -330207,8 +330679,8 @@ rule SIGNATURE_BASE_Lazarus_Dec_17_1 : FILE
 		date = "2017-12-20"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8U6fY2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_dec17.yar#L12-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_dec17.yar#L12-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "50ff8418cf342147a81ef3a418e5e61d42f0e5764982e43b51d4dd3a983a548e"
 		score = 75
 		quality = 85
@@ -330235,8 +330707,8 @@ rule SIGNATURE_BASE_Lazarus_Dec_17_2 : FILE
 		date = "2017-12-20"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8U6fY2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_dec17.yar#L31-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_dec17.yar#L31-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "273cd54a0c3ecf53893de0ef9c41d784725eea6cc843e04df01cd8f29d61a797"
 		score = 75
 		quality = 85
@@ -330263,8 +330735,8 @@ rule SIGNATURE_BASE_Lazarus_Dec_17_4 : FILE
 		date = "2017-12-20"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8U6fY2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_dec17.yar#L53-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_dec17.yar#L53-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "70801347699d339cb47cad03ec3f694b09a976e32b70052a97fade09fcac679d"
 		score = 75
 		quality = 85
@@ -330288,8 +330760,8 @@ rule SIGNATURE_BASE_Lazarus_Dec_17_5 : FILE
 		date = "2017-12-20"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8U6fY2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_dec17.yar#L69-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_dec17.yar#L69-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "480ec19f7050d34713ed621ae9ec5d5463b1cc4710b473465cc78e533796d2e4"
 		score = 75
 		quality = 85
@@ -330319,8 +330791,8 @@ rule SIGNATURE_BASE_SUSP_Gobfuscate_May21 : FILE
 		date = "2021-05-14"
 		modified = "2024-04-02"
 		reference = "https://github.com/unixpickle/gobfuscate"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_gobfuscate.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_gobfuscate.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f71078dd6354a482a2ead2f0d25f4172cd40e62440a70c2da7916b68f26909a3"
 		score = 70
 		quality = 85
@@ -330342,8 +330814,8 @@ rule SIGNATURE_BASE_MAL_EXPL_Perfctl_Oct24 : FILE
 		date = "2024-10-09"
 		modified = "2024-12-12"
 		reference = "https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_perfctl_oct24.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_perfctl_oct24.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "44d4683efc66b3c6c2d32be6b83a2bbc1db39c9a020365dddd27c20667bc6a66"
 		score = 80
 		quality = 85
@@ -330368,8 +330840,8 @@ rule SIGNATURE_BASE_MAL_LNX_Perfctl_Oct24 : FILE
 		date = "2024-10-09"
 		modified = "2024-12-12"
 		reference = "https://www.aquasec.com/blog/perfctl-a-stealthy-malware-targeting-millions-of-linux-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_perfctl_oct24.yar#L23-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_perfctl_oct24.yar#L23-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d47df34240f59124542acc41484e8935327490c04c4e15a558b2ffc6f9c52ea8"
 		score = 75
 		quality = 85
@@ -330395,8 +330867,8 @@ rule SIGNATURE_BASE_Icefog_Malware_Feb18_1 : FILE
 		date = "2018-02-26"
 		modified = "2023-01-06"
 		reference = "https://twitter.com/ClearskySec/status/968104465818669057"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_icefog.yar#L11-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_icefog.yar#L11-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8bba0f7f6f6aad6586c2c5ed29f30514d2f88703134f331724cc2ff86ccffe87"
 		score = 75
 		quality = 85
@@ -330426,8 +330898,8 @@ rule SIGNATURE_BASE_HKTL_Khepri_Beacon_Sep21_1 : FILE
 		date = "2021-09-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/geemion/Khepri/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_khepri.yar#L2-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_khepri.yar#L2-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c688dbda6006ef28305285f6aeec24a23cbfe9174d09cf4e3586bd0cf7290e60"
 		score = 90
 		quality = 85
@@ -330463,8 +330935,8 @@ rule SIGNATURE_BASE_Powershell_Isesteroids_Obfuscation
 		date = "2017-06-23"
 		modified = "2025-02-12"
 		reference = "https://twitter.com/danielhbohannon/status/877953970437844993"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_obfuscation.yar#L11-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_obfuscation.yar#L11-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6d9476f679614e34a0d13664baffd15b0bdb896f7eeca2c9de66bdc0d65a2eec"
 		score = 75
 		quality = 85
@@ -330489,8 +330961,8 @@ rule SIGNATURE_BASE_SUSP_Obfuscted_Powershell_Code
 		date = "2018-12-13"
 		modified = "2025-02-12"
 		reference = "https://twitter.com/silv0123/status/1073072691584880640"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_obfuscation.yar#L28-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_obfuscation.yar#L28-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "afd7e4b88c812b23441549565a18fde18c24fe91ec467455002ef338e092ebf9"
 		score = 65
 		quality = 85
@@ -330504,6 +330976,29 @@ rule SIGNATURE_BASE_SUSP_Obfuscted_Powershell_Code
 	condition:
 		#s1> 11 and #s2 > 10 and #s3 > 10
 }
+rule SIGNATURE_BASE_SUSP_Powershell_Caret_Obfuscation_2
+{
+	meta:
+		description = "Detects powershell keyword obfuscated with carets"
+		author = "Florian Roth (Nextron Systems)"
+		id = "976e261a-029c-5703-835f-a235c5657471"
+		date = "2019-07-20"
+		modified = "2025-02-12"
+		reference = "Internal Research"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_obfuscation.yar#L43-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
+		logic_hash = "0aa21df64d61cb299b0f77da8b97e8cfc379622a8092e71657c478519d83fd31"
+		score = 65
+		quality = 31
+		tags = ""
+
+	strings:
+		$r1 = /p[\^]?o[\^]?w[\^]?e[\^]?r[\^]?s[\^]?h[\^]?e[\^]?l\^l/ ascii wide nocase fullword
+		$r2 = /p\^o[\^]?w[\^]?e[\^]?r[\^]?s[\^]?h[\^]?e[\^]?l[\^]?l/ ascii wide nocase fullword
+
+	condition:
+		1 of them
+}
 rule SIGNATURE_BASE_SUSP_OBFUSC_Powershell_True_Jun20_1 : FILE
 {
 	meta:
@@ -330513,8 +331008,8 @@ rule SIGNATURE_BASE_SUSP_OBFUSC_Powershell_True_Jun20_1 : FILE
 		date = "2020-06-27"
 		modified = "2025-02-12"
 		reference = "https://github.com/corneacristian/mimikatz-bypass/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_obfuscation.yar#L57-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_obfuscation.yar#L57-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8f33762e6e93fcf6b423b34eb1abefae2ae91b51048303947f7c1601823630d7"
 		score = 75
 		quality = 85
@@ -330541,8 +331036,8 @@ rule SIGNATURE_BASE_SUSP_VEST_Encryption_Core_Accumulator_Jan21 : FILE
 		date = "2021-01-28"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ochsenmeier/status/1354737155495649280"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_jan21.yar#L2-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_jan21.yar#L2-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "41fe42b2f2b5fb54b7ff19b74a35aadd928be9a3c7280ee9feffc4a142924b07"
 		score = 70
 		quality = 85
@@ -330574,8 +331069,8 @@ rule SIGNATURE_BASE_Brc4_Shellcode
 		date = "2022-11-19"
 		modified = "2023-12-05"
 		reference = "https://github.com/paranoidninja/Brute-Ratel-C4-Community-Kit/blob/main/deprecated/brc4.yara"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/hktl_bruteratel_c4.yar#L263-L290"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/hktl_bruteratel_c4.yar#L263-L290"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a2816eb0316cebc96569847c17eae3bc50b988b07aa471176a09695fcefc21ec"
 		score = 75
 		quality = 83
@@ -330610,8 +331105,8 @@ rule SIGNATURE_BASE_MAL_Fake_Document_Software_Indicators_Nov23 : FILE
 		date = "2023-11-13"
 		modified = "2024-04-24"
 		reference = "https://nochlab.blogspot.com/2023/09/net-in-javascript-fake-pdf-converter.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_fake_document_software.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_fake_document_software.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5f0a088bf672559fbac90313768d41b79be7f1f56c6ddb36f0dcd265a07f98b2"
 		score = 80
 		quality = 85
@@ -330638,8 +331133,8 @@ rule SIGNATURE_BASE_Korplug_FAST : FILE
 		date = "2015-08-20"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_korplug_fast.yar#L1-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_korplug_fast.yar#L1-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c437465db42268332543fbf6fd6a560ca010f19e0fd56562fb83fb704824b371"
 		logic_hash = "31aeb634eecc0f93353432b0dde113bfb54810ea74b02f959447a1d42e7e9e1b"
 		score = 75
@@ -330669,8 +331164,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_Lazarus_VHD_Ransomware_Oct20_1 : FILE
 		date = "2020-10-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_vhd_ransomware.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_vhd_ransomware.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "95c56c5111bb227da8f8a3f8aa4f23e1348bc76ff76a05fc3cae89f9fad1bb52"
 		score = 75
 		quality = 85
@@ -330699,8 +331194,8 @@ rule SIGNATURE_BASE_APT_MAL_NK_Lazarus_VHD_Ransomware_Oct20_2 : FILE
 		date = "2020-10-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_vhd_ransomware.yar#L26-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_vhd_ransomware.yar#L26-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cf28771a854b3bacc911375c09f6c6bc6ddebff95612a509890c56a5a14e8921"
 		score = 75
 		quality = 85
@@ -330725,8 +331220,8 @@ rule SIGNATURE_BASE_EXPL_HKTL_Macos_Switcharoo_CVE_2022_46689_Dec22 : CVE_2022_4
 		date = "2022-12-19"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_macos_switcharoo_dec22.yar#L2-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_macos_switcharoo_dec22.yar#L2-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c2cbe12a01a38db522c49143c5168d3519ef974b4e6157cb251aa66707c69d78"
 		score = 80
 		quality = 85
@@ -330765,8 +331260,8 @@ rule SIGNATURE_BASE_EXPL_Macos_Switcharoo_Indicator_Dec22 : CVE_2022_46689 FILE
 		date = "2022-12-19"
 		modified = "2023-12-05"
 		reference = "https://github.com/zhuowei/MacDirtyCowDemo"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_macos_switcharoo_dec22.yar#L42-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_macos_switcharoo_dec22.yar#L42-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9b9ea134fc4b3a7b15ae585ced2e12cbe1defc54bc6175282d6b7a2a0b65abd1"
 		score = 65
 		quality = 85
@@ -330787,8 +331282,8 @@ rule SIGNATURE_BASE_APT6_Malware_Sample_Gen : FILE
 		date = "2016-04-09"
 		modified = "2023-01-06"
 		reference = "https://otx.alienvault.com/pulse/56c4d1664637f26ad04e5b73/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt6_malware.yar#L8-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt6_malware.yar#L8-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "614a6673579630fc254d3c546161647e619df5a03ee6f21434d6cc50be1ed187"
 		score = 80
 		quality = 83
@@ -330834,8 +331329,8 @@ rule SIGNATURE_BASE_Cobaltstrike_C2_Host_Indicator : FILE
 		date = "2019-08-16"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cobaltstrike_evasive.yar#L1-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cobaltstrike_evasive.yar#L1-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4761e282e9473ba665a597894ed514d057309703a7d5b4e462ef0e779bbb8c39"
 		score = 60
 		quality = 65
@@ -330857,8 +331352,8 @@ rule SIGNATURE_BASE_Cobaltstrike_Sleep_Decoder_Indicator
 		date = "2021-07-19"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cobaltstrike_evasive.yar#L16-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cobaltstrike_evasive.yar#L16-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f3243c326df18edbd15c2d9120379588e61709efb9295b9584c0565c04ee38a5"
 		score = 75
 		quality = 85
@@ -330879,8 +331374,8 @@ rule SIGNATURE_BASE_Cobaltstrike_C2_Encoded_XOR_Config_Indicator
 		date = "2021-07-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cobaltstrike_evasive.yar#L28-L295"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cobaltstrike_evasive.yar#L28-L295"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6b25ee9064e925c183ef7599c95ecffce48c7f96eea714fa5f6441b21716277e"
 		score = 75
 		quality = 60
@@ -331157,8 +331652,8 @@ rule SIGNATURE_BASE_Cobaltstrike_MZ_Launcher
 		date = "2021-07-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cobaltstrike_evasive.yar#L297-L307"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cobaltstrike_evasive.yar#L297-L307"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aa188546db138dffdcdbf6538367b5d5bc37638a2784b24b7fcd913c15e56072"
 		score = 75
 		quality = 85
@@ -331179,8 +331674,8 @@ rule SIGNATURE_BASE_Cobaltstrike_Unmodifed_Beacon
 		date = "2019-08-16"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cobaltstrike_evasive.yar#L309-L320"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cobaltstrike_evasive.yar#L309-L320"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "10114a431fb70be8e18e67b22aa76bf2c0536f07d373f717c1dc51755e0847c9"
 		score = 75
 		quality = 85
@@ -331202,8 +331697,8 @@ rule SIGNATURE_BASE_APT_Liudoor : WIN32_DLL
 		date = "2015-07-23"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_terracotta_liudoor.yar#L1-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_terracotta_liudoor.yar#L1-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6f60002d0173a8ebd2b407e79377d4816e699742aedb1e0649b08fd4ca6cf359"
 		score = 75
 		quality = 85
@@ -331239,8 +331734,8 @@ rule SIGNATURE_BASE_APT_Tick_Sysmon_Loader_Jun18 : FILE
 		date = "2018-06-23"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_tick_weaponized_usb.yar#L13-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_tick_weaponized_usb.yar#L13-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e6256269409322a4f48bfdaafc52f5ec83602cf66f2e3b8d83ed5175e1dc506f"
 		score = 75
 		quality = 85
@@ -331271,8 +331766,8 @@ rule SIGNATURE_BASE_APT_Tick_Homamdownloader_Jun18 : FILE
 		date = "2018-06-23"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/06/unit42-tick-group-weaponized-secure-usb-drives-target-air-gapped-critical-systems/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_tick_weaponized_usb.yar#L40-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_tick_weaponized_usb.yar#L40-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b4c798aa0c71f44f271e710d791c97adcbf9bd28ec87dd1d8d589029e58d1cfb"
 		score = 75
 		quality = 85
@@ -331300,8 +331795,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic : FILE
 		date = "2021-01-14"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L83-L411"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L83-L411"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bee1b76b1455105d4bfe2f45191071cf05e83a309ae9defcf759248ca9bceddd"
 		hash = "6bf351900a408120bee3fc6ea39905c6a35fe6efcf35d0a783ee92062e63a854"
 		hash = "e3b4e5ec29628791f836e15500f6fdea19beaf3e8d9981c50714656c50d3b365"
@@ -331331,7 +331826,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic : FILE
 		hash = "dd5d8a9b4bb406e0b8f868165a1714fe54ffb18e621582210f96f6e5ae850b33"
 		logic_hash = "03c1963ec7a0409970baa98dc3a62f721c092b41d4026475a38b1ef466426b75"
 		score = 70
-		quality = -134
+		quality = -109
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -331525,8 +332020,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Callback : FILE
 		date = "2021-01-14"
 		modified = "2023-09-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L413-L718"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L413-L718"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e98889690101b59260e871c49263314526f2093f"
 		hash = "63297f8c1d4e88415bc094bc5546124c9ed8d57aca3a09e36ae18f5f054ad172"
 		hash = "81388c8cc99353cdb42572bb88df7d3bd70eefc748c2fa4224b6074aa8d7e6a2"
@@ -331544,7 +332039,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Callback : FILE
 		hash = "487e8c08e85774dfd1f5e744050c08eb7d01c6877f7d03d7963187748339e8c4"
 		logic_hash = "e12dec5252a816c10443fe0e0b40b0b9b4a187b32facd8e09e1f057801da25f9"
 		score = 60
-		quality = -128
+		quality = -103
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -331742,8 +332237,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Base64_Encoded_Payloads : FILE
 		date = "2021-01-07"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L720-L870"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L720-L870"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "88d0d4696c9cb2d37d16e330e236cb37cfaec4cd"
 		hash = "e3b4e5ec29628791f836e15500f6fdea19beaf3e8d9981c50714656c50d3b365"
 		hash = "e726cd071915534761822805724c6c6bfe0fcac604a86f09437f03f301512dc5"
@@ -331761,7 +332256,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Base64_Encoded_Payloads : FILE
 		hash = "e2b1dfcfaa61e92526a3a444be6c65330a8db4e692543a421e19711760f6ffe2"
 		logic_hash = "8f606dc3e1e688cca144fe769af50980b4c25fa69b08c67aca8c676a6a060010"
 		score = 75
-		quality = -8
+		quality = 17
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -331859,8 +332354,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Unknown_1 : FILE
 		date = "2021-01-07"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L872-L894"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L872-L894"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "12ce6c7167b33cc4e8bdec29fb1cfc44ac9487d1"
 		hash = "cf4abbd568ce0c0dfce1f2e4af669ad2"
 		logic_hash = "ce2d4c87c001a45febf7eac5474aa0d24ea73067f9154203ef5653bf77e7028f"
@@ -331888,8 +332383,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Eval : FILE
 		date = "2021-01-07"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L896-L955"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L896-L955"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a61437a427062756e2221bfb6d58cd62439d09d9"
 		hash = "90c5cc724ec9cf838e4229e5e08955eec4d7bf95"
 		hash = "2b41abc43c5b6c791d4031005bf7c5104a98e98a00ee24620ce3e8e09a78e78f"
@@ -331911,7 +332406,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Eval : FILE
 		hash = "dd5d8a9b4bb406e0b8f868165a1714fe54ffb18e621582210f96f6e5ae850b33"
 		logic_hash = "4b7759e4761f5897bfb5e576df645a2e99cec4e703fb28d0fc275cf8f8848263"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -331945,8 +332440,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Double_Eval_Tiny : FILE
 		date = "2021-01-11"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L957-L1008"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L957-L1008"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f66fb918751acc7b88a17272a044b5242797976c73a6e54ac6b04b02f61e9761"
 		hash = "6b2f0a3bd80019dea536ddbf92df36ab897dd295840cb15bb7b159d0ee2106ff"
 		hash = "aabfd179aaf716929c8b820eefa3c1f613f8dcac"
@@ -331954,7 +332449,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Double_Eval_Tiny : FILE
 		hash = "006620d2a701de73d995fc950691665c0692af11"
 		logic_hash = "cf0405e8a44497574d75291bf86bf9413d9a64140e820f7f5a655fe5302c6918"
 		score = 75
-		quality = 17
+		quality = 42
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -331986,15 +332481,15 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC : FILE
 		date = "2021-01-12"
 		modified = "2025-07-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L1010-L1137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L1010-L1137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "eec9ac58a1e763f5ea0f7fa249f1fe752047fa60"
 		hash = "181a71c99a4ae13ebd5c94bfc41f9ec534acf61cd33ef5bce5fb2a6f48b65bf4"
 		hash = "76d4e67e13c21662c4b30aab701ce9cdecc8698696979e504c288f20de92aee7"
 		hash = "1d0643927f04cb1133f00aa6c5fa84aaf88e5cf14d7df8291615b402e8ab6dc2"
 		logic_hash = "c23896664a1fa7ccc94d19fb12bb72c00e1db09fd0d09943c01da40bffe100eb"
 		score = 75
-		quality = -48
+		quality = -23
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -332062,14 +332557,14 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Encoded : FILE
 		date = "2021-04-18"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L1139-L1190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L1139-L1190"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "119fc058c9c5285498a47aa271ac9a27f6ada1bf4d854ccd4b01db993d61fc52"
 		hash = "d5ca3e4505ea122019ea263d6433221030b3f64460d3ce2c7d0d63ed91162175"
 		hash = "8a1e2d72c82f6a846ec066d249bfa0aaf392c65149d39b7b15ba19f9adc3b339"
 		logic_hash = "c2a88e48374f949fcc9c14b773f7709c96b3147d1982ae9721708474ee5a3dcd"
 		score = 70
-		quality = -89
+		quality = -64
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -332101,8 +332596,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Encoded_Mixed_Dec_And_Hex : FILE
 		date = "2021-04-18"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L1192-L1248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L1192-L1248"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0e21931b16f30b1db90a27eafabccc91abd757fa63594ba8a6ad3f477de1ab1c"
 		hash = "929975272f0f42bf76469ed89ebf37efcbd91c6f8dac1129c7ab061e2564dd06"
 		hash = "88fce6c1b589d600b4295528d3fcac161b581f739095b99cd6c768b7e16e89ff"
@@ -332117,7 +332612,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Encoded_Mixed_Dec_And_Hex : FILE
 		hash = "0ff05e6695074f98b0dee6200697a997c509a652f746d2c1c92c0b0a0552ca47"
 		logic_hash = "d9b4d224d43915cf08050c173627b314c3e41a30ecfffe28038281eadc114e51"
 		score = 75
-		quality = -8
+		quality = 17
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -332146,8 +332641,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Tiny : FILE
 		date = "2021-01-12"
 		modified = "2024-03-11"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L1250-L1345"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L1250-L1345"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b7b7aabd518a2f8578d4b1bc9a3af60d155972f1"
 		hash = "694ec6e1c4f34632a9bd7065f73be473"
 		hash = "5c871183444dbb5c8766df6b126bd80c624a63a16cc39e20a0f7b002216b2ba5"
@@ -332213,8 +332708,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Str_Replace : FILE
 		date = "2021-01-12"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L1347-L1402"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L1347-L1402"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "691305753e26884d0f930cda0fe5231c6437de94"
 		hash = "7efd463aeb5bf0120dc5f963b62463211bd9e678"
 		hash = "fb655ddb90892e522ae1aaaf6cd8bde27a7f49ef"
@@ -332223,7 +332718,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Str_Replace : FILE
 		hash = "e1a2af3477d62a58f9e6431f5a4a123fb897ea80"
 		logic_hash = "74fb86a7ee7342ede9f49ef004a92fb7bdf06ca62f8e8f0ea1c6adcff96bcb2d"
 		score = 75
-		quality = 21
+		quality = 46
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -332257,14 +332752,14 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_Fopo : FILE
 		date = "2021-01-12"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L1404-L1464"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L1404-L1464"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fbcff8ea5ce04fc91c05384e847f2c316e013207"
 		hash = "6da57ad8be1c587bb5cc8a1413f07d10fb314b72"
 		hash = "a698441f817a9a72908a0d93a34133469f33a7b34972af3e351bdccae0737d99"
 		logic_hash = "076c0c256e5951cdcb2b7bc55030f55bec48c1bea953b8bd85559a3230e387ae"
 		score = 75
-		quality = 15
+		quality = 40
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -332305,8 +332800,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Gzinflated : FILE
 		date = "2021-01-12"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L1466-L1539"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L1466-L1539"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "49e5bc75a1ec36beeff4fbaeb16b322b08cf192d"
 		hash = "6f36d201cd32296bad9d5864c7357e8634f365cc"
 		hash = "ab10a1e69f3dfe7c2ad12b2e6c0e66db819c2301"
@@ -332314,7 +332809,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Gzinflated : FILE
 		hash = "07eb6634f28549ebf26583e8b154c6a579b8a733"
 		logic_hash = "d2edb7050c986a00889fd01b709ec0aa1409ce2e40a15b7942562d12596b190e"
 		score = 75
-		quality = 7
+		quality = 32
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -332360,15 +332855,15 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_OBFUSC_3 : FILE
 		date = "2021-04-17"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L1541-L1847"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L1541-L1847"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "11bb1fa3478ec16c00da2a1531906c05e9c982ea"
 		hash = "d6b851cae249ea6744078393f622ace15f9880bc"
 		hash = "14e02b61905cf373ba9234a13958310652a91ece"
 		hash = "6f97f607a3db798128288e32de851c6f56e91c1d"
 		logic_hash = "aba86f6d8458bb119b9e495e6e77c1b89855bde31b12395a4d656878c5152932"
 		score = 70
-		quality = -298
+		quality = -198
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -332568,15 +333063,15 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Includer_Eval : FILE
 		date = "2021-01-13"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L1849-L1898"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L1849-L1898"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3a07e9188028efa32872ba5b6e5363920a6b2489"
 		hash = "ab771bb715710892b9513b1d075b4e2c0931afb6"
 		hash = "202dbcdc2896873631e1a0448098c820c82bcc8385a9f7579a0dc9702d76f580"
 		hash = "b51a6d208ec3a44a67cce16dcc1e93cdb06fe150acf16222815333ddf52d4db8"
 		logic_hash = "a7e9632c495e5d4cc883e2593c8ebe41cdf6a18b54bd6dfd3aec85352f19321c"
 		score = 75
-		quality = 21
+		quality = 46
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -332608,14 +333103,14 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Includer_Tiny : FILE
 		date = "2021-04-17"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L1900-L1945"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L1900-L1945"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0687585025f99596508783b891e26d6989eec2ba"
 		hash = "9e856f5cb7cb901b5003e57c528a6298341d04dc"
 		hash = "b3b0274cda28292813096a5a7a3f5f77378b8905205bda7bb7e1a679a7845004"
 		logic_hash = "e1efb6384009def30d845650fd0dd77319c3c7b4402cca074ca5c2a06372ab58"
 		score = 75
-		quality = 17
+		quality = 42
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -332644,15 +333139,15 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Dynamic : FILE
 		date = "2021-01-13"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L1947-L2020"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L1947-L2020"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "65dca1e652d09514e9c9b2e0004629d03ab3c3ef"
 		hash = "b8ab38dc75cec26ce3d3a91cb2951d7cdd004838"
 		hash = "c4765e81550b476976604d01c20e3dbd415366df"
 		hash = "2e11ba2d06ebe0aa818e38e24a8a83eebbaae8877c10b704af01bf2977701e73"
 		logic_hash = "c49434662defad4945639887f4a6537c44a5559f83646f378f848b4aa4ba3c3f"
 		score = 60
-		quality = -181
+		quality = -156
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -332699,10 +333194,10 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Dynamic_Big : FILE
 		author = "Arnim Rupp (https://github.com/ruppde)"
 		id = "a5caab93-7b94-59d7-bbca-f9863e81b9e5"
 		date = "2021-02-07"
-		modified = "2024-02-23"
+		modified = "2025-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L2022-L2341"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L2022-L2343"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6559bfc4be43a55c6bb2bd867b4c9b929713d3f7f6de8111a3c330f87a9b302c"
 		hash = "9e82c9c2fa64e26fd55aa18f74759454d89f968068d46b255bd4f41eb556112e"
 		hash = "6def5296f95e191a9c7f64f7d8ac5c529d4a4347ae484775965442162345dc93"
@@ -332712,15 +333207,16 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Dynamic_Big : FILE
 		hash = "b49d0f942a38a33d2b655b1c32ac44f19ed844c2479bad6e540f69b807dd3022"
 		hash = "575edeb905b434a3b35732654eedd3afae81e7d99ca35848c509177aa9bf9eef"
 		hash = "ee34d62e136a04e2eaf84b8daa12c9f2233a366af83081a38c3c973ab5e2c40f"
-		logic_hash = "d424ade502fe926710ffee4593f3c13e53907de01c15ddcbc40359b462f40a15"
+		logic_hash = "1a29df7465b475e74d0f21f1705405e9663699a6e3c7b7107988ee3e202c3a25"
 		score = 50
-		quality = -361
+		quality = -336
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
 
 	strings:
-		$dex = { 64 65 ( 78 | 79 ) 0a 30 }
+		$dex1 = "dex\n0"
+		$dex2 = "dey\n0"
 		$pack = { 50 41 43 4b 00 00 00 02 00 }
 		$new_php2 = "<?php" nocase wide ascii
 		$new_php3 = "<script language=\"php" nocase wide ascii
@@ -332874,7 +333370,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Dynamic_Big : FILE
 		$fp6 = "$messages['fileuploaderror'] = '"
 
 	condition:
-		not ( uint16( 0 ) == 0x5a4d or uint32be( 0 ) == 0x3c3f786d or uint32be( 0 ) == 0x3c3f584d or $dex at 0 or $pack at 0 or uint16( 0 ) == 0x4b50 or 1 of ( $fp* ) ) and ( any of ( $new_php* ) or $php_short at 0 ) and ( any of ( $dynamic* ) ) and ( $gif at 0 or ( ( filesize < 1KB and ( 1 of ( $gen_much_sus* ) ) ) or ( filesize < 2KB and ( ( #weevely1 + #weevely2 + #weevely3 ) > 2 and #weevely4 > 1 ) ) or ( filesize < 4000 and ( 1 of ( $gen_much_sus* ) or 2 of ( $gen_bit_sus* ) ) ) or ( filesize < 20KB and ( 2 of ( $gen_much_sus* ) or 4 of ( $gen_bit_sus* ) ) ) or ( filesize < 50KB and ( 3 of ( $gen_much_sus* ) or 5 of ( $gen_bit_sus* ) ) ) or ( filesize < 100KB and ( 3 of ( $gen_much_sus* ) or 6 of ( $gen_bit_sus* ) ) ) or ( filesize < 160KB and ( 3 of ( $gen_much_sus* ) or 7 of ( $gen_bit_sus* ) or ( math.deviation ( 500 , filesize -500 , 89.0 ) > 70 ) ) ) or ( filesize < 500KB and ( 4 of ( $gen_much_sus* ) or 8 of ( $gen_bit_sus* ) or #gen_much_sus104 > 4 ) ) ) or ( filesize > 2KB and filesize < 1MB and ( ( math.entropy ( 500 , filesize -500 ) >= 5.7 and math.mean ( 500 , filesize -500 ) > 80 and math.deviation ( 500 , filesize -500 , 89.0 ) < 23 ) or ( math.entropy ( 500 , filesize -500 ) >= 7.7 and math.mean ( 500 , filesize -500 ) > 120 and math.mean ( 500 , filesize -500 ) < 136 and math.deviation ( 500 , filesize -500 , 89.0 ) > 65 ) ) ) )
+		not ( uint16( 0 ) == 0x5a4d or uint32be( 0 ) == 0x3c3f786d or uint32be( 0 ) == 0x3c3f584d or $dex1 at 0 or $dex2 at 0 or $pack at 0 or uint16( 0 ) == 0x4b50 or 1 of ( $fp* ) ) and ( any of ( $new_php* ) or $php_short at 0 ) and ( any of ( $dynamic* ) ) and ( $gif at 0 or ( ( filesize < 1KB and ( 1 of ( $gen_much_sus* ) ) ) or ( filesize < 2KB and ( ( #weevely1 + #weevely2 + #weevely3 ) > 2 and #weevely4 > 1 ) ) or ( filesize < 4000 and ( 1 of ( $gen_much_sus* ) or 2 of ( $gen_bit_sus* ) ) ) or ( filesize < 20KB and ( 2 of ( $gen_much_sus* ) or 4 of ( $gen_bit_sus* ) ) ) or ( filesize < 50KB and ( 3 of ( $gen_much_sus* ) or 5 of ( $gen_bit_sus* ) ) ) or ( filesize < 100KB and ( 3 of ( $gen_much_sus* ) or 6 of ( $gen_bit_sus* ) ) ) or ( filesize < 160KB and ( 3 of ( $gen_much_sus* ) or 7 of ( $gen_bit_sus* ) or ( math.deviation ( 500 , filesize -500 , 89.0 ) > 70 ) ) ) or ( filesize < 500KB and ( 4 of ( $gen_much_sus* ) or 8 of ( $gen_bit_sus* ) or #gen_much_sus104 > 4 ) ) ) or ( filesize > 2KB and filesize < 1MB and ( ( math.entropy ( 500 , filesize -500 ) >= 5.7 and math.mean ( 500 , filesize -500 ) > 80 and math.deviation ( 500 , filesize -500 , 89.0 ) < 23 ) or ( math.entropy ( 500 , filesize -500 ) >= 7.7 and math.mean ( 500 , filesize -500 ) > 120 and math.mean ( 500 , filesize -500 ) < 136 and math.deviation ( 500 , filesize -500 , 89.0 ) > 65 ) ) ) )
 }
 
 rule SIGNATURE_BASE_WEBSHELL_PHP_Encoded_Big : FILE
@@ -332886,8 +333382,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Encoded_Big : FILE
 		date = "2021-02-07"
 		modified = "2024-12-16"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L2343-L2429"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L2345-L2431"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1d4b374d284c12db881ba42ee63ebce2759e0b14"
 		hash = "fc0086caee0a2cd20609a05a6253e23b5e3245b8"
 		hash = "b15b073801067429a93e116af1147a21b928b215"
@@ -332895,7 +333391,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Encoded_Big : FILE
 		hash = "042245ee0c54996608ff8f442c8bafb8"
 		logic_hash = "9c995f9c1c5e3a70dbb8170f6d1a2fba51c0f29184a5d3647016b520f4bfc0e3"
 		score = 50
-		quality = -100
+		quality = -75
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -332934,8 +333430,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Backticks : FILE
 		date = "2021-01-07"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L2431-L2479"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L2433-L2481"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "339f32c883f6175233f0d1a30510caa52fdcaa37"
 		hash = "8db86ad90883cd208cf86acd45e67c03f994998804441705d690cb6526614d00"
 		hash = "af987b0eade03672c30c095cee0c7c00b663e4b3c6782615fb7e430e4a7d1d75"
@@ -332944,7 +333440,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Backticks : FILE
 		hash = "8db86ad90883cd208cf86acd45e67c03f994998804441705d690cb6526614d00"
 		logic_hash = "faa064686a5632788497d0300ba017c3e564f3b70f07a01f2e49bf7c934feb28"
 		score = 75
-		quality = 19
+		quality = 44
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -332973,15 +333469,15 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Generic_Backticks_OBFUSC : FILE
 		date = "2021-01-07"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L2481-L2527"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L2483-L2529"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "23dc299f941d98c72bd48659cdb4673f5ba93697"
 		hash = "e3f393a1530a2824125ecdd6ac79d80cfb18fffb89f470d687323fb5dff0eec1"
 		hash = "1e75914336b1013cc30b24d76569542447833416516af0d237c599f95b593f9b"
 		hash = "8db86ad90883cd208cf86acd45e67c03f994998804441705d690cb6526614d00"
 		logic_hash = "34354283762d6f62a4537e914d969f84546339da9be533e209d8738605b7e3ac"
 		score = 75
-		quality = 19
+		quality = 44
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -333008,10 +333504,10 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_By_String_Known_Webshell : FILE
 		author = "Arnim Rupp (https://github.com/ruppde)"
 		id = "05ac0e0a-3a19-5c60-b89a-4a300d8c22e7"
 		date = "2021-01-09"
-		modified = "2023-04-05"
+		modified = "2025-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L2529-L2663"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L2531-L2667"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d889da22893536d5965541c30896f4ed4fdf461d"
 		hash = "10f4988a191774a2c6b85604344535ee610b844c1708602a355cf7e9c12c3605"
 		hash = "7b6471774d14510cf6fa312a496eed72b614f6fc"
@@ -333031,9 +333527,9 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_By_String_Known_Webshell : FILE
 		hash = "15c4e5225ff7811e43506f0e123daee869a8292fc8a38030d165cc3f6a488c95"
 		hash = "0c845a031e06925c22667e101a858131bbeb681d78b5dbf446fdd5bca344d765"
 		hash = "d52128bcfff5e9a121eab3d76382420c3eebbdb33cd0879fbef7c3426e819695"
-		logic_hash = "22b6d58e24748933792c29b63c4f68c08b86c17a2751fbef5b93bc06c8c5341d"
+		logic_hash = "8909bf77b7bacdae092fd7a94099224bf1660a6d341e113412e93f864298851b"
 		score = 70
-		quality = -8
+		quality = 17
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -333104,11 +333600,12 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_By_String_Known_Webshell : FILE
 		$php_new1 = /<\?=[^?]/ wide ascii
 		$php_new2 = "<?php" nocase wide ascii
 		$php_new3 = "<script language=\"php" nocase wide ascii
-		$dex = { 64 65 ( 78 | 79 ) 0a 30 }
+		$dex1 = "dex\n0"
+		$dex2 = "dey\n0"
 		$pack = { 50 41 43 4b 00 00 00 02 00 }
 
 	condition:
-		filesize < 1000KB and ( ( ( $php_short in ( 0 .. 100 ) or $php_short in ( filesize -1000 .. filesize ) ) and not any of ( $no_* ) ) or any of ( $php_new* ) ) and not ( uint16( 0 ) == 0x5a4d or $dex at 0 or $pack at 0 or uint16( 0 ) == 0x4b50 ) and ( any of ( $pbs* ) or $front1 in ( 0 .. 60 ) )
+		filesize < 1000KB and ( ( ( $php_short in ( 0 .. 100 ) or $php_short in ( filesize -1000 .. filesize ) ) and not any of ( $no_* ) ) or any of ( $php_new* ) ) and not ( uint16( 0 ) == 0x5a4d or $dex1 at 0 or $dex2 at 0 or $pack at 0 or uint16( 0 ) == 0x4b50 ) and ( any of ( $pbs* ) or $front1 in ( 0 .. 60 ) )
 }
 rule SIGNATURE_BASE_WEBSHELL_PHP_Strings_SUSP : FILE
 {
@@ -333119,8 +333616,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Strings_SUSP : FILE
 		date = "2021-01-12"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L2665-L2751"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L2669-L2755"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0dd568dbe946b5aa4e1d33eab1decbd71903ea04"
 		hash = "dde2bdcde95730510b22ae8d52e4344997cb1e74"
 		hash = "499db4d70955f7d40cf5cbaf2ecaf7a2"
@@ -333181,8 +333678,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_In_Htaccess : FILE
 		date = "2021-01-07"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L2753-L2775"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L2757-L2779"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c026d4512a32d93899d486c6f11d1e13b058a713"
 		hash = "d79e9b13a32a9e9f3fa36aa1a4baf444bfd2599a"
 		hash = "e1d1091fee6026829e037b2c70c228344955c263"
@@ -333210,14 +333707,14 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Function_Via_Get : FILE
 		date = "2021-01-09"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L2777-L2821"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L2781-L2825"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ce739d65c31b3c7ea94357a38f7bd0dc264da052d4fd93a1eabb257f6e3a97a6"
 		hash = "d870e971511ea3e082662f8e6ec22e8a8443ca79"
 		hash = "73fa97372b3bb829835270a5e20259163ecc3fdbf73ef2a99cb80709ea4572be"
 		logic_hash = "309203db8e7374531d359e3a723418d47bead45034c4a7bd726fb714622dc039"
 		score = 75
-		quality = 58
+		quality = 83
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -333254,8 +333751,8 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Writer : FILE
 		date = "2021-04-17"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L2823-L2913"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L2827-L2917"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ec83d69512aa0cc85584973f5f0850932fb1949fb5fb2b7e6e5bbfb121193637"
 		hash = "407c15f94a33232c64ddf45f194917fabcd2e83cf93f38ee82f9720e2635fa64"
 		hash = "988b125b6727b94ce9a27ea42edc0ce282c5dfeb"
@@ -333263,7 +333760,7 @@ rule SIGNATURE_BASE_WEBSHELL_PHP_Writer : FILE
 		hash = "20281d16838f707c86b1ff1428a293ed6aec0e97"
 		logic_hash = "34bae0c02156d1c9fd24d674443322409eba0a43e094fc6c05df94bbbe15aa64"
 		score = 50
-		quality = 17
+		quality = 42
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -333314,8 +333811,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Writer : FILE
 		date = "2021-03-07"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L2915-L3085"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L2919-L3089"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "df6eaba8d643c49c6f38016531c88332e80af33c"
 		hash = "83642a926291a499916e8c915dacadd0d5a8b91f"
 		hash = "5417fad68a6f7320d227f558bf64657fe3aa9153"
@@ -333403,8 +333900,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_OBFUSC : FILE
 		date = "2021-01-12"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L3087-L3362"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L3091-L3366"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ad597eee256de51ffb36518cd5f0f4aa0f254f27517d28fb7543ae313b15e112"
 		hash = "e0d21fdc16e0010b88d0197ebf619faa4aeca65243f545c18e10859469c1805a"
 		hash = "54a5620d4ea42e41beac08d8b1240b642dd6fd7c"
@@ -333415,7 +333912,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_OBFUSC : FILE
 		hash = "cafc4ede15270ab3f53f007c66e82627a39f4d0f"
 		logic_hash = "96369062f963c3604c05808755fdfca922e5a6da960cb0ee05dee2df72d5d69b"
 		score = 75
-		quality = -142
+		quality = -117
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -333516,15 +334013,15 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic_Eval_On_Input : FILE
 		date = "2021-01-07"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L3364-L3468"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L3368-L3472"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d6b96d844ac395358ee38d4524105d331af42ede"
 		hash = "9be2088d5c3bfad9e8dfa2d7d7ba7834030c7407"
 		hash = "a1df4cfb978567c4d1c353e988915c25c19a0e4a"
 		hash = "069ea990d32fc980939fffdf1aed77384bf7806bc57c0a7faaff33bd1a3447f6"
 		logic_hash = "f7b9f43cf2fd6d08b7438f003242e9a19dcea282959c7a1fdff3a35e261a031e"
 		score = 75
-		quality = -24
+		quality = 1
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -333571,8 +334068,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Nano : FILE
 		date = "2021-01-13"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L3470-L3661"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L3474-L3665"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3b7910a499c603715b083ddb6f881c1a0a3a924d"
 		hash = "990e3f129b8ba409a819705276f8fa845b95dad0"
 		hash = "22345e956bce23304f5e8e356c423cee60b0912c"
@@ -333590,7 +334087,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Nano : FILE
 		hash = "28cfcfe28419a399c606bf96505bc68d6fe05624dba18306993f9fe0d398fbe1"
 		logic_hash = "1b969e098a0b2c86ceba9cbb7f31770ba04f1a4c225716ea27d7e4e4177c90c4"
 		score = 75
-		quality = -142
+		quality = -117
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -333682,8 +334179,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Encoded : FILE
 		date = "2021-03-14"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L3663-L3773"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L3667-L3777"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1bc7327f9d3dbff488e5b0b69a1b39dcb99b3399"
 		hash = "9885ee1952b5ad9f84176c9570ad4f0e32461c92"
 		hash = "27a020c5bc0dbabe889f436271df129627b02196"
@@ -333691,7 +334188,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Encoded : FILE
 		hash = "af40f4c36e3723236c59dc02f28a3efb047d67dd"
 		logic_hash = "dc33423874a49edfe9994db50959e6a55e2d475f4cd7d0b1b0a288c4ee1f7961"
 		score = 75
-		quality = -49
+		quality = -24
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -333741,13 +334238,13 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Encoded_Aspcoding : FILE
 		date = "2021-03-14"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L3775-L3881"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L3779-L3885"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7cfd184ab099c4d60b13457140493b49c8ba61ee"
 		hash = "f5095345ee085318235c11ae5869ae564d636a5342868d0935de7582ba3c7d7a"
 		logic_hash = "a0f0b8585b28b13a90c5d112997cacea00af8c89c81eda5edf05508ad41459ab"
 		score = 60
-		quality = -30
+		quality = -5
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -333795,8 +334292,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_By_String : FILE
 		date = "2021-01-13"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L3883-L4061"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L3887-L4065"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f72252b13d7ded46f0a206f63a1c19a66449f216"
 		hash = "bd75ac9a1d1f6bcb9a2c82b13ea28c0238360b3a7be909b2ed19d3c96e519d3d"
 		hash = "56a54fe1f8023455800fd0740037d806709ffb9ece1eb9e7486ad3c3e3608d45"
@@ -333811,7 +334308,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_By_String : FILE
 		hash = "de173ea8dcef777368089504a4af0804864295b75e51794038a6d70f2bcfc6f5"
 		logic_hash = "b6ff83bc501753b893a0f5e60c6aafa292617279c0855ce3ba2d0b9b73325e8a"
 		score = 75
-		quality = -66
+		quality = -41
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -333915,15 +334412,15 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Sniffer : FILE
 		date = "2021-03-14"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L4063-L4198"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L4067-L4202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1206c22de8d51055a5e3841b4542fb13aa0f97dd"
 		hash = "60d131af1ed23810dbc78f85ee32ffd863f8f0f4"
 		hash = "c3bc4ab8076ef184c526eb7f16e08d41b4cec97e"
 		hash = "ed5938c04f61795834751d44a383f8ca0ceac833"
 		logic_hash = "874ec4c5dff024a899976e46cd553b52c361779a5507cf08ff0de596fd460d41"
 		score = 75
-		quality = -49
+		quality = -24
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -333982,17 +334479,17 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic_Tiny : FILE
 		author = "Arnim Rupp (https://github.com/ruppde)"
 		id = "0904cefb-6e0f-5e5f-9986-cf83d409ce46"
 		date = "2021-01-07"
-		modified = "2023-07-05"
+		modified = "2025-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L4200-L4407"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L4204-L4413"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "990e3f129b8ba409a819705276f8fa845b95dad0"
 		hash = "52ce724580e533da983856c4ebe634336f5fd13a"
 		hash = "0864f040a37c3e1cef0213df273870ed6a61e4bc"
 		hash = "b184dc97b19485f734e3057e67007a16d47b2a62"
-		logic_hash = "62012312876adb97f24ff39af041263d7678a4264374398907b2442731e586d7"
+		logic_hash = "e1b4e9fa88bb4260a83a22ec73c9fbec4d4f4928965cba9dfdd6fdba1307e8e4"
 		score = 75
-		quality = -127
+		quality = -102
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -334036,7 +334533,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic_Tiny : FILE
 		$asp_asp = "<asp:" wide ascii
 		$asp_text1 = ".text" wide ascii
 		$asp_text2 = ".Text" wide ascii
-		$dex = { 64 65 ( 78 | 79 ) 0a 30 }
+		$dex1 = "dex\n0"
+		$dex2 = "dey\n0"
 		$pack = { 50 41 43 4b 00 00 00 02 00 }
 		$asp_payload0 = "eval_r" fullword nocase wide ascii
 		$asp_payload1 = /\beval\s/ nocase wide ascii
@@ -334075,7 +334573,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic_Tiny : FILE
 		$asp_streamwriter2 = "filestream" fullword nocase wide ascii
 
 	condition:
-		(( any of ( $tagasp_long* ) or any of ( $tagasp_classid* ) or ( $tagasp_short1 and $tagasp_short2 in ( filesize -100 .. filesize ) ) or ( $tagasp_short2 and ( $tagasp_short1 in ( 0 .. 1000 ) or $tagasp_short1 in ( filesize -1000 .. filesize ) ) ) ) and not ( ( any of ( $perl* ) or $php1 at 0 or $php2 at 0 ) or ( ( #jsp1 + #jsp2 + #jsp3 ) > 0 and ( #jsp4 + #jsp5 + #jsp6 + #jsp7 ) > 0 ) ) ) and ( any of ( $asp_input* ) or ( $asp_xml_http and any of ( $asp_xml_method* ) ) or ( any of ( $asp_form* ) and any of ( $asp_text* ) and $asp_asp ) ) and not 1 of ( $fp* ) and not ( uint16( 0 ) == 0x5a4d or $dex at 0 or $pack at 0 or uint16( 0 ) == 0x4b50 ) and ( filesize < 700 and ( ( any of ( $asp_payload* ) or all of ( $asp_multi_payload_one* ) or all of ( $asp_multi_payload_two* ) or all of ( $asp_multi_payload_three* ) or all of ( $asp_multi_payload_four* ) or all of ( $asp_multi_payload_five* ) ) or ( any of ( $asp_always_write* ) and ( any of ( $asp_write_way_one* ) and any of ( $asp_cr_write* ) ) or ( any of ( $asp_streamwriter* ) ) ) ) )
+		(( any of ( $tagasp_long* ) or any of ( $tagasp_classid* ) or ( $tagasp_short1 and $tagasp_short2 in ( filesize -100 .. filesize ) ) or ( $tagasp_short2 and ( $tagasp_short1 in ( 0 .. 1000 ) or $tagasp_short1 in ( filesize -1000 .. filesize ) ) ) ) and not ( ( any of ( $perl* ) or $php1 at 0 or $php2 at 0 ) or ( ( #jsp1 + #jsp2 + #jsp3 ) > 0 and ( #jsp4 + #jsp5 + #jsp6 + #jsp7 ) > 0 ) ) ) and ( any of ( $asp_input* ) or ( $asp_xml_http and any of ( $asp_xml_method* ) ) or ( any of ( $asp_form* ) and any of ( $asp_text* ) and $asp_asp ) ) and not 1 of ( $fp* ) and not ( uint16( 0 ) == 0x5a4d or $dex1 at 0 or $dex2 at 0 or $pack at 0 or uint16( 0 ) == 0x4b50 ) and ( filesize < 700 and ( ( any of ( $asp_payload* ) or all of ( $asp_multi_payload_one* ) or all of ( $asp_multi_payload_two* ) or all of ( $asp_multi_payload_three* ) or all of ( $asp_multi_payload_four* ) or all of ( $asp_multi_payload_five* ) ) or ( any of ( $asp_always_write* ) and ( any of ( $asp_write_way_one* ) and any of ( $asp_cr_write* ) ) or ( any of ( $asp_streamwriter* ) ) ) ) )
 }
 rule SIGNATURE_BASE_WEBSHELL_ASP_Generic : FILE
 {
@@ -334084,17 +334582,17 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic : FILE
 		author = "Arnim Rupp (https://github.com/ruppde)"
 		id = "0904cefb-6e0f-5e5f-9986-cf83d409ce46"
 		date = "2021-03-07"
-		modified = "2023-07-05"
+		modified = "2025-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L4409-L4708"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L4415-L4716"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a8c63c418609c1c291b3e731ca85ded4b3e0fba83f3489c21a3199173b176a75"
 		hash = "4cf6fbad0411b7d33e38075f5e00d4c8ae9ce2f6f53967729974d004a183b25c"
 		hash = "a91320483df0178eb3cafea830c1bd94585fc896"
 		hash = "f3398832f697e3db91c3da71a8e775ebf66c7e73"
-		logic_hash = "f3375e8162b0a108887aed95fa67546f324eb8e15faee92c33dc3031688620e0"
+		logic_hash = "c1807922c71cb591ce63ea2d4531d85c5b45ad0f03db07381f8160aec18264ed"
 		score = 60
-		quality = -151
+		quality = -126
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -334184,7 +334682,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic : FILE
 		$jsp6 = "getValue" fullword wide ascii
 		$jsp7 = "getBytes" fullword wide ascii
 		$perl1 = "PerlScript" fullword
-		$dex = { 64 65 ( 78 | 79 ) 0a 30 }
+		$dex1 = "dex\n0"
+		$dex2 = "dey\n0"
 		$pack = { 50 41 43 4b 00 00 00 02 00 }
 		$asp_input1 = "request" fullword nocase wide ascii
 		$asp_input2 = "Page_Load" fullword nocase wide ascii
@@ -334241,7 +334740,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic : FILE
 		$tagasp_capa_classid5 = "0D43FE01-F093-11CF-8940-00A0C9054228" nocase wide ascii
 
 	condition:
-		(( any of ( $tagasp_long* ) or any of ( $tagasp_classid* ) or ( $tagasp_short1 and $tagasp_short2 in ( filesize -100 .. filesize ) ) or ( $tagasp_short2 and ( $tagasp_short1 in ( 0 .. 1000 ) or $tagasp_short1 in ( filesize -1000 .. filesize ) ) ) ) and not ( ( any of ( $perl* ) or $php1 at 0 or $php2 at 0 ) or ( ( #jsp1 + #jsp2 + #jsp3 ) > 0 and ( #jsp4 + #jsp5 + #jsp6 + #jsp7 ) > 0 ) ) ) and not ( uint16( 0 ) == 0x5a4d or $dex at 0 or $pack at 0 or uint16( 0 ) == 0x4b50 ) and ( any of ( $asp_input* ) or ( $asp_xml_http and any of ( $asp_xml_method* ) ) or ( any of ( $asp_form* ) and any of ( $asp_text* ) and $asp_asp ) ) and ( any of ( $asp_payload* ) or all of ( $asp_multi_payload_one* ) or all of ( $asp_multi_payload_two* ) or all of ( $asp_multi_payload_three* ) or all of ( $asp_multi_payload_four* ) or all of ( $asp_multi_payload_five* ) ) and not any of ( $fp* ) and ( ( filesize < 3KB and ( 1 of ( $asp_slightly_sus* ) ) ) or ( filesize < 25KB and ( 1 of ( $asp_much_sus* ) or 1 of ( $asp_gen_sus* ) or ( #asp_gen_obf1 > 2 ) ) ) or ( filesize < 50KB and ( 1 of ( $asp_much_sus* ) or 3 of ( $asp_gen_sus* ) or ( #asp_gen_obf1 > 6 ) ) ) or ( filesize < 150KB and ( 1 of ( $asp_much_sus* ) or 4 of ( $asp_gen_sus* ) or ( #asp_gen_obf1 > 6 ) or ( ( any of ( $asp_always_write* ) and ( any of ( $asp_write_way_one* ) and any of ( $asp_cr_write* ) ) or ( any of ( $asp_streamwriter* ) ) ) and ( 1 of ( $asp_much_sus* ) or 2 of ( $asp_gen_sus* ) or ( #asp_gen_obf1 > 3 ) ) ) ) ) or ( filesize < 100KB and ( any of ( $tagasp_capa_classid* ) ) ) )
+		(( any of ( $tagasp_long* ) or any of ( $tagasp_classid* ) or ( $tagasp_short1 and $tagasp_short2 in ( filesize -100 .. filesize ) ) or ( $tagasp_short2 and ( $tagasp_short1 in ( 0 .. 1000 ) or $tagasp_short1 in ( filesize -1000 .. filesize ) ) ) ) and not ( ( any of ( $perl* ) or $php1 at 0 or $php2 at 0 ) or ( ( #jsp1 + #jsp2 + #jsp3 ) > 0 and ( #jsp4 + #jsp5 + #jsp6 + #jsp7 ) > 0 ) ) ) and not ( uint16( 0 ) == 0x5a4d or $dex1 at 0 or $dex2 at 0 or $pack at 0 or uint16( 0 ) == 0x4b50 ) and ( any of ( $asp_input* ) or ( $asp_xml_http and any of ( $asp_xml_method* ) ) or ( any of ( $asp_form* ) and any of ( $asp_text* ) and $asp_asp ) ) and ( any of ( $asp_payload* ) or all of ( $asp_multi_payload_one* ) or all of ( $asp_multi_payload_two* ) or all of ( $asp_multi_payload_three* ) or all of ( $asp_multi_payload_four* ) or all of ( $asp_multi_payload_five* ) ) and not any of ( $fp* ) and ( ( filesize < 3KB and ( 1 of ( $asp_slightly_sus* ) ) ) or ( filesize < 25KB and ( 1 of ( $asp_much_sus* ) or 1 of ( $asp_gen_sus* ) or ( #asp_gen_obf1 > 2 ) ) ) or ( filesize < 50KB and ( 1 of ( $asp_much_sus* ) or 3 of ( $asp_gen_sus* ) or ( #asp_gen_obf1 > 6 ) ) ) or ( filesize < 150KB and ( 1 of ( $asp_much_sus* ) or 4 of ( $asp_gen_sus* ) or ( #asp_gen_obf1 > 6 ) or ( ( any of ( $asp_always_write* ) and ( any of ( $asp_write_way_one* ) and any of ( $asp_cr_write* ) ) or ( any of ( $asp_streamwriter* ) ) ) and ( 1 of ( $asp_much_sus* ) or 2 of ( $asp_gen_sus* ) or ( #asp_gen_obf1 > 3 ) ) ) ) ) or ( filesize < 100KB and ( any of ( $tagasp_capa_classid* ) ) ) )
 }
 rule SIGNATURE_BASE_WEBSHELL_ASP_Generic_Registry_Reader : FILE
 {
@@ -334252,14 +334751,14 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Generic_Registry_Reader : FILE
 		date = "2021-03-14"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L4710-L4857"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L4718-L4865"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4d53416398a89aef3a39f63338a7c1bf2d3fcda4"
 		hash = "f85cf490d7eb4484b415bea08b7e24742704bdda"
 		hash = "898ebfa1757dcbbecb2afcdab1560d72ae6940de"
 		logic_hash = "515bff52bebaad45481202ff934f8d1cbb79c27ccf47ca811077acacb7a47f13"
 		score = 50
-		quality = -53
+		quality = -28
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -334328,8 +334827,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Regeorg_CSHARP : FILE
 		date = "2021-01-11"
 		modified = "2023-07-05"
 		reference = "https://github.com/sensepost/reGeorg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L4859-L4969"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L4867-L4977"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c1f43b7cf46ba12cfc1357b17e4f5af408740af7ae70572c9cf988ac50260ce1"
 		hash = "479c1e1f1c263abe339de8be99806c733da4e8c1"
 		hash = "38a1f1fc4e30c0b4ad6e7f0e1df5a92a7d05020b"
@@ -334337,7 +334836,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Regeorg_CSHARP : FILE
 		hash = "aea0999c6e5952ec04bf9ee717469250cddf8a6f"
 		logic_hash = "0c68f5955df2e75c3b5b4f1c6398fd57add1f64bfb3d46ccebf1c6767f5d2eb1"
 		score = 75
-		quality = -32
+		quality = -7
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -334388,8 +334887,8 @@ rule SIGNATURE_BASE_WEBSHELL_CSHARP_Generic : FILE
 		date = "2021-01-11"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L4971-L5079"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L4979-L5087"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b6721683aadc4b4eba4f081f2bc6bc57adfc0e378f6d80e2bfa0b1e3e57c85c7"
 		hash = "4b365fc9ddc8b247a12f4648cd5c91ee65e33fae"
 		hash = "019eb61a6b5046502808fb5ab2925be65c0539b4"
@@ -334397,7 +334896,7 @@ rule SIGNATURE_BASE_WEBSHELL_CSHARP_Generic : FILE
 		hash = "a91320483df0178eb3cafea830c1bd94585fc896"
 		logic_hash = "fb367b79c8ed4a61618594db903cf3d70524685d7710d243163958ecb47634aa"
 		score = 75
-		quality = -30
+		quality = -5
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -334447,8 +334946,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Runtime_Compile : FILE
 		date = "2021-01-11"
 		modified = "2023-04-05"
 		reference = "https://github.com/antonioCoco/SharPyShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L5081-L5179"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L5089-L5187"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e826c4139282818d38dcccd35c7ae6857b1d1d01"
 		hash = "e20e078d9fcbb209e3733a06ad21847c5c5f0e52"
 		hash = "57f758137aa3a125e4af809789f3681d1b08ee5b"
@@ -334460,7 +334959,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Runtime_Compile : FILE
 		hash = "8ce4eaf111c66c2e6c08a271d849204832713f8b66aceb5dadc293b818ccca9e"
 		logic_hash = "6699a44e396eedebb3bafa0e89c3b6d080586a158ed056ec7220bdf2ad764444"
 		score = 75
-		quality = -6
+		quality = 19
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -334513,8 +335012,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_SQL : FILE
 		date = "2021-03-14"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L5181-L5362"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L5189-L5370"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "216c1dd950e0718e35bc4834c5abdc2229de3612"
 		hash = "ffe44e9985d381261a6e80f55770833e4b78424bn"
 		hash = "3d7cd32d53abc7f39faed133e0a8f95a09932b64"
@@ -334522,7 +335021,7 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_SQL : FILE
 		hash = "cafc4ede15270ab3f53f007c66e82627a39f4d0f"
 		logic_hash = "c59250065c4be267746f716f922007b638706a76579af6509c8e97d0cee03f33"
 		score = 75
-		quality = -59
+		quality = -34
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -334617,13 +335116,13 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Scan_Writable : FILE
 		date = "2021-03-14"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L5364-L5507"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L5372-L5515"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2409eda9047085baf12e0f1b9d0b357672f7a152"
 		hash = "af1c00696243f8b062a53dad9fb8b773fa1f0395631ffe6c7decc42c47eedee7"
 		logic_hash = "80969fd0c27903dabf08a250a47971725ac5762fd2f9afd96167b8f88f277348"
 		score = 75
-		quality = -89
+		quality = -64
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -334690,8 +335189,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Regeorg : FILE
 		date = "2021-01-24"
 		modified = "2024-12-09"
 		reference = "https://github.com/sensepost/reGeorg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L5509-L5559"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L5517-L5567"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6db49e43722080b5cd5f07e058a073ba5248b584"
 		hash = "650eaa21f4031d7da591ebb68e9fc5ce5c860689"
 		hash = "00c86bf6ce026ccfaac955840d18391fbff5c933"
@@ -334733,8 +335232,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_HTTP_Proxy : FILE
 		date = "2021-01-24"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L5561-L5609"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L5569-L5617"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2f9b647660923c5262636a5344e2665512a947a4"
 		hash = "97c1e2bf7e769d3fc94ae2fc74ac895f669102c6"
 		hash = "2f9b647660923c5262636a5344e2665512a947a4"
@@ -334774,8 +335273,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Writer_Nano : FILE
 		date = "2021-01-24"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L5611-L5692"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L5619-L5700"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ac91e5b9b9dcd373eaa9360a51aa661481ab9429"
 		hash = "c718c885b5d6e29161ee8ea0acadb6e53c556513"
 		hash = "9f1df0249a6a491cdd5df598d83307338daa4c43"
@@ -334826,8 +335325,8 @@ rule SIGNATURE_BASE_EXT_WEBSHELL_JSP_Generic_Tiny : FILE
 		date = "2021-01-07"
 		modified = "2024-12-16"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L5694-L5779"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L5702-L5787"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8fd343db0442136e693e745d7af1018a99b042af"
 		hash = "87c3ac9b75a72187e8bc6c61f50659435dbdc4fde6ed720cebb93881ba5989d8"
 		hash = "1aa6af726137bf261849c05d18d0a630d95530588832aadd5101af28acc034b5"
@@ -334877,14 +335376,14 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic : FILE
 		author = "Arnim Rupp (https://github.com/ruppde)"
 		id = "7535ade8-fc65-5558-a72c-cc14c3306390"
 		date = "2021-01-07"
-		modified = "2024-12-09"
+		modified = "2025-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L5781-L5873"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L5789-L5883"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4762f36ca01fb9cda2ab559623d2206f401fc0b1"
 		hash = "bdaf9279b3d9e07e955d0ce706d9c42e4bdf9aa1"
 		hash = "ee9408eb923f2d16f606a5aaac7e16b009797a07"
-		logic_hash = "8b525fea9a424c3e555e9aa38a587d5936a49022db73094a17cb92fd723074f3"
+		logic_hash = "1a464e222704cfc947ed2f1c027c7871db8ab73e5130a309738afd25c8e614ab"
 		score = 75
 		quality = -24
 		tags = "FILE"
@@ -334903,7 +335402,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic : FILE
 		$susp8 = /\\u00\d\d\\u00\d\d\\u00\d\d\\u00\d\d/ ascii wide
 		$susp9 = "*/\\u00" ascii wide
 		$fp1 = "command = \"cmd.exe /c set\";"
-		$dex = { 64 65 ( 78 | 79 ) 0a 30 }
+		$dex1 = "dex\n0"
+		$dex2 = "dey\n0"
 		$pack = { 50 41 43 4b 00 00 00 02 00 }
 		$cjsp_short1 = "<%" ascii wide
 		$cjsp_short2 = "%>" wide ascii
@@ -334928,7 +335428,7 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic : FILE
 		$rt_payload3 = "exec" fullword ascii wide
 
 	condition:
-		filesize < 300KB and not ( uint16( 0 ) == 0x5a4d or $dex at 0 or $pack at 0 or uint16( 0 ) == 0x4b50 ) and ( $cjsp_short1 at 0 or any of ( $cjsp_long* ) or ( $cjsp_short1 and $cjsp_short2 in ( filesize -100 .. filesize ) ) or ( $cjsp_short2 and ( $cjsp_short1 in ( 0 .. 1000 ) or $cjsp_short1 in ( filesize -1000 .. filesize ) ) ) ) and ( any of ( $input* ) and any of ( $req* ) ) and ( 1 of ( $payload* ) or all of ( $rt_payload* ) ) and not any of ( $fp* ) and any of ( $susp* )
+		filesize < 300KB and not ( uint16( 0 ) == 0x5a4d or $dex1 at 0 or $dex2 at 0 or $pack at 0 or uint16( 0 ) == 0x4b50 ) and ( $cjsp_short1 at 0 or any of ( $cjsp_long* ) or ( $cjsp_short1 and $cjsp_short2 in ( filesize -100 .. filesize ) ) or ( $cjsp_short2 and ( $cjsp_short1 in ( 0 .. 1000 ) or $cjsp_short1 in ( filesize -1000 .. filesize ) ) ) ) and ( any of ( $input* ) and any of ( $req* ) ) and ( 1 of ( $payload* ) or all of ( $rt_payload* ) ) and not any of ( $fp* ) and any of ( $susp* )
 }
 rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Base64 : FILE
 {
@@ -334937,13 +335437,13 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Base64 : FILE
 		author = "Arnim Rupp (https://github.com/ruppde)"
 		id = "2eabbad2-7d10-573a-9120-b9b763fa2352"
 		date = "2021-01-24"
-		modified = "2024-12-09"
+		modified = "2025-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L5875-L5950"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L5885-L5962"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8b5fe53f8833df3657ae2eeafb4fd101c05f0db0"
 		hash = "1b916afdd415dfa4e77cecf47321fd676ba2184d"
-		logic_hash = "fc05f90bec7ec97e6369481a0d25bc12772cba15d3ec9bac2944571b4b5c927f"
+		logic_hash = "1787b7c6e587e1745930faaac5d28338a86baf6abc19be7c0ffe875029ff6ca1"
 		score = 75
 		quality = 48
 		tags = "FILE"
@@ -334978,11 +335478,12 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Base64 : FILE
 		$cjsp_long5 = "<%@ " nocase ascii wide
 		$cjsp_long6 = "<% " ascii wide
 		$cjsp_long7 = "< %" ascii wide
-		$dex = { 64 65 ( 78 | 79 ) 0a 30 }
+		$dex1 = "dex\n0"
+		$dex2 = "dey\n0"
 		$pack = { 50 41 43 4b 00 00 00 02 00 }
 
 	condition:
-		($cjsp_short1 at 0 or any of ( $cjsp_long* ) or ( $cjsp_short1 and $cjsp_short2 in ( filesize -100 .. filesize ) ) or ( $cjsp_short2 and ( $cjsp_short1 in ( 0 .. 1000 ) or $cjsp_short1 in ( filesize -1000 .. filesize ) ) ) ) and not ( uint16( 0 ) == 0x5a4d or $dex at 0 or $pack at 0 or uint16( 0 ) == 0x4b50 ) and filesize < 300KB and ( any of ( $one* ) and any of ( $two* ) or any of ( $three* ) )
+		($cjsp_short1 at 0 or any of ( $cjsp_long* ) or ( $cjsp_short1 and $cjsp_short2 in ( filesize -100 .. filesize ) ) or ( $cjsp_short2 and ( $cjsp_short1 in ( 0 .. 1000 ) or $cjsp_short1 in ( filesize -1000 .. filesize ) ) ) ) and not ( uint16( 0 ) == 0x5a4d or $dex1 at 0 or $dex2 at 0 or $pack at 0 or uint16( 0 ) == 0x4b50 ) and filesize < 300KB and ( any of ( $one* ) and any of ( $two* ) or any of ( $three* ) )
 }
 rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Processbuilder : FILE
 {
@@ -334993,8 +335494,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Processbuilder : FILE
 		date = "2021-01-07"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L5952-L5989"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L5964-L6001"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "82198670ac2072cd5c2853d59dcd0f8dfcc28923"
 		hash = "c05a520d96e4ebf9eb5c73fc0fa446ceb5caf343"
 		hash = "347a55c174ee39ec912d9107e971d740f3208d53af43ea480f502d177106bbe8"
@@ -335030,13 +335531,13 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Reflection : FILE
 		date = "2021-01-07"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L5991-L6073"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L6003-L6085"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "62e6c6065b5ca45819c1fc049518c81d7d165744"
 		hash = "bf0ff88cbb72c719a291c722ae3115b91748d5c4920afe7a00a0d921d562e188"
 		logic_hash = "386aeb3745c5dd815f00bbc941450a2c3f1ddfc2956c67ecd5bee9318b1756ef"
 		score = 75
-		quality = -25
+		quality = 0
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -335077,8 +335578,8 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Classloader : FILE
 		date = "2021-01-07"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L6075-L6152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L6087-L6164"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6b546e78cc7821b63192bb8e087c133e8702a377d17baaeb64b13f0dd61e2347"
 		hash = "f3a7e28e1c38fa5d37811bdda1d6b0893ab876023d3bd696747a35c04141dcf0"
 		hash = "8ea2a25344e6094fa82dfc097bbec5f1675f6058f2b7560deb4390bcbce5a0e7"
@@ -335087,7 +335588,7 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Classloader : FILE
 		hash = "8e544a5f0c242d1f7be503e045738369405d39731fcd553a38b568e0889af1f2"
 		logic_hash = "109c0063f4e8db6172fd872b3b93d4f069234f28bbf033fbd2c5f135051df77e"
 		score = 75
-		quality = -25
+		quality = 0
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -335124,14 +335625,14 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Generic_Encoded_Shell : FILE
 		date = "2021-01-07"
 		modified = "2023-07-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L6154-L6180"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L6166-L6192"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3eecc354390d60878afaa67a20b0802ce5805f3a9bb34e74dd8c363e3ca0ea5c"
 		hash = "f6c2112e3a25ec610b517ff481675b2ce893cb9f"
 		hash = "62e6c6065b5ca45819c1fc049518c81d7d165744"
 		logic_hash = "74f45478e5bd7bb300e4ec493c2d3ef9a26340a141c3512a722618b3a3731500"
 		score = 75
-		quality = 58
+		quality = 83
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -335157,13 +335658,13 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Netspy : FILE
 		date = "2021-01-24"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L6182-L6248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L6194-L6260"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "94d1aaabde8ff9b4b8f394dc68caebf981c86587"
 		hash = "3870b31f26975a7cb424eab6521fc9bffc2af580"
 		logic_hash = "65432e42ad2626b62b1d1a6298c301513c2fb03d89193a77b053069cebcb45e9"
 		score = 75
-		quality = -24
+		quality = 1
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -335206,10 +335707,10 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_By_String : FILE
 		author = "Arnim Rupp (https://github.com/ruppde)"
 		id = "8d64e40b-5583-5887-afe1-b926d9880913"
 		date = "2021-01-09"
-		modified = "2024-12-09"
+		modified = "2025-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L6250-L6347"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L6262-L6361"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e9060aa2caf96be49e3b6f490d08b8a996c4b084"
 		hash = "4c2464503237beba54f66f4a099e7e75028707aa"
 		hash = "06b42d4707e7326aff402ecbb585884863c6351a"
@@ -335218,9 +335719,9 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_By_String : FILE
 		hash = "f1d8360dc92544cce301949e23aad6eb49049bacf9b7f54c24f89f7f02d214bb"
 		hash = "1d1f26b1925a9d0caca3fdd8116629bbcf69f37f751a532b7096a1e37f4f0076"
 		hash = "850f998753fde301d7c688b4eca784a045130039512cf51292fcb678187c560b"
-		logic_hash = "794013918e7dbd48d658bb9ec0c7d458905d7263320d89b17d2b144e53f9258b"
+		logic_hash = "ab8d8df32ab745d8dd02d63d89264df2fbc0087daf6b4f91900ad03ab6e7949e"
 		score = 75
-		quality = -6
+		quality = 19
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -335259,11 +335760,12 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_By_String : FILE
 		$cjsp_long5 = "<%@ " nocase ascii wide
 		$cjsp_long6 = "<% " ascii wide
 		$cjsp_long7 = "< %" ascii wide
-		$dex = { 64 65 ( 78 | 79 ) 0a 30 }
+		$dex1 = "dex\n0"
+		$dex2 = "dey\n0"
 		$pack = { 50 41 43 4b 00 00 00 02 00 }
 
 	condition:
-		not ( uint16( 0 ) == 0x5a4d or $dex at 0 or $pack at 0 or uint16( 0 ) == 0x4b50 ) and ( ( filesize < 100KB and ( $cjsp_short1 at 0 or any of ( $cjsp_long* ) or ( $cjsp_short1 and $cjsp_short2 in ( filesize -100 .. filesize ) ) or ( $cjsp_short2 and ( $cjsp_short1 in ( 0 .. 1000 ) or $cjsp_short1 in ( filesize -1000 .. filesize ) ) ) ) and any of ( $jstring* ) ) or ( filesize < 500KB and ( #jstring21 > 20 or $jstring18 or $jstring19 or $jstring20 ) ) )
+		not ( uint16( 0 ) == 0x5a4d or $dex1 at 0 or $dex2 at 0 or $pack at 0 or uint16( 0 ) == 0x4b50 ) and ( ( filesize < 100KB and ( $cjsp_short1 at 0 or any of ( $cjsp_long* ) or ( $cjsp_short1 and $cjsp_short2 in ( filesize -100 .. filesize ) ) or ( $cjsp_short2 and ( $cjsp_short1 in ( 0 .. 1000 ) or $cjsp_short1 in ( filesize -1000 .. filesize ) ) ) ) and any of ( $jstring* ) ) or ( filesize < 500KB and ( #jstring21 > 20 or $jstring18 or $jstring19 or $jstring20 ) ) )
 }
 rule SIGNATURE_BASE_WEBSHELL_JSP_Input_Upload_Write : FILE
 {
@@ -335274,14 +335776,14 @@ rule SIGNATURE_BASE_WEBSHELL_JSP_Input_Upload_Write : FILE
 		date = "2021-01-24"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L6349-L6409"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L6363-L6423"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ef98ca135dfb9dcdd2f730b18e883adf50c4ab82"
 		hash = "583231786bc1d0ecca7d8d2b083804736a3f0a32"
 		hash = "19eca79163259d80375ebebbc440b9545163e6a3"
 		logic_hash = "33b08a6118134819ec72a2eab0daf723c25c8869e0fa8a83f690b93e2667d15c"
 		score = 75
-		quality = 21
+		quality = 46
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -335319,8 +335821,8 @@ rule SIGNATURE_BASE_WEBSHELL_Generic_OS_Strings : FILE
 		date = "2021-01-12"
 		modified = "2024-12-09"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L6411-L6580"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L6425-L6594"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d5bfe40283a28917fcda0cefd2af301f9a7ecdad"
 		hash = "fd45a72bda0a38d5ad81371d68d206035cb71a14"
 		hash = "b4544b119f919d8cbf40ca2c4a7ab5c1a4da73a3"
@@ -335329,7 +335831,7 @@ rule SIGNATURE_BASE_WEBSHELL_Generic_OS_Strings : FILE
 		hash = "0353ae68b12b8f6b74794d3273967b530d0d526f"
 		logic_hash = "10b956cac601c97d1483d35a7730d7178c4175800b4e4c9ed62ad583d3cac3d7"
 		score = 50
-		quality = -123
+		quality = -98
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -335400,14 +335902,14 @@ rule SIGNATURE_BASE_WEBSHELL_In_Image : FILE
 		date = "2021-02-27"
 		modified = "2024-03-11"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L6582-L6842"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L6596-L6856"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d4fde4e691db3e70a6320e78657480e563a9f87935af873a99db72d6a9a83c78"
 		hash = "84938133ee6e139a2816ab1afc1c83f27243c8ae76746ceb2e7f20649b5b16a4"
 		hash = "52b918a64afc55d28cd491de451bb89c57bce424f8696d6a94ec31fb99b17c11"
 		logic_hash = "e7e78107c661aa5124a37b8e492986e5a3da63c79c97c4dc3199e648a5aa4aa8"
 		score = 55
-		quality = -192
+		quality = -167
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 		importance = 70
@@ -335529,8 +336031,8 @@ rule SIGNATURE_BASE_WEBSHELL_Mixed_OBFUSC : FILE
 		date = "2023-01-28"
 		modified = "2023-04-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L6844-L6868"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L6858-L6882"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "76cc6390cbdb81055c72edb124db2bf52e3d0b975406367a9c49a0ee6621d30b"
 		score = 50
 		quality = 85
@@ -335563,8 +336065,8 @@ rule SIGNATURE_BASE_WEBSHELL_Cookie_Post_Obfuscation : FILE
 		date = "2023-01-28"
 		modified = "2023-04-05"
 		reference = "https://github.com/SigmaHQ/Detection-Rule-License/blob/main/LICENSE.Detection.Rules.md"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_webshells.yar#L6870-L6896"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_webshells.yar#L6884-L6910"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d08a00e56feb78b7f6599bad6b9b1d8626ce9a6ea1dfdc038358f4c74e6f65c9"
 		hash = "2ce5c4d31682a5a59b665905a6f698c280451117e4aa3aee11523472688edb31"
 		hash = "ff732d91a93dfd1612aed24bbb4d13edb0ab224d874f622943aaeeed4356c662"
@@ -335598,8 +336100,8 @@ rule SIGNATURE_BASE_MAL_Neshta_Generic : HIGHVOL FILE
 		date = "2018-01-15"
 		modified = "2021-04-14"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_netsha.yar#L3-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_netsha.yar#L3-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "acac6f81900c60a0aacea6345a7c03a0b77dd86d5ca7ca3d102668c49595bb6b"
 		score = 75
 		quality = 85
@@ -335632,8 +336134,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Powerup : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_toolkit.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_toolkit.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "64562c623de89df59d15db48990c25886c67b79ac9341cf8f21ef372057ccd85"
 		score = 80
 		quality = 85
@@ -335663,8 +336165,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Inveigh_Bruteforce : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_toolkit.yar#L33-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_toolkit.yar#L33-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b23b6ad66e054e435415464262004ead6e7ee121185d76c02110506293b3867b"
 		score = 80
 		quality = 85
@@ -335689,8 +336191,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Invoke_Shellcode : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_toolkit.yar#L51-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_toolkit.yar#L51-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "03e9a8c5e45781d73fd13c331d82802a18e4255b506e896019d6f08c5a67dedf"
 		score = 80
 		quality = 85
@@ -335717,8 +336219,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Invoke_Mimikatz : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_toolkit.yar#L71-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_toolkit.yar#L71-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0bca6245befb5183f6a45406823c45267b0a31fb0d4505606b98025f6494f2cc"
 		score = 80
 		quality = 85
@@ -335746,8 +336248,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Invoke_Relfectivepeinjection : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_toolkit.yar#L92-L111"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_toolkit.yar#L92-L111"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "910b8b1dbc7306369f90eae0dfd5949347b2c41fa0eb5f590aed8e90e8db199a"
 		score = 80
 		quality = 85
@@ -335775,8 +336277,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Persistence : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_toolkit.yar#L113-L134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_toolkit.yar#L113-L134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bfe6b20fb712fcf7b45d0ef80075bc9a254867d2251109f377a378f887b38494"
 		score = 80
 		quality = 85
@@ -335806,8 +336308,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Invoke_Mimikatz_Relfectivepeinjection : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_toolkit.yar#L136-L162"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_toolkit.yar#L136-L162"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "220597cb76c189adc33a9ac740c8164b52743f61523898aefb7a74206b23b76b"
 		score = 80
 		quality = 85
@@ -335842,8 +336344,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Inveigh_Bruteforce_2 : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_toolkit.yar#L164-L181"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_toolkit.yar#L164-L181"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5c035898a9574e2516cbc66efcf57f7380fd979c4a5099f8a0a190ad21af32c0"
 		score = 80
 		quality = 85
@@ -335869,8 +336371,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Powerup_2 : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_toolkit.yar#L183-L202"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_toolkit.yar#L183-L202"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8cbd86f103d8b49e72787cbb85fc97e6a02d5332039ce29359cb673c273760b7"
 		score = 80
 		quality = 85
@@ -335898,8 +336400,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Persistence_2 : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_toolkit.yar#L204-L226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_toolkit.yar#L204-L226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "47d1c3593edeba02e1c08cc53b4ba3d375b73dd04816b84e807e28be2bcf917e"
 		score = 80
 		quality = 85
@@ -335930,8 +336432,8 @@ rule SIGNATURE_BASE_Ps1_Toolkit_Inveigh_Bruteforce_3 : FILE
 		date = "2016-09-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/vysec/ps1-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_toolkit.yar#L228-L248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_toolkit.yar#L228-L248"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "09afe669e90bd73318a9f9f68fda362451f6611f8585de67176c5dc43f05f937"
 		score = 80
 		quality = 85
@@ -335960,8 +336462,8 @@ rule SIGNATURE_BASE_Servantshell : FILE
 		date = "2017-02-02"
 		modified = "2023-12-05"
 		reference = "https://tinyurl.com/jmp7nrs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_servantshell.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_servantshell.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "739057dc95831c9ed35981b40c606ecd0b3fd2118b42ed7c09e200dc0bc395db"
 		score = 70
 		quality = 85
@@ -335986,8 +336488,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwareqwerty_20121
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_querty_fiveeyes.yar#L3-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_querty_fiveeyes.yar#L3-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8263fb58350f3b1d3c4220a602421232d5e40726"
 		logic_hash = "e2660abf4959bc57bcf9d95d974cd20718d5d27f371109cb4526cee208544530"
 		score = 75
@@ -336020,8 +336522,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwaresig_20123_Sys
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_querty_fiveeyes.yar#L28-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_querty_fiveeyes.yar#L28-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a0f0087bd1f8234d5e847363d7e15be8a3e6f099"
 		logic_hash = "881af0e2ff8fad2bca2ae05ad63b5185356181685daafa7a1b9992a1de017c9e"
 		score = 75
@@ -336048,8 +336550,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwaresig_20123_Cmddef
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_querty_fiveeyes.yar#L47-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_querty_fiveeyes.yar#L47-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7b08fc77629f6caaf8cc4bb5f91be6b53e19a3cd"
 		logic_hash = "84776764caa79ad68f2dd0d2f890821c75f2efba7c46d674110ba870a40a372a"
 		score = 75
@@ -336092,8 +336594,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwaresig_20121_Dll
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_querty_fiveeyes.yar#L82-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_querty_fiveeyes.yar#L82-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "89504d91c5539a366e153894c1bc17277116342b"
 		logic_hash = "e735a7c26652cbf2bccac80a14568a3582b254ae25e2db56a46c09a714650611"
 		score = 75
@@ -336117,8 +336619,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwareqwerty_20123
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_querty_fiveeyes.yar#L97-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_querty_fiveeyes.yar#L97-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "edc7228b2e27df9e7ff9286bddbf4e46adb51ed9"
 		logic_hash = "918462399af78b16a8214ceb1d39db554e3136efd4bc643353f0727e4a162516"
 		score = 75
@@ -336152,8 +336654,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwaresig_20120_Dll
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_querty_fiveeyes.yar#L123-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_querty_fiveeyes.yar#L123-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6811bfa3b8cda5147440918f83c40237183dbd25"
 		logic_hash = "fc3aac33c84d3b4a981c2d1a9358c54dc5ceca2017dbf2e2a51e1b6970b90796"
 		score = 75
@@ -336196,8 +336698,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwaresig_20120_Cmddef
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_querty_fiveeyes.yar#L158-L191"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_querty_fiveeyes.yar#L158-L191"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cda9ceaf0a39d6b8211ce96307302a53dfbd71ea"
 		logic_hash = "9c336a09adb5fdf3149e5d0ad716cb854f95effa4ce4dfe3e75f43031e4903ff"
 		score = 75
@@ -336240,8 +336742,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwareqwerty_20120
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_querty_fiveeyes.yar#L193-L216"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_querty_fiveeyes.yar#L193-L216"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "597082f05bfd3225587d480c30f54a7a1326a892"
 		logic_hash = "7d2617e0ee41ea475608757594cba8ae93f2dbb09b5d01d1fa3324b32ebb8aa0"
 		score = 75
@@ -336274,8 +336776,8 @@ rule SIGNATURE_BASE_Fiveeyes_QUERTY_Malwaresig_20121_Cmddef
 		date = "2015-01-18"
 		modified = "2023-12-05"
 		reference = "http://www.spiegel.de/media/media-35668.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_querty_fiveeyes.yar#L218-L251"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_querty_fiveeyes.yar#L218-L251"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "64ac06aa4e8d93ea6063eade7ce9687b1d035907"
 		logic_hash = "d73f0e964bd57ed3a2cd782ac204a2b82a9b334e33d64dc61e6414654d7c38d3"
 		score = 75
@@ -336318,8 +336820,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_1 : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/AW9Cuu"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dubnium.yar#L10-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dubnium.yar#L10-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "94763f42dacbeede9a72c3ecc222164a5808bd74c5d2d783c76831221a9c30c8"
 		score = 75
 		quality = 85
@@ -336343,8 +336845,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_2 : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/AW9Cuu"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dubnium.yar#L26-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dubnium.yar#L26-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5b633a7e002609fa78b0de8fb818af1b47fbe77497d161b6b41602fb34780ca8"
 		score = 75
 		quality = 85
@@ -336368,8 +336870,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_3 : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/AW9Cuu"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dubnium.yar#L42-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dubnium.yar#L42-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "851efb71cd80040fdd13d9961d1e0084421c783afc43417ff1ac3ed023a73ae1"
 		score = 75
 		quality = 85
@@ -336399,8 +336901,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_5 : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/AW9Cuu"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dubnium.yar#L64-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dubnium.yar#L64-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0f84f502ba9a4fe304851badfa98d9e8500cdef472d4358cfd327365ac04dda3"
 		score = 75
 		quality = 85
@@ -336433,8 +336935,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_6 : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/AW9Cuu"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dubnium.yar#L89-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dubnium.yar#L89-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3425734b3259ebd5390cf16d2e394a4cc735dc3fc9fcc627b46bcc77729e465e"
 		score = 75
 		quality = 85
@@ -336462,8 +336964,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_7 : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/AW9Cuu"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dubnium.yar#L109-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dubnium.yar#L109-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "76cf4acee025fcae1dec975a124f4bf808f1f09f99f7fa6a4e965febd6a89e3a"
 		score = 75
 		quality = 85
@@ -336495,8 +336997,8 @@ rule SIGNATURE_BASE_Dubnium_Sample_Sshopenssl : FILE
 		date = "2016-06-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/AW9Cuu"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_dubnium.yar#L133-L152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_dubnium.yar#L133-L152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5cad6b0785e8c9627f1b9678dc6206cf36cd33ead2283f77655fdb0ea36249e9"
 		score = 75
 		quality = 85
@@ -336525,8 +337027,8 @@ rule SIGNATURE_BASE_Crime_H2Miner_Kinsing : FILE
 		date = "2020-06-09"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_h2miner_kinsing.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_h2miner_kinsing.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8795f01f4ce85ca37a4e4667a4ee9756dae6af42884cf79830877a5c35a3bd3b"
 		score = 75
 		quality = 85
@@ -336555,8 +337057,8 @@ rule SIGNATURE_BASE_APT_Backdoor_Win_GORAT_3_1 : FILE
 		date = "2025-02-12"
 		modified = "2025-02-12"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_fireeye_redteam_tools.yar#L47-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_fireeye_redteam_tools.yar#L47-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "995120b35db9d2f36d7d0ae0bfc9c10d"
 		logic_hash = "4fda951281b3d711e50c24f543b528b93295a119af39245b4bece77f641bbf2b"
 		score = 75
@@ -336602,8 +337104,8 @@ rule SIGNATURE_BASE_Credtheft_MSIL_Adpasshunt_2_1 : FILE
 		date = "2025-02-12"
 		modified = "2025-02-12"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_fireeye_redteam_tools.yar#L845-L861"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_fireeye_redteam_tools.yar#L845-L861"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6efb58cf54d1bb45c057efcfbbd68a93"
 		logic_hash = "a76faa34a1f9cc891aeaa65525c8698e49d5a141854ca0cffb42f06a251bea43"
 		score = 50
@@ -336630,8 +337132,8 @@ rule SIGNATURE_BASE_APT_Backdoor_Win_Gorat_Memory_1
 		date = "2025-02-12"
 		modified = "2025-02-12"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_fireeye_redteam_tools.yar#L1013-L1039"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_fireeye_redteam_tools.yar#L1013-L1039"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3b926b5762e13ceec7ac3a61e85c93bb"
 		logic_hash = "bf8d80b7a7d35c1bcb353ff66d10bc95c2e6502043acc6554887465a467cdcf7"
 		score = 75
@@ -336664,8 +337166,8 @@ rule SIGNATURE_BASE_Hacktool_MSIL_Sharpivot_3_1 : FILE
 		date = "2025-02-12"
 		modified = "2025-02-12"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_fireeye_redteam_tools.yar#L1145-L1174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_fireeye_redteam_tools.yar#L1145-L1174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e4efa759d425e2f26fbc29943a30f5bd"
 		logic_hash = "f51ac9637f47a98beee1b3c37b594e292aab0e1d3f9e49c41b1f3c3ce02e17de"
 		score = 75
@@ -336704,8 +337206,8 @@ rule SIGNATURE_BASE_Hacktool_MSIL_SEATBELT_1_1 : FILE
 		date = "2020-12-08"
 		modified = "2023-01-27"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_fireeye_redteam_tools.yar#L1210-L1233"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_fireeye_redteam_tools.yar#L1210-L1233"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "848837b83865f3854801be1f25cb9f4d"
 		logic_hash = "89275ec08b75cef371b70fb749cbcada3f30309869094ab7940811fe40f8a008"
 		score = 75
@@ -336736,8 +337238,8 @@ rule SIGNATURE_BASE_APT_Builder_PY_REDFLARE_2_1
 		date = "2020-12-01"
 		modified = "2020-12-01"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_fireeye_redteam_tools.yar#L1376-L1391"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_fireeye_redteam_tools.yar#L1376-L1391"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4410e95de247d7f1ab649aa640ee86fb"
 		logic_hash = "0f28fb23c0c1d589466c7c541c8dc588b038d02dded0c66c4a448d1f768c95c5"
 		score = 75
@@ -336761,8 +337263,8 @@ rule SIGNATURE_BASE_APT_Backdoor_Win_GORAT_2_1 : FILE
 		date = "2025-02-12"
 		modified = "2025-02-12"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_fireeye_redteam_tools.yar#L1453-L1484"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_fireeye_redteam_tools.yar#L1453-L1484"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f59095f0ab15f26a1ead7eed8cdb4902"
 		logic_hash = "45c83e0d39184abcbc0ccc5804ab745b4feec1fad424a543a05754e5b4cca311"
 		score = 75
@@ -336804,8 +337306,8 @@ rule SIGNATURE_BASE_APT_Backdoor_Win_GORAT_4_1 : FILE
 		date = "2025-02-12"
 		modified = "2025-02-12"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_fireeye_redteam_tools.yar#L1706-L1716"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_fireeye_redteam_tools.yar#L1706-L1716"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f59095f0ab15f26a1ead7eed8cdb4902"
 		logic_hash = "fa76e994beb2ab1b7950cf9d6391adf4e1ba45586a14a6340fa8a25a904821e4"
 		score = 75
@@ -336824,8 +337326,8 @@ rule SIGNATURE_BASE_Hacktool_MSIL_PXELOOT_2_1 : FILE
 		date = "2020-12-08"
 		modified = "2023-01-27"
 		reference = "https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_fireeye_redteam_tools.yar#L2088-L2113"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_fireeye_redteam_tools.yar#L2088-L2113"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d93100fe60c342e9e3b13150fd91c7d8"
 		logic_hash = "f9a9167b806e0e3df3720c13b4009e18c5a36913d255978cb001c2284533ea82"
 		score = 75
@@ -336859,8 +337361,8 @@ rule SIGNATURE_BASE_Golddragon_Malware_Feb18_1 : FILE
 		date = "2018-02-03"
 		modified = "2023-12-05"
 		reference = "https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_golddragon.yar#L13-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_golddragon.yar#L13-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "873cf7aa18027615fe8c44140879811254229a238f7d426144fb7c1a6e07ea74"
 		score = 90
 		quality = 85
@@ -336879,8 +337381,8 @@ rule SIGNATURE_BASE_Golddragon_Aux_File : FILE
 		date = "2018-02-03"
 		modified = "2023-12-05"
 		reference = "https://securingtomorrow.mcafee.com/mcafee-labs/gold-dragon-widens-olympics-malware-attacks-gains-permanent-presence-on-victims-systems/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_golddragon.yar#L31-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_golddragon.yar#L31-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4c5eb04cdafe3a69e584c64b833d8c6d21890660e92cc050bb29798dbcdf5326"
 		score = 90
 		quality = 85
@@ -336903,8 +337405,8 @@ rule SIGNATURE_BASE_Golddragon_Ghost419_RAT : FILE
 		date = "2018-02-03"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/rW1yvZ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_golddragon.yar#L46-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_golddragon.yar#L46-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b953c5e21c332add4ff3b8fef9d623904eb929b0e7fc86e6c7109cd81bc3819b"
 		score = 75
 		quality = 85
@@ -336949,8 +337451,8 @@ rule SIGNATURE_BASE_Golddragon_Runningrat : FILE
 		date = "2018-02-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/rW1yvZ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_golddragon.yar#L88-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_golddragon.yar#L88-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "02b0ac613bb01cb5bbe947661880070790bbb7c6ba9925e70bc200df34747a0b"
 		score = 75
 		quality = 85
@@ -336992,8 +337494,8 @@ rule SIGNATURE_BASE_Golddragon_Runnignrat : FILE
 		date = "2018-02-03"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/rW1yvZ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_golddragon.yar#L130-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_golddragon.yar#L130-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5bcc2ebbd54c31cf418430149eb558e8e26355161d0b53f403e7dfd2e1707baa"
 		score = 75
 		quality = 85
@@ -337025,8 +337527,8 @@ rule SIGNATURE_BASE_APT_MAL_Revil_Kaseya_Jul21_1 : FILE
 		date = "2021-07-02"
 		modified = "2023-12-05"
 		reference = "https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_revil_general.yar#L3-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_revil_general.yar#L3-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a7f9fa8f8e8a3a25728aa6a334924e0b4075f3422df6b92a2f544bb0ebb6bfad"
 		score = 75
 		quality = 85
@@ -337057,8 +337559,8 @@ rule SIGNATURE_BASE_APT_MAL_Revil_Kaseya_Jul21_2 : FILE
 		date = "2021-07-02"
 		modified = "2023-12-05"
 		reference = "https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_revil_general.yar#L32-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_revil_general.yar#L32-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "44948d93c71370a9976f22bf78cd1af80359f2c9804ea7995791109785cfaf84"
 		score = 75
 		quality = 85
@@ -337091,8 +337593,8 @@ rule SIGNATURE_BASE_Rombertik_Carbongrabber : FILE
 		date = "2015-05-05"
 		modified = "2023-12-05"
 		reference = "http://blogs.cisco.com/security/talos/rombertik"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_rombertik_carbongrabber.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_rombertik_carbongrabber.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ddc3ebcc460909a4afc9994cae53c9b7642f92ab6f16e2653f6b2d5002a33cda"
 		score = 75
 		quality = 85
@@ -337123,8 +337625,8 @@ rule SIGNATURE_BASE_Rombertik_Carbongrabber_Panel_Installscript : FILE
 		date = "2015-05-05"
 		modified = "2023-12-05"
 		reference = "http://blogs.cisco.com/security/talos/rombertik"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_rombertik_carbongrabber.yar#L33-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_rombertik_carbongrabber.yar#L33-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cd6c152dd1e0689e0bede30a8bd07fef465fbcfa"
 		logic_hash = "a0edc53aea21bc317f510a4a463ca677d9dc1ec234ca9824bc46711c851f2ccc"
 		score = 75
@@ -337154,8 +337656,8 @@ rule SIGNATURE_BASE_Rombertik_Carbongrabber_Panel : FILE
 		date = "2015-05-05"
 		modified = "2023-12-05"
 		reference = "http://blogs.cisco.com/security/talos/rombertik"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_rombertik_carbongrabber.yar#L55-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_rombertik_carbongrabber.yar#L55-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e6e9e4fc3772ff33bbeeda51f217e9149db60082"
 		logic_hash = "8b7fde3c3894b7aa83e05f6a1b820195276f8738fde218485c0465afaed88427"
 		score = 75
@@ -337183,8 +337685,8 @@ rule SIGNATURE_BASE_Rombertik_Carbongrabber_Builder : FILE
 		date = "2015-05-05"
 		modified = "2023-12-05"
 		reference = "http://blogs.cisco.com/security/talos/rombertik"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_rombertik_carbongrabber.yar#L75-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_rombertik_carbongrabber.yar#L75-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b50ecc0ba3d6ec19b53efe505d14276e9e71285f"
 		logic_hash = "e9d13913ee03926920eba33a4dac2a6e9aeaaa54949c5bfea8dd956cf233abae"
 		score = 75
@@ -337211,8 +337713,8 @@ rule SIGNATURE_BASE_Rombertik_Carbongrabber_Builder_Server : FILE
 		date = "2015-05-05"
 		modified = "2023-12-05"
 		reference = "http://blogs.cisco.com/security/talos/rombertik"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_rombertik_carbongrabber.yar#L94-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_rombertik_carbongrabber.yar#L94-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "895fab8d55882eac51d4b27a188aa67205ff0ae5"
 		logic_hash = "693c92128166c72aded066fa66eef906a9f6027c65b889f3a487a38382f29982"
 		score = 75
@@ -337246,8 +337748,8 @@ rule SIGNATURE_BASE_VULN_Printerdriver_Privesc_CVE_2021_3438_Jul21 : FILE
 		date = "2021-07-20"
 		modified = "2023-12-05"
 		reference = "https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vul_cve_2021_3438_printdriver.yar#L4-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vul_cve_2021_3438_printdriver.yar#L4-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b58c2623c8fb84162c1c9390d0398639061ed5b1d4a8e007685e6fabe42bde54"
 		score = 70
 		quality = 85
@@ -337270,8 +337772,8 @@ rule SIGNATURE_BASE_Hiddencobra_R4_Wiper_1 : FILE
 		date = "2017-12-12"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.11.WHITE.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hiddencobra_wiper.yar#L8-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hiddencobra_wiper.yar#L8-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0e88b7f8491e87cce0deb5f246ca521bdb556b9c79c697559bdf8b0b332e714e"
 		score = 75
 		quality = 85
@@ -337293,8 +337795,8 @@ rule SIGNATURE_BASE_Hiddencobra_R4_Wiper_2 : FILE
 		date = "2017-12-12"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/sites/default/files/publications/MAR-10135536.11.WHITE.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hiddencobra_wiper.yar#L22-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hiddencobra_wiper.yar#L22-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f537f67be28f854db0d56199d2a43f90cf6c80469a6f9853db0cd550440c7e1f"
 		score = 75
 		quality = 85
@@ -337316,8 +337818,8 @@ rule SIGNATURE_BASE_HKTL_Cobaltstrike_Sleepmask_Jul22
 		date = "2022-07-04"
 		modified = "2023-12-05"
 		reference = "https://codex-7.gitbook.io/codexs-terminal-window/blue-team/detecting-cobalt-strike/sleep-mask-kit-iocs"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cobaltstrike.yar#L3-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cobaltstrike.yar#L3-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "233b3cb441f45f400c0261589aac31dd1fcd9c4e3a86a6aaa46c60849063b34b"
 		score = 80
 		quality = 85
@@ -337338,8 +337840,8 @@ rule SIGNATURE_BASE_MAL_Sharpshooter_Excel4 : FILE
 		date = "2020-03-27"
 		modified = "2023-12-05"
 		reference = "https://docs.microsoft.com/en-us/openspecs/office_file_formats/ms-xls/00b5dd7d-51ca-4938-b7b7-483fe0e5933b"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_Excel4Macro_Sharpshooter.yar#L1-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_Excel4Macro_Sharpshooter.yar#L1-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ccef64586d25ffcb2b28affc1f64319b936175c4911e7841a0e28ee6d6d4a02d"
 		logic_hash = "4aec8bb7ec8ce7ebd8228416133ea7eec995864aeec78c11548387d832b5fa65"
 		score = 70
@@ -337366,8 +337868,8 @@ rule SIGNATURE_BASE_SUSP_Excel4Macro_Autoopen : FILE
 		date = "2020-03-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_Excel4Macro_Sharpshooter.yar#L27-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_Excel4Macro_Sharpshooter.yar#L27-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2fb198f6ad33d0f26fb94a1aa159fef7296e0421da68887b8f2548bbd227e58f"
 		logic_hash = "074aab8e1d3b66e34e8e8d8e8489e1dfee1091df0424b22cd1bfd3cf904754e1"
 		score = 50
@@ -337394,8 +337896,8 @@ rule SIGNATURE_BASE_Gen_Trojan_Mikey : FILE
 		date = "2015-05-07"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_mikey_trojan.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_mikey_trojan.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a8e6c3ca056b3ff2495d7728654b780735b3a4cb"
 		logic_hash = "5454953bba09d6fc866bcb23ef81a0b6763d8f82b8b606597548cbb5cf6053ed"
 		score = 70
@@ -337423,8 +337925,8 @@ rule SIGNATURE_BASE_Mimipenguin_SH
 		date = "2017-04-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/huntergregal/mimipenguin"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mimipenguin.yar#L8-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mimipenguin.yar#L8-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5d9827e7adfe667a4a46e23854cac3b63949abcde5709045f0fe65e7b5704265"
 		score = 75
 		quality = 85
@@ -337448,8 +337950,8 @@ rule SIGNATURE_BASE_Mimipenguin_1 : FILE
 		date = "2017-07-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/huntergregal/mimipenguin"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mimipenguin.yar#L34-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mimipenguin.yar#L34-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "60a7b64eee9e2adfbc65fb5762f18e2abc4a35f9368ad704754870b5e8311391"
 		score = 75
 		quality = 85
@@ -337475,8 +337977,8 @@ rule SIGNATURE_BASE_Mimipenguin_2 : FILE
 		date = "2017-07-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/huntergregal/mimipenguin"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mimipenguin.yar#L52-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mimipenguin.yar#L52-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "53a1f47ef9c94ef6bffbc9d7b9f3a8e0a7fb132c0936ea27e6be775cf99792a0"
 		score = 75
 		quality = 85
@@ -337503,8 +338005,8 @@ rule SIGNATURE_BASE_Fireball_De_Svr : FILE
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_fireball.yar#L12-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_fireball.yar#L12-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9ac858b3ce50daac811ded4664f2a602a32d8811825733d235125fc81a488e58"
 		score = 75
 		quality = 85
@@ -337531,8 +338033,8 @@ rule SIGNATURE_BASE_Fireball_Lancer : FILE
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_fireball.yar#L31-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_fireball.yar#L31-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "74df144556121609da0820c319a86a9de0f49eeb2d4b1ed59c3a4d0c1d7788cb"
 		score = 75
 		quality = 85
@@ -337561,8 +338063,8 @@ rule SIGNATURE_BASE_Qqbrowser : FILE
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_fireball.yar#L53-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_fireball.yar#L53-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "525d134f57aaa314bcf0676678264e518edb785970478cb31a8fb6f1c8c92263"
 		score = 50
 		quality = 83
@@ -337588,8 +338090,8 @@ rule SIGNATURE_BASE_Chrome_Elf : FILE
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_fireball.yar#L72-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_fireball.yar#L72-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "89f0ab16f164222ecf2a4b14bee02d0c24517d03d1c12b25f5158eebc31b3e3d"
 		score = 75
 		quality = 85
@@ -337617,8 +338119,8 @@ rule SIGNATURE_BASE_Fireball_Regkey : FILE
 		date = "2017-06-02"
 		modified = "2022-12-21"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_fireball.yar#L92-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_fireball.yar#L92-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f8fe8b1edb009ac84acf6159feada91d364507c53a9f92abd6b245b38fa058f5"
 		score = 75
 		quality = 85
@@ -337643,8 +338145,8 @@ rule SIGNATURE_BASE_Fireball_Winsap : FILE
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_fireball.yar#L110-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_fireball.yar#L110-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "de722d90d82f82faa5dfe5991c846e5c16deb919ae653b8f9fe4d1ad0384c41d"
 		score = 75
 		quality = 85
@@ -337672,8 +338174,8 @@ rule SIGNATURE_BASE_Fireball_Archer : FILE
 		date = "2017-06-02"
 		modified = "2022-12-21"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_fireball.yar#L130-L149"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_fireball.yar#L130-L149"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f566ba477ccf1325914b6c9785e2b85f732b211e9321eea24d6c5a0339ccc4d1"
 		score = 75
 		quality = 85
@@ -337700,8 +338202,8 @@ rule SIGNATURE_BASE_Clearlog : FILE
 		date = "2017-06-02"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_fireball.yar#L151-L171"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_fireball.yar#L151-L171"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6b6fd74ad184cafa7885385f808034e9211ff37e04ed5e8ea4af2c7fb7d697bd"
 		score = 75
 		quality = 85
@@ -337730,8 +338232,8 @@ rule SIGNATURE_BASE_Fireball_Gubed : FILE
 		date = "2017-06-02"
 		modified = "2022-12-21"
 		reference = "https://goo.gl/4pTkGQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_fireball.yar#L173-L191"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_fireball.yar#L173-L191"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e8053d8a95d41d81940bbaf7945323849613dbcfe727559a07bc294bd834b65f"
 		score = 75
 		quality = 85
@@ -337758,8 +338260,8 @@ rule SIGNATURE_BASE_LOG_EXPL_SUSP_Teamcity_CVE_2023_42793_Oct23_1 : CVE_2023_427
 		date = "2023-10-02"
 		modified = "2023-12-05"
 		reference = "https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793/rapid7-analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_teamcity_2023_42793.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_teamcity_2023_42793.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3b6c8e3e3ff91563899ca94904a56460cd702a3e58e0aacf1c3acb506ec3f959"
 		score = 70
 		quality = 85
@@ -337783,8 +338285,8 @@ rule SIGNATURE_BASE_LOG_EXPL_SUSP_Teamcity_Oct23_1
 		date = "2023-10-02"
 		modified = "2023-12-05"
 		reference = "https://attackerkb.com/topics/1XEEEkGHzt/cve-2023-42793/rapid7-analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_teamcity_2023_42793.yar#L20-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_teamcity_2023_42793.yar#L20-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a2f0abffb9c72e6b32875310e5af7365b6cab4e6c4f6188daa3085b57c38ed0e"
 		score = 70
 		quality = 85
@@ -337807,8 +338309,8 @@ rule SIGNATURE_BASE_APT_PS1_Sysaid_EXPL_Forensicartifacts_Nov23_1 : SCRIPT CVE_2
 		date = "2023-11-09"
 		modified = "2023-12-05"
 		reference = "https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_sysaid_cve_2023_47246.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_sysaid_cve_2023_47246.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "85efeea88961ca99b22004726d88efc46c748273b9a0b3be674f4cbb12cd3dd1"
 		score = 85
 		quality = 85
@@ -337830,8 +338332,8 @@ rule SIGNATURE_BASE_MAL_Loader_Turtleloader_Nov23 : CVE_2023_47246 FILE
 		date = "2023-11-09"
 		modified = "2023-12-05"
 		reference = "https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_sysaid_cve_2023_47246.yar#L17-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_sysaid_cve_2023_47246.yar#L17-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "14a1636ed4dc3c897fefe53946e67339f91da9e2fbed2c99b9b4119dcc2649c0"
 		score = 85
 		quality = 85
@@ -337858,8 +338360,8 @@ rule SIGNATURE_BASE_MAL_Grace_Dec22
 		date = "2022-12-13"
 		modified = "2023-12-05"
 		reference = "https://blog.talosintelligence.com/breaking-the-silence-recent-truebot-activity/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_sysaid_cve_2023_47246.yar#L40-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_sysaid_cve_2023_47246.yar#L40-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8276662dadfa2f8e07dd7882a60e55bd22ecf1f8f66a09940f16236598646560"
 		score = 70
 		quality = 85
@@ -337887,8 +338389,8 @@ rule SIGNATURE_BASE_CN_Honker_MAC_IPMAC : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L10-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L10-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "24d55b6bec5c9fff4cd6f345bacac7abadce1611"
 		logic_hash = "395dfb840346bbf3f68fa198e76349cf65c703b28fd168b85d846d07df1845fe"
 		score = 70
@@ -337913,8 +338415,8 @@ rule SIGNATURE_BASE_CN_Honker_Getsyskey : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L28-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L28-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "17cec5e75cda434d0a1bc8cdd5aa268b42633fe9"
 		logic_hash = "1f12ea9d62d4aaf695328fb335445f3dae3996595402586d2ee52098e6727d10"
 		score = 70
@@ -337938,8 +338440,8 @@ rule SIGNATURE_BASE_CN_Honker_Churrasco : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L45-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L45-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5a3c935d82a5ff0546eff51bb2ef21c88198f5b8"
 		logic_hash = "f60589bda76367578388cbe6af912c80c9364a7047ed52ca2b4156a1b277e7ca"
 		score = 70
@@ -337967,8 +338469,8 @@ rule SIGNATURE_BASE_CN_Honker_Mysql_Injectv1_1_Creak : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L66-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L66-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a1f066789f48a76023598c5777752c15f91b76b0"
 		logic_hash = "f61557216a7e90ff9655ad8aea4a9adf0e4435c7a3f7958423e46fd2265bad07"
 		score = 70
@@ -337992,8 +338494,8 @@ rule SIGNATURE_BASE_CN_Honker_ASP_Wshell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L83-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L83-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3ae33c835e7ea6d9df74fe99fcf1e2fb9490c978"
 		logic_hash = "f6f83acb76248a1b00f1acac621e68888c93b34d4813d8f8613d5d9095c53a8a"
 		score = 70
@@ -338019,8 +338521,8 @@ rule SIGNATURE_BASE_CN_Honker_Exp_Iis7 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L102-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L102-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0a173c5ece2fd4ac8ecf9510e48e95f43ab68978"
 		logic_hash = "91ceec96297e5cc027e261fd708899787b9be4ac15e209e0734a3b8563ae31b5"
 		score = 70
@@ -338046,8 +338548,8 @@ rule SIGNATURE_BASE_CN_Honker_Segmentweapon : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L121-L136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L121-L136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "494ef20067a7ce2cc95260e4abc16fcfa7177fdf"
 		logic_hash = "9afb70a3ae158b7abbda6725b8c9901121b78fa0e874db12b4ac08bf59b26fb5"
 		score = 70
@@ -338071,8 +338573,8 @@ rule SIGNATURE_BASE_CN_Honker_Alien_Iispwd : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L138-L153"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L138-L153"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5d157a1b9644adbe0b28c37d4022d88a9f58cedb"
 		logic_hash = "16dc6ec4b668fdc43e3a9a8ea31ad0caa1a80b1015ab60eec0eb76bfacd69c5f"
 		score = 70
@@ -338096,8 +338598,8 @@ rule SIGNATURE_BASE_CN_Honker_Md5Cracktools : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L155-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L155-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9dfd9c9923ae6f6fe4cbfa9eb69688269285939c"
 		logic_hash = "a176393c0324bcc634a31c261aa6b528fb5a5893c40a5534b34253a1922c8285"
 		score = 70
@@ -338121,8 +338623,8 @@ rule SIGNATURE_BASE_CN_Honker_Coolscan_Scan : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L172-L187"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L172-L187"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e1c5fb6b9f4e92c4264c7bea7f5fba9a5335c328"
 		logic_hash = "89c7d24d821e907f79ab5630eed13275c5216cff6bf203b5c8f66bb1a178039b"
 		score = 70
@@ -338146,8 +338648,8 @@ rule SIGNATURE_BASE_CN_Honker_Mempodipper2_6 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L189-L203"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L189-L203"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ba2c79911fe48660898039591e1742b3f1a9e923"
 		logic_hash = "1a2c42757199818b94a73b9faff3380911655992ef3214a33a220eac15850c4b"
 		score = 70
@@ -338170,8 +338672,8 @@ rule SIGNATURE_BASE_CN_Honker_COOKIE_Cookie : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L205-L220"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L205-L220"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f7727160257e0e716e9f0cf9cdf9a87caa986cde"
 		logic_hash = "6d942e53a253cb157e535f86ca457c93a6039b2c5ebb3969dc3e271242b478d4"
 		score = 70
@@ -338195,8 +338697,8 @@ rule SIGNATURE_BASE_CN_Honker_Wwwscan_1_Wwwscan : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L222-L237"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L222-L237"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6bed45629c5e54986f2d27cbfc53464108911026"
 		logic_hash = "7b0b6bbcba49c8f950ea3cf5a364059ba784c87a41eba6d825a9ca4e3a07bfbc"
 		score = 70
@@ -338220,8 +338722,8 @@ rule SIGNATURE_BASE_CN_Honker_D_Injection_V2_32 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L239-L254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L239-L254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3a000b976c79585f62f40f7999ef9bdd326a9513"
 		logic_hash = "0107903a481b09faa92a5fbb162fd981f976ed864be3a0840b43063461e20974"
 		score = 70
@@ -338245,8 +338747,8 @@ rule SIGNATURE_BASE_CN_Honker_Net_Priv_Esc2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L256-L271"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L256-L271"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4851e0088ad38ac5b3b1c75302a73698437f7f17"
 		logic_hash = "53cf3d984bc82428eb0a6ee416bcd5429718a1d615ce1c1ba399cda42268d26c"
 		score = 70
@@ -338270,8 +338772,8 @@ rule SIGNATURE_BASE_CN_Honker_Oracle_V1_0_Oracle : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L273-L289"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L273-L289"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0264f4efdba09eaf1e681220ba96de8498ab3580"
 		logic_hash = "6f1bb6b14445a9ca29768ab2dcf831a98cb5d153d03ebc4bc497bb8f8144a365"
 		score = 70
@@ -338296,8 +338798,8 @@ rule SIGNATURE_BASE_CN_Honker_Interception : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L291-L306"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L291-L306"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ea813aed322e210ea6ae42b73b1250408bf40e7a"
 		logic_hash = "d1ae5f8ff21659b95f6e62b1d5e3ec15b122a2b5889e8984f3d9f6d2fa938d17"
 		score = 70
@@ -338321,8 +338823,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_Dubrute_V3_0_RC3_3_0 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L308-L324"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L308-L324"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "49b311add0940cf183e3c7f3a41ea6e516bf8992"
 		logic_hash = "6d2f6721c942332af1be0b6537e9b9d0b5b3e91eb3912dcd095aa18bccfc4ad5"
 		score = 70
@@ -338347,8 +338849,8 @@ rule SIGNATURE_BASE_CN_Honker_Windows_Exp : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L326-L341"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L326-L341"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "04334c396b165db6e18e9b76094991d681e6c993"
 		logic_hash = "6a146545fd12e7603bf1e2ccb9b2d308b13fe2acdb9248a79c80b6c1de37fd73"
 		score = 70
@@ -338372,8 +338874,8 @@ rule SIGNATURE_BASE_CN_Honker_Safe3Wvs_Cgiscan : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L343-L358"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L343-L358"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f94bbf2034ad9afa43cca3e3a20f142e0bb54d75"
 		logic_hash = "990dcede3bb83216af7e72e2a49bc2355ebd45ebd3fc658ba337a285dcdf799f"
 		score = 70
@@ -338397,8 +338899,8 @@ rule SIGNATURE_BASE_CN_Honker_Pr_Debug : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L360-L375"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L360-L375"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d11e6c6f675b3be86e37e50184dadf0081506a89"
 		logic_hash = "0b7508e3a508adc9416f16549290e06468520c156dbd5192e5a352820586af9f"
 		score = 70
@@ -338422,8 +338924,8 @@ rule SIGNATURE_BASE_CN_Honker_T00Ls_Lpk_Sethc_V4_0 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L377-L392"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L377-L392"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "98f21f72c761e504814f0a7db835a24a2413a6c2"
 		logic_hash = "bd6f9b6e831573164fddf7f0188087eb0076410b77c9c06cfacadebe6a53b525"
 		score = 70
@@ -338447,8 +338949,8 @@ rule SIGNATURE_BASE_CN_Honker_Matrixay1073 : FILE
 		date = "2015-06-23"
 		modified = "2023-01-27"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L394-L412"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L394-L412"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fef951e47524f827c7698f4508ba9551359578a5"
 		logic_hash = "e64cae48344e5dae8ec80b2897305a0b380340bdd2973eb0828582f18ef8bf2b"
 		score = 70
@@ -338474,8 +338976,8 @@ rule SIGNATURE_BASE_CN_Honker_Sword1_5 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L414-L431"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L414-L431"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "96ee5c98e982aa8ed92cb4cedb85c7fda873740f"
 		logic_hash = "0f7630b2ec983df2a065b049000cef6de38f884254748a342b2fd84d8c5985af"
 		score = 70
@@ -338501,8 +339003,8 @@ rule SIGNATURE_BASE_CN_Honker_Havij_Havij : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L433-L448"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L433-L448"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0d8b275bd1856bc6563dd731956f3b312e1533cd"
 		logic_hash = "e8aff3e1e536cd35b10bdaab4818542bce284e7ed3aa7ef1920763669faf4c8a"
 		score = 70
@@ -338526,8 +339028,8 @@ rule SIGNATURE_BASE_CN_Honker_Exp_Ms11011 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L450-L468"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L450-L468"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5ad7a4962acbb6b0e3b73d77385eb91feb88b386"
 		logic_hash = "f92d71f163a49a158d85b821d71fd17e84e0d3deb19515ae0cf6a063a05c027b"
 		score = 70
@@ -338554,8 +339056,8 @@ rule SIGNATURE_BASE_CN_Honker_DLL_Passive_Privilege_Escalation_Ws2Help : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L470-L485"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L470-L485"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e539b799c18d519efae6343cff362dcfd8f57f69"
 		logic_hash = "e13f33e48d5c1aeaef6c50287f74e03fb7b65667d597768d448e76f5a375b34f"
 		score = 70
@@ -338579,8 +339081,8 @@ rule SIGNATURE_BASE_CN_Honker_Webshell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L487-L503"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L487-L503"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c85bd09d241c2a75b4e4301091aa11ddd5ad6d59"
 		logic_hash = "d48a10313afcb5a2084229937703bbc11958a5cd11f8f27fbc8dae15ddfd5ed1"
 		score = 70
@@ -338605,8 +339107,8 @@ rule SIGNATURE_BASE_CN_Honker_Aspxclient : FILE
 		date = "2015-06-23"
 		modified = "2022-12-21"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L505-L523"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L505-L523"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "67569a89128f503a459eab3daa2032261507f2d2"
 		logic_hash = "4d0a93434673952fed38e384db526275b9eb32bac9a207c91f792d4d113c40f1"
 		score = 70
@@ -338632,8 +339134,8 @@ rule SIGNATURE_BASE_CN_Honker_Fckeditor : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L525-L540"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L525-L540"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4b16ae12c204f64265acef872526b27111b68820"
 		logic_hash = "0fd231fc81b2b7b5647a8016774f35751ac68646856a15c17ce4d2c07eaf1761"
 		score = 70
@@ -338657,8 +339159,8 @@ rule SIGNATURE_BASE_CN_Honker_Codeeer_Explorer : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L542-L557"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L542-L557"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f32e05f3fefbaa2791dd750e4a3812581ce0f205"
 		logic_hash = "299d0181beb5032dcb327516a7526d6131e2212623ffa9e592f54f80473b098d"
 		score = 70
@@ -338682,8 +339184,8 @@ rule SIGNATURE_BASE_CN_Honker_Swordhonkeredition : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L559-L575"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L559-L575"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3f9479151c2cada04febea45c2edcf5cece1df6c"
 		logic_hash = "cc18e68f7c3eff69a75333f3b605c89b024c6763f7b97e0ce20ce14bfe28df0d"
 		score = 70
@@ -338708,8 +339210,8 @@ rule SIGNATURE_BASE_CN_Honker_HASH_Pwdump7 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L577-L594"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L577-L594"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "93a2d7c3a9b83371d96a575c15fe6fce6f9d50d3"
 		logic_hash = "05f735ba3f377f71ccf3a97b3597cee7b9f36213ee2ebba19db69667529d9fac"
 		score = 70
@@ -338735,8 +339237,8 @@ rule SIGNATURE_BASE_CN_Honker_Chinachopper : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L596-L612"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L596-L612"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fa347fdb23ab0b8d0560a0d20c434549d78e99b5"
 		logic_hash = "e5e6a8a17592e7c82af830153905a52f8202a65c8e2f4b09dbebb19d04e2f8d7"
 		score = 70
@@ -338761,8 +339263,8 @@ rule SIGNATURE_BASE_CN_Honker_Dedecms5_7 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L614-L629"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L614-L629"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f9cbb25883828ca266e32ff4faf62f5a9f92c5fb"
 		logic_hash = "57ff887906d3c5e7eafc900581eea7432c7a18364b0061d0e4deba0229663c65"
 		score = 70
@@ -338786,8 +339288,8 @@ rule SIGNATURE_BASE_CN_Honker_Alien_Ee : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L631-L646"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L631-L646"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "15a7211154ee7aca29529bd5c2500e0d33d7f0b3"
 		logic_hash = "1f40f6c53e13aeb6b44c58f6e048a35cf3fd9fb956f26d70b3fe91bcac340ab5"
 		score = 70
@@ -338811,8 +339313,8 @@ rule SIGNATURE_BASE_CN_Honker_Smsniff_Smsniff : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L648-L663"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L648-L663"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8667a785a8ced76d0284d225be230b5f1546f140"
 		logic_hash = "6949f992d4734f18d9caffe83f2abccca0e0decef4169954518eed078d39e561"
 		score = 70
@@ -338836,8 +339338,8 @@ rule SIGNATURE_BASE_CN_Honker_Happy_Happy : FILE
 		date = "2015-06-23"
 		modified = "2023-01-27"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L665-L683"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L665-L683"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "92067d8dad33177b5d6c853d4d0e897f2ee846b0"
 		logic_hash = "667cd6629ca49f2200fdc0a5eb28c77c412ca25313fd9a8afb77dedfa66d2fa1"
 		score = 70
@@ -338863,8 +339365,8 @@ rule SIGNATURE_BASE_CN_Honker_T00Ls_Lpk_Sethc_V3_0 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L685-L701"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L685-L701"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fa47c4affbac01ba5606c4862fdb77233c1ef656"
 		logic_hash = "fa65de4a135072f4d9a5d5711a4e2833b9d4a268a2a37c33d17e4546d172b6f1"
 		score = 70
@@ -338889,8 +339391,8 @@ rule SIGNATURE_BASE_CN_Honker_Netfuke_Netfuke : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L703-L718"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L703-L718"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f89e223fd4f6f5a3c2a2ea225660ef0957fc07ba"
 		logic_hash = "86f6040b743b17fb300498b02a202d1a9090054a30d490f082b116d799c4bdb2"
 		score = 70
@@ -338914,8 +339416,8 @@ rule SIGNATURE_BASE_CN_Honker_Manualinjection : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L720-L735"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L720-L735"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e83d427f44783088a84e9c231c6816c214434526"
 		logic_hash = "fe8eba3b79f5bc4cf820ff51816c3f2a27d6ed8f6ab3963f88a3232c9a4b5c1e"
 		score = 70
@@ -338939,8 +339441,8 @@ rule SIGNATURE_BASE_CN_Honker_Cncert_Ccdoor_CMD : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L737-L754"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L737-L754"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1c6ed7d817fa8e6534a5fd36a94f4fc2f066c9cd"
 		logic_hash = "3c068c3d21de8c071b3eec354f03423d4902ef0156bb9dcad370cf688bc03426"
 		score = 70
@@ -338966,8 +339468,8 @@ rule SIGNATURE_BASE_CN_Honker_Termsrvhack : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L756-L771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L756-L771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1c456520a7b7faf71900c71167038185f5a7d312"
 		logic_hash = "ef0b9965e2d419230a7a8425674edb356347d1e41538d19fc67f8b0fbc69091f"
 		score = 70
@@ -338991,8 +339493,8 @@ rule SIGNATURE_BASE_CN_Honker_IIS6_Iis6 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L773-L790"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L773-L790"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f0c9106d6d2eea686fd96622986b641968d0b864"
 		logic_hash = "51b2fdae6437d64661f20342711d516201740eceb2273704a6e415be2cac54f6"
 		score = 70
@@ -339018,8 +339520,8 @@ rule SIGNATURE_BASE_CN_Honker_Struts2_Catbox : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L792-L807"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L792-L807"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ee8fbd91477e056aef34fce3ade474cafa1a4304"
 		logic_hash = "20bda5c918ea38810603528a20f3406ec4e79ce999681649e8e806bf549b5359"
 		score = 70
@@ -339043,8 +339545,8 @@ rule SIGNATURE_BASE_CN_Honker_Getlsasrvaddr : FILE
 		date = "2015-06-23"
 		modified = "2022-12-21"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L809-L826"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L809-L826"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a897d5da98dae8d80f3c0a0ef6a07c4b42fb89ce"
 		logic_hash = "e626724430d0b74aee52783dd5abdb8ccc7b951c56041e5c166b78b7370bc402"
 		score = 70
@@ -339069,8 +339571,8 @@ rule SIGNATURE_BASE_CN_Honker_Ms10048_X64 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L828-L843"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L828-L843"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "418bec3493c85e3490e400ecaff5a7760c17a0d0"
 		logic_hash = "49addce6bef7588bf7683836a54bec6a2a646ecc3f7547083174d2255454cdf0"
 		score = 70
@@ -339094,8 +339596,8 @@ rule SIGNATURE_BASE_CN_Honker_Logcleaner : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L845-L860"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L845-L860"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ab77ed5804b0394d58717c5f844d9c0da5a9f03e"
 		logic_hash = "3be059627c39e262e7621fce637df21ddcabef91753192cec356f2f8cd58c1a3"
 		score = 70
@@ -339119,8 +339621,8 @@ rule SIGNATURE_BASE_CN_Honker_Shell_Brute_Tool : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L862-L877"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L862-L877"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f6903a15453698c35dce841e4d09c542f9480f01"
 		logic_hash = "723fd18e59c0017b67a035ec7c685169c517d673c2bbc8fe93071b8dbd1e606a"
 		score = 70
@@ -339144,8 +339646,8 @@ rule SIGNATURE_BASE_CN_Honker_Hxdef100 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L879-L895"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L879-L895"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bf30ccc565ac40073b867d4c7f5c33c6bc1920d6"
 		logic_hash = "49f15482104297f0c57713712a7add49d58007afeefd11151dc5749b755860ba"
 		score = 70
@@ -339170,8 +339672,8 @@ rule SIGNATURE_BASE_CN_Honker_Arp_EMP_V1_0 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L897-L911"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L897-L911"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ae4954c142ad1552a2abaef5636c7ef68fdd99ee"
 		logic_hash = "457035b1685ac7f1bdccaab0b64bb1ad3ca1bf5e0747222347ced2a11b9b9504"
 		score = 70
@@ -339194,8 +339696,8 @@ rule SIGNATURE_BASE_CN_Honker_Getwebshell : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L913-L930"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L913-L930"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b63b53259260a7a316932c0a4b643862f65ee9f8"
 		logic_hash = "5d6638596607884950e702144416eb6fd3b009c88e4af5f81a50f346d7491c95"
 		score = 70
@@ -339221,8 +339723,8 @@ rule SIGNATURE_BASE_CN_Honker_Cracker_SHELL : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L932-L949"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L932-L949"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c1dc349ff44a45712937a8a9518170da8d4ee656"
 		logic_hash = "03da662e8d5dfbae524c4949d90e143714e6c4783e02600e059172e8b09ebc57"
 		score = 70
@@ -339248,8 +339750,8 @@ rule SIGNATURE_BASE_CN_Honker_MSTSC_Can_Direct_Copy : FILE
 		date = "2015-06-23"
 		modified = "2022-12-21"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L951-L968"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L951-L968"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2f3cbfd9f82f8abafdb1d33235fa6bfa1e1f71ae"
 		logic_hash = "5437abd979a8df5ee3f8508f7a5fff85714b5d8a22ab1760fe1e7a8168a8c255"
 		score = 70
@@ -339274,8 +339776,8 @@ rule SIGNATURE_BASE_CN_Honker_Lcx_Lcx : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L970-L988"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L970-L988"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0c8779849d53d0772bbaa1cedeca150c543ebf38"
 		logic_hash = "6e81cac14baa9f0ae35eb26f30291cba6f7ef1864f8970b97a3e6e7205d10eb9"
 		score = 70
@@ -339302,8 +339804,8 @@ rule SIGNATURE_BASE_CN_Honker_Postgresql : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L990-L1005"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L990-L1005"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1ecfaa91aae579cfccb8b7a8607176c82ec726f4"
 		logic_hash = "f6921e7a7c88d70c77fc30dc273aac3679a3c0ab44d4d4706d7a405f16cff6a1"
 		score = 70
@@ -339327,8 +339829,8 @@ rule SIGNATURE_BASE_CN_Honker_Webrobot : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1007-L1023"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1007-L1023"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "af054994c911b4301490344fca4bb19a9f394a8f"
 		logic_hash = "7d7fc9fb9156aa20993dcb809f4e1d3d357f6826dcac7e628dbe6e0f81e5a61a"
 		score = 70
@@ -339353,8 +339855,8 @@ rule SIGNATURE_BASE_CN_Honker_Baidu_Extractor_Ver1_0 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1025-L1042"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1025-L1042"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1899f979360e96245d31082e7e96ccedbdbe1413"
 		logic_hash = "cba7357ab3cb840b3b115abe00e1a3a712feb036cae816c8ded10d73029efe2b"
 		score = 70
@@ -339380,8 +339882,8 @@ rule SIGNATURE_BASE_CN_Honker_FTP_Scanning : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1044-L1061"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1044-L1061"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5a3543ee5aed110c87cbc3973686e785bcb5c44e"
 		logic_hash = "5f1c312dc9fa80c120699bacd17d5e4c147ab96f90c619a8c39ec27646a1307f"
 		score = 70
@@ -339407,8 +339909,8 @@ rule SIGNATURE_BASE_CN_Honker_Dirdown_Dirdown : FILE
 		date = "2015-06-23"
 		modified = "2022-12-21"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1063-L1080"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1063-L1080"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7b8d51c72841532dded5fec7e7b0005855b8a051"
 		logic_hash = "5e8349096b7d07757c3779e13fba87f770a5ef090bc7efe36fd151c7c180edad"
 		score = 70
@@ -339433,8 +339935,8 @@ rule SIGNATURE_BASE_CN_Honker_Xiaokui_Conversion_Tool : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1082-L1098"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1082-L1098"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "dccd163e94a774b01f90c1e79f186894e2f27de3"
 		logic_hash = "66a77c1fbfecdc02f591c12f69b46e39b7077dfbb5ed2a26a7dcfb11c8b464dc"
 		score = 70
@@ -339459,8 +339961,8 @@ rule SIGNATURE_BASE_CN_Honker_Grouppolicyremover : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1100-L1116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1100-L1116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7475d694e189b35899a2baa462957ac3687513e5"
 		logic_hash = "936d5dea2d44f638abfb5e42f45c0678bcbf769b575b5056db1a1fc41d1643be"
 		score = 70
@@ -339485,8 +339987,8 @@ rule SIGNATURE_BASE_CN_Honker_Wordpressscanner : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1118-L1135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1118-L1135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0b3c5015ba3616cbc616fc9ba805fea73e98bc83"
 		logic_hash = "c6c36ad5ff0ddfbc41464008d293d453bf2d312a6db885217785adf816bd8b20"
 		score = 70
@@ -339512,8 +340014,8 @@ rule SIGNATURE_BASE_CN_Honker_Htran_V2_40_Htran20 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1137-L1156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1137-L1156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b992bf5b04d362ed3757e90e57bc5d6b2a04e65c"
 		logic_hash = "41a85430875df622e7940ef26c6eceaa4e0720b2995521fbb2d4b072207c8e15"
 		score = 70
@@ -339541,8 +340043,8 @@ rule SIGNATURE_BASE_CN_Honker_Dictionarygenerator : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1158-L1173"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1158-L1173"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b3071c64953e97eeb2ca6796fab302d8a77d27bc"
 		logic_hash = "228bdbca3eb206e22a130e91caa2486174efba9356dbee67e80333c0cf0bb643"
 		score = 70
@@ -339566,8 +340068,8 @@ rule SIGNATURE_BASE_CN_Honker_Ms11080_Withcmd : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1175-L1190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1175-L1190"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "745e5058acff27b09cfd6169caf6e45097881a49"
 		logic_hash = "1f673f845ad40efae143ec244c7c70d1e26fb51f22be6bf445085c6a7379f193"
 		score = 70
@@ -339591,8 +340093,8 @@ rule SIGNATURE_BASE_CN_Honker_T00Ls_Lpk_Sethc_V2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1192-L1208"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1192-L1208"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a995451d9108687b8892ad630a79660a021d670a"
 		logic_hash = "979f3fe9795798743f2a57aa3b82a34e304774de58ffda5278991cf5a753a8ba"
 		score = 70
@@ -339617,8 +340119,8 @@ rule SIGNATURE_BASE_CN_Honker_HASH_32 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1210-L1226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1210-L1226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bf4a8b4b3e906e385feab5ea768f604f64ba84ea"
 		logic_hash = "819e70979ae1d5e237bbadaa52b504c566b4b7436747ceb0d72e206e4fc45708"
 		score = 70
@@ -339643,8 +340145,8 @@ rule SIGNATURE_BASE_CN_Honker_Windows_Mstsc_Enhanced_RMDSTC : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1228-L1243"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1228-L1243"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3ca2b1b6f31219baf172abcc8f00f07f560e465f"
 		logic_hash = "de676b033613beebfe9fc5a71cf5f5911f0af35d34e77d56d222c6f00114dfb6"
 		score = 70
@@ -339668,8 +340170,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_Mstsc_MSTSCAX : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1245-L1261"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1245-L1261"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2fa006158b2d87b08f1778f032ab1b8e139e02c6"
 		logic_hash = "2bfe10ec4af5d0f32fc03714c0cb01d9b0d446daa67cc0cce0b83f6a57e7c5a5"
 		score = 70
@@ -339694,8 +340196,8 @@ rule SIGNATURE_BASE_CN_Honker_T00Ls_Scanner : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1263-L1278"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1263-L1278"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "70b04b910d82b32b90cd7f355a0e3e17dd260cb3"
 		logic_hash = "558abb651ce410520811ca96aaad78710cb9bf597b59ed89d9a678377716d721"
 		score = 70
@@ -339719,8 +340221,8 @@ rule SIGNATURE_BASE_CN_Honker_Gethashes : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1280-L1296"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1280-L1296"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "dc8bcebf565ffffda0df24a77e28af681227b7fe"
 		logic_hash = "fb5ab5e6d8b522caf27478b0589b39d06b96fb0f913673ede768a814836e11f8"
 		score = 70
@@ -339745,8 +340247,8 @@ rule SIGNATURE_BASE_CN_Honker_Hashq_Hashq : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1298-L1314"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1298-L1314"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7518b647db5275e8a9e0bf4deda3d853cc9d5661"
 		logic_hash = "a71ad182f7dd33790e59badfba6149c6dea627858414f0a8f3e64fd3bb2e2a64"
 		score = 70
@@ -339771,8 +340273,8 @@ rule SIGNATURE_BASE_CN_Honker_Shiftbackdoor_Server : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1316-L1333"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1316-L1333"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b24d761c6bbf216792c4833890460e8b37d86b37"
 		logic_hash = "17f1d7f2345ed1bc9b240c4851f41891244ec9d13b296a24ab6b42cca32ddf87"
 		score = 70
@@ -339798,8 +340300,8 @@ rule SIGNATURE_BASE_CN_Honker_Exp_Win2003 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1335-L1351"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1335-L1351"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "47164c8efe65d7d924753fadf6cdfb897a1c03db"
 		logic_hash = "d1616c53b26eefaa2578efb7defee182e8c88c869cfffb16c8767ddc1869ad46"
 		score = 70
@@ -339824,8 +340326,8 @@ rule SIGNATURE_BASE_CN_Honker_Interception3389_Setup : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1353-L1371"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1353-L1371"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f5b2f86f8e7cdc00aa1cb1b04bc3d278eb17bf5c"
 		logic_hash = "d3f543683810a985a190cc3ea8edb7bfcd316d56a13d45c6532c488a4536ad0a"
 		score = 70
@@ -339852,8 +340354,8 @@ rule SIGNATURE_BASE_CN_Honker_Cncert_Ccdoor_CMD_2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1373-L1390"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1373-L1390"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7f3a6fb30845bf366e14fa21f7e05d71baa1215a"
 		logic_hash = "8f33f2999eae3f080e8e5ec51ced3e7d596a07b6e5c9830cc1ca552701ed6502"
 		score = 70
@@ -339879,8 +340381,8 @@ rule SIGNATURE_BASE_CN_Honker_Exp_Ms11046 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1392-L1409"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1392-L1409"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f8414a374011fd239a6c6d9c6ca5851cd8936409"
 		logic_hash = "0496e5c062c1a248b118c2f6009c95bfddf753e5491529d4ec43cfaf1ea0c0c5"
 		score = 70
@@ -339906,8 +340408,8 @@ rule SIGNATURE_BASE_CN_Honker_Master_Beta_1_7 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1411-L1426"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1411-L1426"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3be7a370791f29be89acccf3f2608fd165e8059e"
 		logic_hash = "13c9cc0bf8aaed2ba86baeee6f0b32bf71108dc1350dcffd03e70393fa975c9f"
 		score = 70
@@ -339931,8 +340433,8 @@ rule SIGNATURE_BASE_CN_Honker_F4Ck_Team_F4Ck_2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1428-L1446"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1428-L1446"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0783661077312753802bd64bf5d35c4666ad0a82"
 		logic_hash = "85c73d480019929eef5951b0395f49cea86dc83b334860e940cc6e36c2d96d3a"
 		score = 70
@@ -339959,8 +340461,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_80_Antifw : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1448-L1466"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1448-L1466"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5fbc75900e48f83d0e3592ea9fa4b70da72ccaa3"
 		logic_hash = "5e940406b713458ae7168d4e140f15a262b7f0834d29db9c88f1f04bedb41e43"
 		score = 70
@@ -339987,8 +340489,8 @@ rule SIGNATURE_BASE_CN_Honker_Wwwscan_Gui : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1468-L1483"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1468-L1483"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "897b66a34c58621190cb88e9b2a2a90bf9b71a53"
 		logic_hash = "9c25cf33fc2f675c8db7b24f2abe03d54c0ae17927e0ca9ccd3e5b97ffc56f73"
 		score = 70
@@ -340012,8 +340514,8 @@ rule SIGNATURE_BASE_CN_Honker_Swordcolledition : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1485-L1500"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1485-L1500"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6e14f21cac6e2aa7535e45d81e8d1f6913fd6e8b"
 		logic_hash = "bbc5c9bb91bdd60582e2d7f6fa9b1a1cc3799e0809b670d575d9b2c77bf5e884"
 		score = 70
@@ -340037,8 +340539,8 @@ rule SIGNATURE_BASE_CN_Honker_Hconstfportable : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1502-L1517"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1502-L1517"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "00253a00eadb3ec21a06911a3d92728bbbe80c09"
 		logic_hash = "d4368994d38b87a4c0a53321a468fa8a72411ccb17befa0bbc62bdd6de9e1a52"
 		score = 70
@@ -340062,8 +340564,8 @@ rule SIGNATURE_BASE_CN_Honker_T00Ls_Lpk_Sethc_V3_LPK : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1519-L1536"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1519-L1536"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cf2549bbbbdb7aaf232d9783873667e35c8d96c1"
 		logic_hash = "20e949bef1c1631ef2a48c78c2ccc4dcea2f842275ec5df3e31c5d915e8a2a04"
 		score = 70
@@ -340089,8 +340591,8 @@ rule SIGNATURE_BASE_CN_Honker_Without_A_Trace_Wywz : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1538-L1554"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1538-L1554"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f443c43fde643228ee95def5c8ed3171f16daad8"
 		logic_hash = "0f6ca7d44312afef49d3094af7b33af5e41f4531e7e7f9f37cf050700755bb3e"
 		score = 70
@@ -340115,8 +340617,8 @@ rule SIGNATURE_BASE_CN_Honker_LPK2_0_LPK : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1556-L1573"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1556-L1573"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5a1226e73daba516c889328f295e728f07fdf1c3"
 		logic_hash = "d693b880d5419277d9189d44ace60fe5f328b4662c1975a8bc97e63dc073d1e6"
 		score = 70
@@ -340142,8 +340644,8 @@ rule SIGNATURE_BASE_CN_Honker_Cleaniis : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1575-L1590"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1575-L1590"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "372bc64c842f6ff0d9a1aa2a2a44659d8b88cb40"
 		logic_hash = "6f3fe22c9ce8b576116a3fc185910488f37b687c1158d49a93feaa68a144a8db"
 		score = 70
@@ -340167,8 +340669,8 @@ rule SIGNATURE_BASE_CN_Honker_Arp3_7_Arp3_7 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1592-L1607"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1592-L1607"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "db641a9dfec103b98548ac7f6ca474715040f25c"
 		logic_hash = "9930d5f13c4dc5cae25dece811911e71e858e3fef51a09c99883699e7feb4908"
 		score = 70
@@ -340192,8 +340694,8 @@ rule SIGNATURE_BASE_CN_Honker_Exp_Ms11080 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1609-L1624"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1609-L1624"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f0854c49eddf807f3a7381d3b20f9af4a3024e9f"
 		logic_hash = "57eb1cdd1108c82da399b0aa869edc9e377e0185896504716bec8925599c07f0"
 		score = 70
@@ -340217,8 +340719,8 @@ rule SIGNATURE_BASE_CN_Honker_Injection_Transit : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1626-L1642"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1626-L1642"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f4fef2e3d310494a3c3962a49c7c5a9ea072b2ea"
 		logic_hash = "3e6fe804b9b6e8555c847a165bb0a8b266004653531fe8f11e3937108757f2ff"
 		score = 70
@@ -340243,8 +340745,8 @@ rule SIGNATURE_BASE_CN_Honker_Safe3Wvs : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1644-L1662"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1644-L1662"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fee3acacc763dc55df1373709a666d94c9364a7f"
 		logic_hash = "803591fa9427c3001f78ae6274076f3a2f070770d568909d6cba8cee5124ee4c"
 		score = 70
@@ -340271,8 +340773,8 @@ rule SIGNATURE_BASE_CN_Honker_NBSI_3_0 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1664-L1681"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1664-L1681"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "93bf0f64bec926e9aa2caf4c28df9af27ec0e104"
 		logic_hash = "017b5f76a3168089f3186134e7a4c0352158bb866228776240f0d014834e6ee0"
 		score = 70
@@ -340298,8 +340800,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_Dubrute_V3_0_RC3_2_0 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1683-L1699"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1683-L1699"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e8ee982421ccff96121ffd24a3d84e3079f3750f"
 		logic_hash = "8c9be7e8cc04eba6b131acc3c85ac48d7663260a2e4064ad55ed8f40e0875cf4"
 		score = 70
@@ -340324,8 +340826,8 @@ rule SIGNATURE_BASE_CN_Honker_Hkmjjiis6 : FILE
 		date = "2015-06-23"
 		modified = "2023-01-27"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1701-L1718"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1701-L1718"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4cbc6344c6712fa819683a4bd7b53f78ea4047d7"
 		logic_hash = "a087b9731444152b717e0fbae557004d94f3fb69a4ec65aa38b7a3dab3e3cddf"
 		score = 70
@@ -340350,8 +340852,8 @@ rule SIGNATURE_BASE_CN_Honker_Clearlogs : FILE
 		date = "2015-06-23"
 		modified = "2023-01-27"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1720-L1736"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1720-L1736"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "490f3bc318f415685d7e32176088001679b0da1b"
 		logic_hash = "ed961d2850ba86743177976a4516e7d4a8b90b7e8f180c03f5dbbcc794ad1084"
 		score = 70
@@ -340375,8 +340877,8 @@ rule SIGNATURE_BASE_CN_Honker_No_Net_Priv_Esc_Adduser : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1738-L1754"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1738-L1754"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4c95046be6ae40aee69a433e9a47f824598db2d4"
 		logic_hash = "743e67e2aa95830034db1afda1f346c30467c7b59e030ed27415e5127013be74"
 		score = 70
@@ -340401,8 +340903,8 @@ rule SIGNATURE_BASE_CN_Honker_Injection : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1756-L1771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1756-L1771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3484ed16e6f9e0d603cbc5cb44e46b8b7e775d35"
 		logic_hash = "8de3e59bd118fbbf1a012c6bfb358dba7c8fb758e3ac17277f2ad3a92c0284ba"
 		score = 70
@@ -340426,8 +340928,8 @@ rule SIGNATURE_BASE_CN_Honker_Sqlserver_Inject_Creaked : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1773-L1788"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1773-L1788"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "af3c41756ec8768483a4cf59b2e639994426e2c2"
 		logic_hash = "2a7e913a4b7bb6c1270d862108eae7ed3998114b672ca7fa19bd0b199fc27dc2"
 		score = 70
@@ -340451,8 +340953,8 @@ rule SIGNATURE_BASE_CN_Honker_Webscan_Webscan : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1790-L1805"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1790-L1805"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a0b0e2422e0e9edb1aed6abb5d2e3d156b7c8204"
 		logic_hash = "a714fe90dce33180b8074e2c3a16fc1829ed2a7b387eb92aec8a147cff9e57a4"
 		score = 70
@@ -340476,8 +340978,8 @@ rule SIGNATURE_BASE_CN_Honker_Gethashes_2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1807-L1823"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1807-L1823"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "35ae9ccba8d607d8c19a065cf553070c54b091d8"
 		logic_hash = "778fde2c59d4523142c0ac5b5c953c9eedbbf3c00b406541c00c1aa1f1a9cc58"
 		score = 70
@@ -340502,8 +341004,8 @@ rule SIGNATURE_BASE_SUSP_Patcher_Keygen_Indicators_Jun15 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1825-L1841"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1825-L1841"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e32f5de730e324fb386f97b6da9ba500cf3a4f8d"
 		logic_hash = "07735c380cf34aaabd5cc0e1b38e32b3d4ad86b7bb184188d446df537f66775e"
 		score = 70
@@ -340528,8 +341030,8 @@ rule SIGNATURE_BASE_CN_Honker_Tuoku_Script_Oracle_2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1843-L1858"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1843-L1858"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "865dd591b552787eda18ee0ab604509bae18c197"
 		logic_hash = "627d81323266d67a2402367918b4f6e7277367c3eb027af57ac6966f2a49472c"
 		score = 70
@@ -340553,8 +341055,8 @@ rule SIGNATURE_BASE_CN_Honker_Net_Packet_Capt : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1860-L1878"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1860-L1878"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2d45a2bd9e74cf14c1d93fff90c2b0665f109c52"
 		logic_hash = "b158199a27f1260da5f5c1a8e99bb1cc3d19fe2a10577cc5932f097ff39d4ef8"
 		score = 70
@@ -340581,8 +341083,8 @@ rule SIGNATURE_BASE_CN_Honker_Cleaniislog : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1880-L1894"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1880-L1894"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "827cd898bfe8aa7e9aaefbe949d26298f9e24094"
 		logic_hash = "35b428d6178196b0dc6ac2ea3f0ee1dfbf6a98ead2356cb2a35d3d6b780538cc"
 		score = 70
@@ -340605,8 +341107,8 @@ rule SIGNATURE_BASE_CN_Honker_HASH_Pwhash : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1896-L1911"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1896-L1911"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "689056588f95749f0382d201fac8f58bac393e98"
 		logic_hash = "a77ae11c35dac3cfb1a2970460d4883feed7fbd3e8a860fa7facaad7ddcd1182"
 		score = 70
@@ -340630,8 +341132,8 @@ rule SIGNATURE_BASE_CN_Honker_Cleaner_Cl_2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1913-L1928"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1913-L1928"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "523084e8975b16e255b56db9af0f9eecf174a2dd"
 		logic_hash = "865354152f8441009aaad9022f64c3a014c4df0549b648d66959df56893ab98a"
 		score = 70
@@ -340655,8 +341157,8 @@ rule SIGNATURE_BASE_CN_Honker_Sqlmap_Python_Run : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1930-L1946"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1930-L1946"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a51479a1c589f17c77d22f6cf90b97011c33145f"
 		logic_hash = "86d53a06e2f71b7ce7785c4c8ac017a4552b40c16d64474db4e22dbe1afd9e52"
 		score = 70
@@ -340681,8 +341183,8 @@ rule SIGNATURE_BASE_CN_Honker_Saminside : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1948-L1963"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1948-L1963"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "707ba507f9a74d591f4f2e2f165ff9192557d6dd"
 		logic_hash = "8f095a554121e16b63fdd8d47d957665aed7a2a5885813fa78bc4cee3b8923d3"
 		score = 70
@@ -340706,8 +341208,8 @@ rule SIGNATURE_BASE_CN_Honker_Webscan_Wwwscan : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1965-L1981"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1965-L1981"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6dbffa916d0f0be2d34c8415592b9aba690634c7"
 		logic_hash = "9d2eee1c1783a08a2eae86d4ea77bdb67db8cf0055a24d88ea09411e63018e8c"
 		score = 70
@@ -340732,8 +341234,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_2_3389 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L1983-L1999"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L1983-L1999"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "48d1974215e5cb07d1faa57e37afa91482b5a376"
 		logic_hash = "97e2a08dd391de44fc01c44ca6463aa009e93ad199a330eb99aaa809f14f2ef0"
 		score = 70
@@ -340758,8 +341260,8 @@ rule SIGNATURE_BASE_CN_Honker_PHP_Php11 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2001-L2017"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2001-L2017"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "dcc8226e7eb20e4d4bef9e263c14460a7ee5e030"
 		logic_hash = "d32b0540521a6b1d65c224bdee463813d72846c26f27326a092bdf3b90c3ae7c"
 		score = 70
@@ -340784,8 +341286,8 @@ rule SIGNATURE_BASE_CN_Honker_Webcruiserwvs : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2019-L2034"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2019-L2034"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6c90a9ed4c8a141a343dab1b115cc840a7190304"
 		logic_hash = "dd37765488f07299048e9b8fc552120e76d628e0adcaf474fce9bfe60774a0c8"
 		score = 70
@@ -340809,8 +341311,8 @@ rule SIGNATURE_BASE_CN_Honker_Hookmsgina : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2036-L2053"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2036-L2053"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f4d9b329b45fbcf6a3b9f29f2633d5d3d76c9f9d"
 		logic_hash = "1e268624a5f8df200ef1a03ce167f38feda59836a864e17297473ba223c5895a"
 		score = 70
@@ -340836,8 +341338,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_Xp3389 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2055-L2071"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2055-L2071"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d776eb7596803b5b94098334657667d34b60d880"
 		logic_hash = "7fd7947a802a65dfd63ece3fc6eaf2da8207e99276a9f6b1ff2c937cf4327945"
 		score = 70
@@ -340862,8 +341364,8 @@ rule SIGNATURE_BASE_CN_Honker_Cookiesview : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2073-L2089"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2073-L2089"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c54e1f16d79066edfa0f84e920ed1f4873958755"
 		logic_hash = "9711bb15f08c18ba068325d1cca0ded8e252ded4ceddfb134d1317ad8a19fbe8"
 		score = 70
@@ -340888,8 +341390,8 @@ rule SIGNATURE_BASE_CN_Honker_T00Ls_Lpk_Sethc_V4_LPK : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2091-L2108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2091-L2108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2b2ab50753006f62965bba83460e3960ca7e1926"
 		logic_hash = "a7382d61b53706ad51b36bc686a1c3f0018ee111bdc8ae9b05af144230dfbba3"
 		score = 70
@@ -340915,8 +341417,8 @@ rule SIGNATURE_BASE_CN_Honker_Scanhistory : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2110-L2126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2110-L2126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "14c31e238924ba3abc007dc5a3168b64d7b7de8d"
 		logic_hash = "657a25b5103799446fa88abda39d36a05e080c18d41e9dd98199b506f2bfc419"
 		score = 70
@@ -340941,8 +341443,8 @@ rule SIGNATURE_BASE_CN_Honker_Invasionerasor : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2128-L2146"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2128-L2146"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b37ecd9ee6b137a29c9b9d2801473a521b168794"
 		logic_hash = "d2f742693682e9409284706a3eb63536a576cb162629bf76bfabf2e0210984a3"
 		score = 70
@@ -340969,8 +341471,8 @@ rule SIGNATURE_BASE_CN_Honker_Super_Injection1 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2148-L2164"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2148-L2164"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8ff2df40c461f6c42b92b86095296187f2b59b14"
 		logic_hash = "11a3628b7c34a34dc37604430195e24063d3f0dd0889d6d782ce0ee42cafbb02"
 		score = 70
@@ -340995,8 +341497,8 @@ rule SIGNATURE_BASE_CN_Honker_Pk_Pker : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2166-L2186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2166-L2186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "631787f27f27c46f79e58e1accfcc9ecfb4d3a2f"
 		logic_hash = "ea29bc82131751f0aaa4f10cc7576a27d243fb7dade03db7ae3dcb029b306505"
 		score = 70
@@ -341025,8 +341527,8 @@ rule SIGNATURE_BASE_CN_Honker_Getpass_Getpass : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2188-L2204"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2188-L2204"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d18d952b24110b83abd17e042f9deee679de6a1a"
 		logic_hash = "90d802da512f5d460eda6d644660711601d361e2402522d085d3225931a3fca3"
 		score = 70
@@ -341052,8 +341554,8 @@ rule SIGNATURE_BASE_CN_Honker_F4Ck_Team_Blackmoon_Jun15 : FILE
 		modified = "2023-12-05"
 		old_rule_name = "CN_Honker_F4ck_Team_f4ck_3"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2206-L2227"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2206-L2227"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7e3bf9b26df08cfa10f10e2283c6f21f5a3a0014"
 		logic_hash = "85db31c6bca6e5ddd45168a3adbc382d5a9e8128e0b2a6ed5efe1a2fcd42ff3d"
 		score = 70
@@ -341082,8 +341584,8 @@ rule SIGNATURE_BASE_CN_Honker_F4Ck_Team_F4Ck_3 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2229-L2248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2229-L2248"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0b3e9381930f02e170e484f12233bbeb556f3731"
 		logic_hash = "870d22be85da127b3ebfd3f8ec547b6ad1cdc8048b56aea494e8d2643bd61d77"
 		score = 70
@@ -341111,8 +341613,8 @@ rule SIGNATURE_BASE_CN_Honker_ACCESS_Brute : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2250-L2268"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2250-L2268"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f552e05facbeb21cb12f23c34bb1881c43e24c34"
 		logic_hash = "5bd0cbb1c2f5863ef1365dc115c736ade05c290cd6fa09a24c2d344314b522cb"
 		score = 70
@@ -341139,8 +341641,8 @@ rule SIGNATURE_BASE_CN_Honker_Fpipe_Fpipe : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2270-L2286"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2270-L2286"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a2c51c6fa93a3dfa14aaf31fb1c48a3a66a32d11"
 		logic_hash = "bde46f2508dc82f91e39cc7bd88960e836522b068546ce65ebc07db69b3d4493"
 		score = 50
@@ -341165,8 +341667,8 @@ rule SIGNATURE_BASE_CN_Honker_Layer_Layer : FILE
 		date = "2015-06-23"
 		modified = "2022-12-21"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2288-L2305"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2288-L2305"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0f4f27e842787cb854bd61f9aca86a63f653eb41"
 		logic_hash = "03e2d875de6dc45a0cede55071c071944c4cdf4610f52fe4a21f6dd5dedac41d"
 		score = 70
@@ -341191,8 +341693,8 @@ rule SIGNATURE_BASE_CN_Honker_Ms10048_X86 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2307-L2321"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2307-L2321"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e57b453966e4827e2effa4e153f2923e7d058702"
 		logic_hash = "2f67b3be31b1d1eb420b40ec291db7271acd692af9f061d5db17415685cf7546"
 		score = 70
@@ -341215,8 +341717,8 @@ rule SIGNATURE_BASE_CN_Honker_Htran2_4 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2323-L2338"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2323-L2338"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "524f986692f55620013ab5a06bf942382e64d38a"
 		logic_hash = "dd1332d3dca12513b1f8a1d10148f6fa2eb7cc809ac7cf6f4dcc9090746718b5"
 		score = 70
@@ -341240,8 +341742,8 @@ rule SIGNATURE_BASE_CN_Honker_Skinhrootkit_Skinh : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2340-L2356"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2340-L2356"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d593f03ae06e54b653c7850c872c0eed459b301f"
 		logic_hash = "97314a8c908c714c39ea8962c87709fdc422c3e2998a2b1694950fa127204335"
 		score = 70
@@ -341266,8 +341768,8 @@ rule SIGNATURE_BASE_CN_Honker__Postgresql_Mysql_Injectv1_1_Creak_Oracle_Sqlserve
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2358-L2378"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2358-L2378"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ed809a5fb35d36b2a8758e470657bda1a04d80577d5129962cd7d0ab9a80cf8a"
 		score = 70
 		quality = 85
@@ -341296,8 +341798,8 @@ rule SIGNATURE_BASE_CN_Honker__Wwwscan_Wwwscan_Wwwscan_Gui : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2380-L2398"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2380-L2398"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0fd6ab38dca839605c1b7cd51a4a8d3268551f0725ccee7c7521f13d6f9e7076"
 		score = 70
 		quality = 85
@@ -341324,8 +341826,8 @@ rule SIGNATURE_BASE_CN_Honker__LPK_LPK_LPK : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2400-L2421"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2400-L2421"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0309241ed0e899519cf3edd1544a14d09fff4a8162514ae49b3a6b70eda1ed4f"
 		score = 70
 		quality = 85
@@ -341355,8 +341857,8 @@ rule SIGNATURE_BASE_CN_Honker__Builder_Shift_Skinh : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2423-L2444"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2423-L2444"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d15802df98d72b4ef3bac2dfb8ba3338c540ef7290d7ddf9738cf0f7b86e17ea"
 		score = 70
 		quality = 85
@@ -341386,8 +341888,8 @@ rule SIGNATURE_BASE_CN_Honker__Lcx_Htran2_4_Htran20 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2446-L2465"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2446-L2465"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "30184394ad3ec7bf209bb0a22da889699bac6167ecc09e693c88f8643c754394"
 		score = 70
 		quality = 85
@@ -341415,8 +341917,8 @@ rule SIGNATURE_BASE_CN_Honker__D_Injection_V2_32_D_Injection_V2_32_D_Injection_V
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_tools.yar#L2467-L2488"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_tools.yar#L2467-L2488"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5c318c670b3aedf66da1c6444df7d630d2263e88527facfcf75d76dd974e7d31"
 		score = 70
 		quality = 85
@@ -341446,8 +341948,8 @@ rule SIGNATURE_BASE_Tofu_Backdoor
 		date = "2017-02-28"
 		modified = "2023-12-05"
 		reference = "https://www.cylance.com/en_us/blog/the-deception-project-a-new-japanese-centric-threat.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ham_tofu_chches.yar#L11-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ham_tofu_chches.yar#L11-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "67c49456dbe4dc4c8bc54139ce6d493ea5588392d8c64010d029d7a63ac7f976"
 		score = 75
 		quality = 85
@@ -341471,8 +341973,8 @@ rule SIGNATURE_BASE_SUSP_Unsigned_Googleupdate : FILE
 		date = "2019-08-05"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_google_anomaly.yar#L3-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_google_anomaly.yar#L3-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5e333ac773927e2ed1f6aa4d6bbcb63d67bcc8d18d732a84bb68cb503469b247"
 		score = 60
 		quality = 85
@@ -341498,8 +342000,8 @@ rule SIGNATURE_BASE_Hdroot_Sample_Jul17_1 : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "Winnti HDRoot VT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_hdroot.yar#L11-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_hdroot.yar#L11-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "41127e6d70af4b095555285f3d5570fc4dbe2a7918664502057cdc4fed8fab33"
 		score = 75
 		quality = 85
@@ -341524,8 +342026,8 @@ rule SIGNATURE_BASE_Hdroot_Sample_Jul17_2 : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "Winnti HDRoot VT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_hdroot.yar#L28-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_hdroot.yar#L28-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "94288abb5c4da7c4b07eeae55070797af1556dac35ad012aff1bbe8c05e0a215"
 		score = 75
 		quality = 85
@@ -341568,8 +342070,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Jul17_1A : FILE
 		date = "2017-07-07"
 		modified = "2023-12-05"
 		reference = "Winnti HDRoot VT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_hdroot.yar#L66-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_hdroot.yar#L66-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e23af53be3e700055ea6536669065c131e7f674d45e43a389447c8c1f549dee5"
 		score = 75
 		quality = 85
@@ -341597,8 +342099,8 @@ rule SIGNATURE_BASE_SUSP_Adobepdf_SFX_Bitmap_Combo_Executable : FILE
 		date = "2020-11-02"
 		modified = "2023-12-05"
 		reference = "https://mp.weixin.qq.com/s/3Pa3hiuZyQBspDzH0kGSHw"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_icon_anomalies.yar#L3-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_icon_anomalies.yar#L3-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ac515d698507be6085684a6ec4622c6f3c26d0c3a0d94cbbeacfab7dfb9fe135"
 		score = 60
 		quality = 85
@@ -341638,8 +342140,8 @@ rule SIGNATURE_BASE_SUSP_Adobepdf_Bitmap_Executable : FILE
 		date = "2020-11-02"
 		modified = "2023-12-05"
 		reference = "https://mp.weixin.qq.com/s/3Pa3hiuZyQBspDzH0kGSHw"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_icon_anomalies.yar#L39-L68"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_icon_anomalies.yar#L39-L68"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a8ef5ce2e876565c7d6367ce555d00bd3535699f1907f867811f2f6749672c67"
 		score = 60
 		quality = 85
@@ -341673,8 +342175,8 @@ rule SIGNATURE_BASE_SUSP_Office_Dropper_Strings : FILE
 		date = "2018-09-13"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_office_dropper.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_office_dropper.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3a66a86eb99a3e7cd02e3444714c6c88b423cd0ea1e6210bf91da01cf804105f"
 		score = 65
 		quality = 85
@@ -341699,8 +342201,8 @@ rule SIGNATURE_BASE_SUSP_Enablecontent_String_Gen : FILE
 		date = "2019-02-12"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_office_dropper.yar#L19-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_office_dropper.yar#L19-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cde995ab0486fdafdc98e36c28a1f786ee7485387158f7337acd5f7dd0e3fed1"
 		score = 65
 		quality = 85
@@ -341725,8 +342227,8 @@ rule SIGNATURE_BASE_SUSP_Worddoc_VBA_Macro_Strings : FILE
 		date = "2019-02-12"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_office_dropper.yar#L42-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_office_dropper.yar#L42-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "441e4a8e90d6045d0ad6a959ce56e834960c48083343add8e4f519f4b83bc82d"
 		score = 60
 		quality = 85
@@ -341755,8 +342257,8 @@ rule SIGNATURE_BASE_SUSP_Officedoc_VBA_Base64Decode : FILE
 		date = "2019-06-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/cpaton/Scripting/blob/master/VBA/Base64.bas"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_office_dropper.yar#L65-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_office_dropper.yar#L65-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1fb094c9991f93e9d1003832dc11a58efa8281e9fe844e61e27dfd077f55ad39"
 		score = 70
 		quality = 85
@@ -341780,8 +342282,8 @@ rule SIGNATURE_BASE_SUSP_VBA_Filesystem_Access : FILE
 		date = "2019-06-21"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_office_dropper.yar#L82-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_office_dropper.yar#L82-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "13d7e0708968a7700308e6216ea5d0a396f9335137ae1e33c3b34a2f54012ec6"
 		score = 60
 		quality = 85
@@ -341807,8 +342309,8 @@ rule SIGNATURE_BASE_SUSP_Excel_IQY_Remoteuri_Syntax : FILE
 		date = "2018-08-17"
 		modified = "2023-11-25"
 		reference = "https://twitter.com/ItsReallyNick/status/1030330473954897920"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_office_dropper.yar#L102-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_office_dropper.yar#L102-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7033b0a4226dd289ecc670a0807e4159dd4486f52bc80a6b5ddd34d6961ab163"
 		score = 55
 		quality = 85
@@ -341830,8 +342332,8 @@ rule SIGNATURE_BASE_SUSP_Macro_Sheet_Obfuscated_Char : FILE
 		date = "2020-04-07"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DissectMalware/status/1247595433305800706"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_office_dropper.yar#L122-L139"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_office_dropper.yar#L122-L139"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0953d1f916df570cb3d053bf4fdac196bdbd806df4b6c0a982ed9949a3676e6c"
 		score = 65
 		quality = 85
@@ -341857,8 +342359,8 @@ rule SIGNATURE_BASE_MAL_CRIME_Suspicious_Hex_String_Jun21_1 : CRIME PE FILE
 		date = "2021-06-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_crime_unknown.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_crime_unknown.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "73144b14f3aa1a1d82df7710fa47049426bfbddeef75e85c8a0a559ad6ed05a3"
 		score = 65
 		quality = 85
@@ -341884,8 +342386,8 @@ rule SIGNATURE_BASE_MAL_CRIME_Unknown_LNK_Jun21_1 : LNK POWERSHELL FILE
 		date = "2021-06-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_crime_unknown.yar#L18-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_crime_unknown.yar#L18-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "460e764cbd9fbfa1a2156059d0042a0bea5a939d501050a733a789d236015d37"
 		score = 75
 		quality = 85
@@ -341911,8 +342413,8 @@ rule SIGNATURE_BASE_MAL_CRIME_Unknown_ISO_Jun21_1 : ISO POWERSHELL LNK FILE
 		date = "2021-06-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_crime_unknown.yar#L35-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_crime_unknown.yar#L35-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "49b61f498d3f4ee249d9687277e581a39e08ebb4e1a293170058fb5f770bde1f"
 		score = 75
 		quality = 85
@@ -341939,8 +342441,8 @@ rule SIGNATURE_BASE_MAL_Hogfish_Report_Related_Sample : FILE
 		date = "2018-05-01"
 		modified = "2023-12-05"
 		reference = "https://www.accenture.com/t20180423T055005Z__w__/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt10_redleaves.yar#L13-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt10_redleaves.yar#L13-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bff74f7a72a3e40e828284ed37b2f7ea64d8df52e946372d38e379d9b7b7a445"
 		score = 75
 		quality = 85
@@ -341966,8 +342468,8 @@ rule SIGNATURE_BASE_MAL_Redleaves_Apr18_1 : FILE
 		date = "2018-05-01"
 		modified = "2023-12-05"
 		reference = "https://www.accenture.com/t20180423T055005Z__w__/se-en/_acnmedia/PDF-76/Accenture-Hogfish-Threat-Analysis.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt10_redleaves.yar#L33-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt10_redleaves.yar#L33-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e34b95e96de88aef20050b6b9580600365284117918c24f76c884b089fa20623"
 		score = 75
 		quality = 85
@@ -341988,8 +342490,8 @@ rule SIGNATURE_BASE_MAL_UNC2891_Slapstick : FILE
 		date = "2022-03-30"
 		modified = "2023-01-05"
 		reference = "https://github.com/fboldewin/YARA-rules/tree/master"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unc2891_mal_jan23.yar#L19-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unc2891_mal_jan23.yar#L19-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4bc51a47a1b620c3bb950c287c38a37e528e79f9720fb4d9fa9ebecbeca82036"
 		score = 75
 		quality = 85
@@ -342016,8 +342518,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Darkbit_Feb23_1 : FILE
 		date = "2023-02-13"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/idonaor1/status/1624703255770005506?s=12&t=mxHaauzwR6YOj5Px8cIeIw"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ransom_darkbit_feb23.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ransom_darkbit_feb23.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ba1baea7cb7362160c4b00b0355000a789b238c1ec82b840479c04028e6ca3ab"
 		score = 75
 		quality = 85
@@ -342042,8 +342544,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Darkbit_Feb23_2 : FILE
 		date = "2023-02-13"
 		modified = "2023-12-05"
 		reference = "https://www.hybrid-analysis.com/sample/9107be160f7b639d68fe3670de58ed254d81de6aec9a41ad58d91aa814a247ff?environmentId=160"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ransom_darkbit_feb23.yar#L25-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ransom_darkbit_feb23.yar#L25-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "577435536300902811612a3415e82420574c98345b91b21fb2bfd2bfde396bec"
 		score = 75
 		quality = 85
@@ -342070,8 +342572,8 @@ rule SIGNATURE_BASE_APT_Nazar_Svchost_Commands
 		date = "2020-04-26"
 		modified = "2023-12-05"
 		reference = "https://www.epicturla.com/blog/the-lost-nazar"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nazar.yar#L1-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nazar.yar#L1-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c71e8a3b2d69c51ed3f822f62b90906fc0a21d32f1f1850cdef71c335964f9b1"
 		score = 75
 		quality = 85
@@ -342098,8 +342600,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Robinhood_May19_1 : FILE
 		date = "2019-05-15"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/BThurstonCPTECH/status/1128489465327030277"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ransom_robinhood.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ransom_robinhood.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5eef71b94f2488dceff80ec2daba689c12d13b2742ba9ae5ead58711339d6026"
 		score = 75
 		quality = 85
@@ -342128,8 +342630,8 @@ rule SIGNATURE_BASE_Hiddencobra_Rule_1
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-164A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hidden_cobra.yar#L11-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hidden_cobra.yar#L11-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e8bb844d72b7d7564caec0d0842889000c77611eeb24ac5c5cb35072a92c9d10"
 		score = 75
 		quality = 85
@@ -342157,8 +342659,8 @@ rule SIGNATURE_BASE_Hiddencobra_Rule_3
 		date = "2017-06-13"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-164A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hidden_cobra.yar#L52-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hidden_cobra.yar#L52-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6c0e385e46fe9d6cde7d2bc8ef059cfd8c33ef5b17e9fcd7cea97863fb8d2c24"
 		score = 75
 		quality = 85
@@ -342198,8 +342700,8 @@ rule SIGNATURE_BASE_APT_Hiddencobra_Ghostsecret_1 : FILE
 		date = "2018-08-11"
 		modified = "2023-12-05"
 		reference = "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hidden_cobra.yar#L87-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hidden_cobra.yar#L87-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b1e72ca66520152b444cc415bdf54921ebba9671519d3b0327316cee2bf0ba1d"
 		score = 75
 		quality = 85
@@ -342223,8 +342725,8 @@ rule SIGNATURE_BASE_APT_Hiddencobra_Ghostsecret_2 : FILE
 		date = "2018-08-11"
 		modified = "2023-12-05"
 		reference = "https://securingtomorrow.mcafee.com/mcafee-labs/analyzing-operation-ghostsecret-attack-seeks-to-steal-data-worldwide/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hidden_cobra.yar#L103-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hidden_cobra.yar#L103-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "878711f5e1a8a3cfefdaf13fc08a4778fba9d2f729248784cf72b610c8bc5e17"
 		score = 75
 		quality = 85
@@ -342250,8 +342752,8 @@ rule SIGNATURE_BASE_APT_MAL_HOPLIGHT_NK_Hiddencobra_Apr19_1 : FILE
 		date = "2019-04-13"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/analysis-reports/AR19-100A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hidden_cobra.yar#L124-L137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hidden_cobra.yar#L124-L137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6cd036129ea54f4e3a2c52bf9ebd04e2d368e737cf83ca34a8feb79ea477a3af"
 		score = 75
 		quality = 85
@@ -342274,8 +342776,8 @@ rule SIGNATURE_BASE_APT_MAL_HOPLIGHT_NK_Hiddencobra_Apr19_2 : FILE
 		date = "2019-04-13"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/analysis-reports/AR19-100A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hidden_cobra.yar#L139-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hidden_cobra.yar#L139-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "741d69b470ac230d502116ebd5f09bbf4bdbbbdd7e70b97a4bd5d3f2c8e148ef"
 		score = 75
 		quality = 85
@@ -342300,8 +342802,8 @@ rule SIGNATURE_BASE_APT_MAL_HOPLIGHT_NK_Hiddencobra_Apr19_3 : FILE
 		date = "2019-04-13"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/analysis-reports/AR19-100A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hidden_cobra.yar#L156-L185"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hidden_cobra.yar#L156-L185"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5cbdf0c4c5025bc1d95d27a32fa69efb329e8f74243646a31458fea225d21875"
 		score = 75
 		quality = 85
@@ -342336,8 +342838,8 @@ rule SIGNATURE_BASE_MAL_CMD_Script_Obfuscated_Feb19_1 : FILE
 		date = "2019-03-01"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/DbgShell/status/1101076457189793793"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cmd_script_obfuscated.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cmd_script_obfuscated.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "71c8831686796c921674ec293b5bdf2c42ae9069b258c85c9e0ca6a7f972daf8"
 		score = 75
 		quality = 85
@@ -342360,8 +342862,8 @@ rule SIGNATURE_BASE_SUSP_VHD_Suspicious_Small_Size : FILE
 		date = "2019-12-21"
 		modified = "2023-01-27"
 		reference = "https://twitter.com/MeltX0R/status/1208095892877774850"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_vhd_anomaly.yar#L2-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_vhd_anomaly.yar#L2-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0bd5b113714854feaa89d52d4bab6a4a00f0dcb7fd816fa7b036eb43d3ea0dd8"
 		score = 50
 		quality = 83
@@ -342389,8 +342891,8 @@ rule SIGNATURE_BASE_Deeppanda_Sl_Txt_Packed
 		date = "2015-02-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_deeppanda.yar#L3-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_deeppanda.yar#L3-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ffb1d8ea3039d3d5eb7196d27f5450cac0ea4f34"
 		logic_hash = "37f875dcb2c920278c2625085c97a9dcce1907198409595a10e6a3fbce767f35"
 		score = 75
@@ -342420,8 +342922,8 @@ rule SIGNATURE_BASE_Deeppanda_Lot1
 		date = "2015-02-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_deeppanda.yar#L24-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_deeppanda.yar#L24-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5d201a0fb0f4a96cefc5f73effb61acff9c818e1"
 		logic_hash = "92169a1288f30dc6008e1a8c9b2b700f878c90aa09634e36fea586e19657dbd1"
 		score = 75
@@ -342457,8 +342959,8 @@ rule SIGNATURE_BASE_Deeppanda_Htran_Exe
 		date = "2015-02-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_deeppanda.yar#L51-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_deeppanda.yar#L51-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "38e21f0b87b3052b536408fdf59185f8b3d210b9"
 		logic_hash = "9ac5ddc53d3d5292acb3dcf68e66bc3f6ab4b8e61a71597dd84454adc516f95d"
 		score = 75
@@ -342488,8 +342990,8 @@ rule SIGNATURE_BASE_Deeppanda_Trojan_Kakfum
 		date = "2015-02-08"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_deeppanda.yar#L72-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_deeppanda.yar#L72-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0710edea973dce6f5feccf2e7e508cd5f65aa451e0bb5aca503778ffe2363401"
 		score = 75
 		quality = 60
@@ -342518,8 +343020,8 @@ rule SIGNATURE_BASE_EXPL_LOG_Proxynotshell_OWASSRF_Powershell_Proxy_Log_Dec22_1
 		date = "2022-12-22"
 		modified = "2023-12-05"
 		reference = "https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxynotshell_owassrf_dec22.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxynotshell_owassrf_dec22.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1e8f5a3440f8b4b1850fddbd19f63796ad0f28178c678e9f464b7e4ab5ca944f"
 		score = 70
 		quality = 85
@@ -342545,11 +343047,11 @@ rule SIGNATURE_BASE_EXPL_LOG_Proxynotshell_OWASSRF_Powershell_Proxy_Log_Dec22_2
 		date = "2022-12-22"
 		modified = "2023-12-05"
 		reference = "https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxynotshell_owassrf_dec22.yar#L24-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxynotshell_owassrf_dec22.yar#L24-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "73ce86b7a673719c916666fa06963b774edad5b2cd804994614afd83ea75ecef"
 		score = 60
-		quality = 60
+		quality = 85
 		tags = "CVE-2022-41040, CVE-2022-41082"
 
 	strings:
@@ -342572,8 +343074,8 @@ rule SIGNATURE_BASE_EXPL_LOG_Proxynotshell_OWASSRF_Powershell_Proxy_Log_Dec22_3
 		date = "2022-12-22"
 		modified = "2023-12-05"
 		reference = "https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxynotshell_owassrf_dec22.yar#L47-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxynotshell_owassrf_dec22.yar#L47-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "607d3743a46e0c5000b9c7847dd89f5d7ccf29f4f1af9bce6870d7738f071f5c"
 		score = 60
 		quality = 85
@@ -342599,8 +343101,8 @@ rule SIGNATURE_BASE_EXPL_LOG_Proxynotshell_Powershell_Proxy_Log_Dec22_1 : CVE_20
 		date = "2022-12-22"
 		modified = "2023-01-26"
 		reference = "https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_proxynotshell_owassrf_dec22.yar#L68-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_proxynotshell_owassrf_dec22.yar#L68-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f2aac61bc17f74901ec8d638d5cfaaa45bbd2a4e40e5d915bf2a946daed411d2"
 		score = 70
 		quality = 85
@@ -342624,8 +343126,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Msg_CVE_2023_23397_Mar23 : CVE_2023_23397 FILE
 		date = "2023-03-15"
 		modified = "2024-12-03"
 		reference = "https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_outlook_cve_2023_23397.yar#L1-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_outlook_cve_2023_23397.yar#L1-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "47fee24586cd2858cfff2dd7a4e76dc95eb44c8506791ccc2d59c837786eafe3"
 		hash = "582442ee950d546744f2fa078adb005853a453e9c7f48c6c770e6322a888c2cf"
 		hash = "6c0087a5cbccb3c776a471774d1df10fe46b0f0eb11db6a32774eb716e1b7909"
@@ -342657,8 +343159,8 @@ rule SIGNATURE_BASE_EXPL_SUSP_Outlook_CVE_2023_23397_Exfil_IP_Mar23 : CVE_2023_2
 		date = "2023-03-15"
 		modified = "2023-03-18"
 		reference = "https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_outlook_cve_2023_23397.yar#L41-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_outlook_cve_2023_23397.yar#L41-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "47fee24586cd2858cfff2dd7a4e76dc95eb44c8506791ccc2d59c837786eafe3"
 		hash = "582442ee950d546744f2fa078adb005853a453e9c7f48c6c770e6322a888c2cf"
 		hash = "6c0087a5cbccb3c776a471774d1df10fe46b0f0eb11db6a32774eb716e1b7909"
@@ -342691,8 +343193,8 @@ rule SIGNATURE_BASE_EXPL_SUSP_Outlook_CVE_2023_23397_SMTP_Mail_Mar23 : CVE_2023_
 		date = "2023-03-17"
 		modified = "2023-03-24"
 		reference = "https://twitter.com/wdormann/status/1636491612686622723"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_outlook_cve_2023_23397.yar#L83-L112"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_outlook_cve_2023_23397.yar#L83-L112"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a361eb3abf98655f43efff2a5399f112d9ac2d23df85a642ab744c78e98330e0"
 		score = 60
 		quality = 85
@@ -342720,8 +343222,8 @@ rule SIGNATURE_BASE_MAL_WIPER_Caddywiper_Mar22_1 : FILE
 		date = "2022-03-15"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ESETresearch/status/1503436420886712321?s=20&t=xh8JK6fEmRIrnqO7Ih_PNg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ua_caddywiper.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ua_caddywiper.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0d0278596010953e7068979c92a33dc0ace1bfa94979077412128d1ca756f834"
 		score = 85
 		quality = 85
@@ -342749,8 +343251,8 @@ rule SIGNATURE_BASE_Dropper_Deploysmalwareviasideloading
 		date = "2024-04-17"
 		modified = "2024-04-17"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_uscert_ta17-1117a.yar#L9-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_uscert_ta17-1117a.yar#L9-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "51d8a0785bc25cf02460b9b7490ccba3d67806c953e6aa3d3882341ce11857fa"
 		score = 75
 		quality = 85
@@ -342773,8 +343275,8 @@ rule SIGNATURE_BASE_REDLEAVES_Droppedfile_Implantloader_Starburn
 		date = "2024-04-17"
 		modified = "2024-04-17"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_uscert_ta17-1117a.yar#L23-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_uscert_ta17-1117a.yar#L23-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2ebfdaf363ac80bc9bace3056ff86efd9c1b246c6f60373a82df4a0db901a6e3"
 		score = 75
 		quality = 85
@@ -342796,8 +343298,8 @@ rule SIGNATURE_BASE_REDLEAVES_Droppedfile_Obfuscatedshellcodeandrat_Handkerchief
 		date = "2024-04-17"
 		modified = "2024-04-17"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_uscert_ta17-1117a.yar#L36-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_uscert_ta17-1117a.yar#L36-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f91bd1ddd6691a0a5b6ebc6a28d35bb5b2e6c00754f07e58ffb01e06ad590ae3"
 		score = 75
 		quality = 83
@@ -342819,8 +343321,8 @@ rule SIGNATURE_BASE_REDLEAVES_Coreimplant_Uniquestrings : FILE
 		date = "2018-12-20"
 		modified = "2024-04-17"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_uscert_ta17-1117a.yar#L49-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_uscert_ta17-1117a.yar#L49-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ce6ab0f4007f3ea3c31442cab702ad3579faa6835d5ee9b4c03516ce0499bf3e"
 		score = 75
 		quality = 81
@@ -342844,8 +343346,8 @@ rule SIGNATURE_BASE_PLUGX_Redleaves
 		date = "2017-04-03"
 		modified = "2024-04-17"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-117A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_uscert_ta17-1117a.yar#L66-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_uscert_ta17-1117a.yar#L66-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0c52110eb18dcdb7a0d4b8c42f22368acdd1bce44a192abcd71a20bee2705475"
 		score = 75
 		quality = 85
@@ -342882,8 +343384,8 @@ rule SIGNATURE_BASE_MAL_Ryuk_Ransomware : FILE
 		date = "2018-12-31"
 		modified = "2023-12-05"
 		reference = "https://research.checkpoint.com/ryuk-ransomware-targeted-campaign-break/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ryuk_ransomware.yar#L3-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ryuk_ransomware.yar#L3-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "01e8ad348e5954374fc0f9fc25ba1ee83db4a2a50e622b27640aa2eb394dc5a0"
 		score = 75
 		quality = 85
@@ -342910,8 +343412,8 @@ rule SIGNATURE_BASE_Malware_Sakula_Xorloop : FILE
 		date = "2016-06-13"
 		modified = "2023-01-27"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sakula.yar#L1-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sakula.yar#L1-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fc6497fe708dbda9355139721b6181e7"
 		logic_hash = "b3c3131693e18ce2cf26786a93b61d39d90703d8c827de1340f85377fe7b59de"
 		score = 75
@@ -342934,8 +343436,8 @@ rule SIGNATURE_BASE_Malware_Sakula_Memory
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sakula.yar#L20-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sakula.yar#L20-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b3852b9e7f2b8954be447121bb6b65c3"
 		logic_hash = "ba6d93a1fc5fd81748eb462fc55b681987126ba853ddb677a5f1f9b74ba5cde8"
 		score = 75
@@ -342966,8 +343468,8 @@ rule SIGNATURE_BASE_Malware_Sakula_Shellcode
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sakula.yar#L47-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sakula.yar#L47-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0e84d91cd1bb0455ac7d2ca78583510388f39cebd95523c5f6f173a50e0c1951"
 		score = 75
 		quality = 85
@@ -342989,8 +343491,8 @@ rule SIGNATURE_BASE_MAL_WIN_Akira_Apr25 : FILE
 		date = "2025-04-11"
 		modified = "2025-04-16"
 		reference = "https://ish.com.br/wp-content/uploads/2025/04/A-Anatomia-do-Ransomware-Akira-e-sua-expansao-multiplataforma.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_win_akira_apr25.yar#L1-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_win_akira_apr25.yar#L1-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "205589629ead5d3c1d9e914b49c08589"
 		logic_hash = "112f844dff4c48d861f86736503da51e8fbc58805f463df1f9358781034f2e24"
 		score = 90
@@ -343021,8 +343523,8 @@ rule SIGNATURE_BASE_VULN_LNX_OMI_RCE_CVE_2021_386471_Sep21 : CVE_2021_38647 FILE
 		date = "2021-09-16"
 		modified = "2023-12-05"
 		reference = "https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vul_cve_2021_386471_omi.yar#L1-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vul_cve_2021_386471_omi.yar#L1-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "99fddcf763f41a08a8ef8240d544ef67b840a1b5ae709bd7efbcbcad8268e8a5"
 		score = 50
 		quality = 85
@@ -343062,8 +343564,8 @@ rule SIGNATURE_BASE_APT_Pupyrat_PY : FILE
 		date = "2017-02-17"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_magichound.yar#L10-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_magichound.yar#L10-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b30bc3082be3229ea2ef5d7c51ab6f97df2f612c80c45892e1a13fde1fb56725"
 		score = 75
 		quality = 85
@@ -343091,8 +343593,8 @@ rule SIGNATURE_BASE_APT_Magichound_Malmacro : FILE
 		date = "2017-02-17"
 		modified = "2023-12-05"
 		reference = "https://www.secureworks.com/blog/iranian-pupyrat-bites-middle-eastern-organizations"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_magichound.yar#L33-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_magichound.yar#L33-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "198c6e7ab957d5c1bb45449b0b2210532e97ed11700f8435201200746e0dfa48"
 		score = 75
 		quality = 85
@@ -343119,8 +343621,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_SH_Esxi_Attacks_Feb23_1 : FILE
 		date = "2023-02-04"
 		modified = "2023-12-05"
 		reference = "https://www.bleepingcomputer.com/forums/t/782193/esxi-ransomware-help-and-support-topic-esxiargs-args-extension/page-14"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_ransom_esxi_attacks_feb23.yar#L6-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_ransom_esxi_attacks_feb23.yar#L6-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1143ee36603f604874432ee280314a9f62ffe64e58ec5cd4eb114b7b175b365a"
 		score = 85
 		quality = 60
@@ -343146,8 +343648,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_ELF_Esxi_Attacks_Feb23_1 : FILE
 		date = "2023-02-04"
 		modified = "2023-12-05"
 		reference = "https://www.bleepingcomputer.com/forums/t/782193/esxi-ransomware-help-and-support-topic-esxiargs-args-extension/page-14"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_ransom_esxi_attacks_feb23.yar#L30-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_ransom_esxi_attacks_feb23.yar#L30-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "27ff018574323c10821993c30cf74de15121caa92a308fbcae4eceae954e63b6"
 		score = 85
 		quality = 85
@@ -343176,8 +343678,8 @@ rule SIGNATURE_BASE_APT_PY_Esxi_Backdoor_Dec22 : FILE
 		date = "2022-12-14"
 		modified = "2023-12-05"
 		reference = "https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_ransom_esxi_attacks_feb23.yar#L58-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_ransom_esxi_attacks_feb23.yar#L58-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "86b628f007720aa706c30d91e845d867ed481d1e99bcc9315c84a4e0b7b1b2a6"
 		score = 85
 		quality = 85
@@ -343199,8 +343701,8 @@ rule SIGNATURE_BASE_APT_SH_Esxi_Backdoor_Dec22 : FILE
 		date = "2022-12-14"
 		modified = "2023-12-05"
 		reference = "https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_ransom_esxi_attacks_feb23.yar#L73-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_ransom_esxi_attacks_feb23.yar#L73-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "155a90a6c55b99285555634d91a66fca9c7e7297f05314fa4d6ce1d84257ee11"
 		score = 75
 		quality = 85
@@ -343223,8 +343725,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_SH_Esxi_Attacks_Feb23_2 : FILE
 		date = "2023-02-06"
 		modified = "2023-12-05"
 		reference = "https://dev.to/xakrume/esxiargs-encryption-malware-launches-massive-attacks-against-vmware-esxi-servers-pfe"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_ransom_esxi_attacks_feb23.yar#L89-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_ransom_esxi_attacks_feb23.yar#L89-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3f240784873a0239cbf61f7f420fdd72b8992d5943ffc3d4dcad43c836569f4d"
 		score = 85
 		quality = 85
@@ -343245,8 +343747,8 @@ rule SIGNATURE_BASE_SUSP_Esxiargs_Endpoint_Conf_Aug23 : FILE
 		date = "2023-08-04"
 		modified = "2023-12-05"
 		reference = "https://www.bleepingcomputer.com/forums/t/782193/esxi-ransomware-help-and-support-topic-esxiargs-args-extension/page-47"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_ransom_esxi_attacks_feb23.yar#L103-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_ransom_esxi_attacks_feb23.yar#L103-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "794d460eec0e2f0b48e6ced94b125a1e48acde6be6281866e0b4a2ae6c2d3b51"
 		score = 75
 		quality = 85
@@ -343272,8 +343774,8 @@ rule SIGNATURE_BASE_MAL_XMR_Miner_May19_1 : HIGHVOL FILE
 		date = "2019-05-31"
 		modified = "2023-12-05"
 		reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_nansh0u.yar#L15-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_nansh0u.yar#L15-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "85a65fd2355850b7f5261ad41091e181562938356ba3dae7d867f7ac8922a16e"
 		score = 85
 		quality = 85
@@ -343299,8 +343801,8 @@ rule SIGNATURE_BASE_HKTL_CN_Prochook_May19_1 : FILE
 		date = "2019-05-31"
 		modified = "2023-12-05"
 		reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_nansh0u.yar#L38-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_nansh0u.yar#L38-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "de55990c130702a05e96ee769707a81ce0ec58a515d75a9a99b20265ce3db682"
 		score = 75
 		quality = 85
@@ -343319,8 +343821,8 @@ rule SIGNATURE_BASE_SUSP_PDB_CN_Threat_Actor_May19_1 : FILE
 		date = "2019-05-31"
 		modified = "2023-12-05"
 		reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_nansh0u.yar#L52-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_nansh0u.yar#L52-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "adcfe3d4bc6fcaf6be4f70c91fb2150bfa2d61f1ba84f96a0bf0c39ed0380b6a"
 		score = 65
 		quality = 85
@@ -343343,8 +343845,8 @@ rule SIGNATURE_BASE_MAL_Ramnit_May19_1 : FILE
 		date = "2019-05-31"
 		modified = "2023-12-05"
 		reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_nansh0u.yar#L67-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_nansh0u.yar#L67-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "51d574f457c37eba3c29f869e03244b9471be6f6c8319aa0ddfad34be748eb53"
 		score = 75
 		quality = 85
@@ -343363,8 +343865,8 @@ rule SIGNATURE_BASE_MAL_Parite_Malware_May19_1 : FILE
 		date = "2019-05-31"
 		modified = "2023-12-05"
 		reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_nansh0u.yar#L80-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_nansh0u.yar#L80-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b458b05178f18be1e936c1b42bbd91c739f288570fca759b85f1bb143899f1a8"
 		score = 80
 		quality = 85
@@ -343393,8 +343895,8 @@ rule SIGNATURE_BASE_MAL_Parite_Malware_May19_2 : FILE
 		date = "2019-05-31"
 		modified = "2023-12-05"
 		reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_nansh0u.yar#L102-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_nansh0u.yar#L102-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "060a26ed6679b7038f1a89385220ad9112d3102023ea9d141332077f79bbe728"
 		score = 75
 		quality = 85
@@ -343416,8 +343918,8 @@ rule SIGNATURE_BASE_EXPL_Strings_CVE_POC_May19_1 : FILE
 		date = "2019-05-31"
 		modified = "2023-12-05"
 		reference = "https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_nansh0u.yar#L120-L136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_nansh0u.yar#L120-L136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b470e9f5716130d810e519abb8d4e1058b5a806d59ddae53a40cac5597fbb874"
 		score = 80
 		quality = 85
@@ -343442,8 +343944,8 @@ rule SIGNATURE_BASE_APT_KE3CHANG_TMPFILE : APT KE3CHANG TMPFILE FILE
 		date = "2020-06-18"
 		modified = "2023-12-05"
 		reference = "https://app.any.run/tasks/a96f4f9d-c27d-490b-b5d3-e3be0a1c93e9/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ke3chang.yar#L1-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ke3chang.yar#L1-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "75c97fe2eeb82e09f52e98d76bd529824f171da4c802b5febc1036314d8145f0"
 		score = 75
 		quality = 85
@@ -343471,8 +343973,8 @@ rule SIGNATURE_BASE_APT_MAL_Ke3Chang_Ketrican_Jun20_1 : FILE
 		date = "2020-06-18"
 		modified = "2023-12-05"
 		reference = "BfV Cyber-Brief Nr. 01/2020"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ke3chang.yar#L23-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ke3chang.yar#L23-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a2806de18432dbab24f08c7c2863fd694c91192cf7df4388dfeb87b237f22257"
 		score = 75
 		quality = 85
@@ -343499,8 +344001,8 @@ rule SIGNATURE_BASE_BKDR_Snarasite_Oct17 : FILE
 		date = "2017-10-07"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_snarasite.yar#L3-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_snarasite.yar#L3-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "79f49bce6de996d20b64476feb73987fdcd7555963ea1a596648d8702fbd2898"
 		score = 75
 		quality = 85
@@ -343520,11 +344022,11 @@ rule SIGNATURE_BASE_SUSP_Obfuscated_JS_Obfuscatorio : HIGHVOL FILE
 		date = "2021-08-25"
 		modified = "2023-12-05"
 		reference = "https://obfuscator.io"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_js_obfuscatorio.yar#L1-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_js_obfuscatorio.yar#L1-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "813df8459e4a53a084dc1f902713af74747a0c2f4ef535e682de38acba9b0e5e"
 		score = 50
-		quality = 60
+		quality = 85
 		tags = "HIGHVOL, FILE"
 
 	strings:
@@ -343552,8 +344054,8 @@ rule SIGNATURE_BASE_EXP_Libre_Office_CVE_2018_16858 : CVE_2018_16858 FILE
 		date = "2019-02-01"
 		modified = "2023-12-05"
 		reference = "https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2018_16858.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2018_16858.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "95a02b70c117947ff989e3e00868c2185142df9be751a3fefe21f18fa16a1a6f"
 		logic_hash = "6dd34350f24945ba5a594acae96dc00bb200841a645443a70a59006cea1db949"
 		score = 75
@@ -343577,8 +344079,8 @@ rule SIGNATURE_BASE_HKTL_Powersploit
 		date = "2018-06-23"
 		modified = "2023-12-05"
 		reference = "https://www.hybrid-analysis.com/sample/16937e76db6d88ed0420ee87317424af2d4e19117fe12d1364fee35aa2fadb75?environmentId=100"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powersploit_dropper.yar#L1-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powersploit_dropper.yar#L1-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "00bc389147926f3b474a7072381bb8b9cddad3ff581a5d2182006a674e0c0163"
 		score = 75
 		quality = 81
@@ -343602,8 +344104,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_Cudacrt : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "www.kudelskisecurity.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sphinx_moth.yar#L9-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sphinx_moth.yar#L9-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ae7ff3d5ffd29de80ce5dcccde9af04d2537a279fe35f6e94257d59a462ba6a0"
 		score = 75
 		quality = 85
@@ -343629,8 +344131,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_H2T : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "www.kudelskisecurity.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sphinx_moth.yar#L28-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sphinx_moth.yar#L28-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7aca260d415de84cf432b18385db6a9768a036e3bd0a9aa8ded4a1bfcad26d0c"
 		score = 75
 		quality = 85
@@ -343656,8 +344158,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_Iastor32 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "www.kudelskisecurity.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sphinx_moth.yar#L47-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sphinx_moth.yar#L47-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "056949677654a88fb430c988939006dacfefdabbe12824936a01e5aabbb73441"
 		score = 75
 		quality = 85
@@ -343679,8 +344181,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_Kerberos32 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "www.kudelskisecurity.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sphinx_moth.yar#L61-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sphinx_moth.yar#L61-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5b672c9b9b0ffffd8f243832ea217bfc10b08026c71d297ee1047ca999fb829c"
 		score = 75
 		quality = 85
@@ -343713,8 +344215,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_Kerberos64 : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "www.kudelskisecurity.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sphinx_moth.yar#L87-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sphinx_moth.yar#L87-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "13aeb72fcd0f5fd6e73464a90787c756c50569f9eae48945e4ff90d8f9073585"
 		score = 75
 		quality = 85
@@ -343741,8 +344243,8 @@ rule SIGNATURE_BASE_Sphinx_Moth_Nvcplex : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "www.kudelskisecurity.com"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sphinx_moth.yar#L106-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sphinx_moth.yar#L106-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2f851c0ab8c4a426b00addfbe0da7ceebb08e93014efcb11d64247d14fec909b"
 		score = 75
 		quality = 85
@@ -343766,8 +344268,8 @@ rule SIGNATURE_BASE_CN_Honker_Mafix_Root : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L8-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L8-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "826778ef9c22177d41698b467586604e001fed19"
 		logic_hash = "db54561ba4b9c1bd4d9b183658b98f6fd3165b05c8d6d7f006ae3b5fc96ba549"
 		score = 70
@@ -343792,8 +344294,8 @@ rule SIGNATURE_BASE_CN_Honker_Passwd_Dict_3389 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L26-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L26-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2897e909e48a9f56ce762244c3a3e9319e12362f"
 		logic_hash = "2be79fc7388ca12f06577e689944bcfa72ed1e1b6da5a7fa15c8da69a4555a9a"
 		score = 70
@@ -343822,8 +344324,8 @@ rule SIGNATURE_BASE_CN_Honker_Perl_Serv_U : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L48-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L48-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f333c597ff746ebd5a641fbc248497d61e3ec17b"
 		logic_hash = "deb4ee54f9127bc093f96f7dbf3633fbfc3f66358c76fb15928dabbbffdd4963"
 		score = 70
@@ -343847,8 +344349,8 @@ rule SIGNATURE_BASE_CN_Honker_F4Ck_Team_F4Ck : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L65-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L65-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e216f4ba3a07de5cdbb12acc038cd8156618759e"
 		logic_hash = "be4817bcaae952eb13c35dd89606ec733c682b2e197054bb348c3934012bd105"
 		score = 70
@@ -343873,8 +344375,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_3389 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L83-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L83-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f92b74f41a2138cc05c6b6993bcc86c706017e49"
 		logic_hash = "32603edd3f188a9f4919795df04112883d7b88da46b13fcd0b0e0065fd4c016b"
 		score = 70
@@ -343897,8 +344399,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_3389_2 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L99-L114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L99-L114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5ff92f39ade12f8ba6cb75dfdc9bb907e49f0ebd"
 		logic_hash = "637b3368fac624ca78d2f573b8b937b6b265426d7ed923f3a3d06039663c97ad"
 		score = 70
@@ -343922,8 +344424,8 @@ rule SIGNATURE_BASE_CN_Honker_Injection_Transit_Jmcook : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L116-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L116-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5e1851c77ce922e682333a3cb83b8506e1d7395d"
 		logic_hash = "f7a9aca65b92d4b9c787d83a421b54a23844fa8e061c6c627ddde8ab5b7f4396"
 		score = 70
@@ -343947,8 +344449,8 @@ rule SIGNATURE_BASE_CN_Honker_Pwdump7_Pwdump7 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L133-L147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L133-L147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "67d0e215c96370dcdc681bb2638703c2eeea188a"
 		logic_hash = "50e4ec9716b4e9d824fb301bb493dcdcd9782d87c0fb8040b82a87faf56292cb"
 		score = 70
@@ -343971,8 +344473,8 @@ rule SIGNATURE_BASE_CN_Honker_Portrecall_Pr : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L149-L165"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L149-L165"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "583cf6dc2304121d835f2879803a22fea76930f3"
 		logic_hash = "f33373e87887506651b1fac464f860a3cf18ad681ba124b606524f6f2255e693"
 		score = 70
@@ -343997,8 +344499,8 @@ rule SIGNATURE_BASE_CN_Honker_Sig_3389_3389_3 : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L167-L183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L167-L183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "cfedec7bd327897694f83501d76063fe16b13450"
 		logic_hash = "df07958e44c7896bc7bdf2b79bc95969593eb21b9c9ed51213fd15affb731ec2"
 		score = 70
@@ -344023,8 +344525,8 @@ rule SIGNATURE_BASE_CN_Honker_Alien_D : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L185-L203"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L185-L203"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "de9cd4bd72b1384b182d58621f51815a77a5f07d"
 		logic_hash = "2eca697dd1f2ad80c5cd71507cd5f8abd2364b11dfe3206a1043e3d4f5835797"
 		score = 70
@@ -344051,8 +344553,8 @@ rule SIGNATURE_BASE_CN_Honker_Chinachopper_Db : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L205-L221"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L205-L221"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "af79ff2689a6b7a90a5d3c0ebe709e42f2a15597"
 		logic_hash = "b650498df99c4620e3904ce8980cd58eb0cb5e0a7a275d54bdbcc41a687bec8e"
 		score = 70
@@ -344077,8 +344579,8 @@ rule SIGNATURE_BASE_CN_Honker_Syconfig : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L223-L237"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L223-L237"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ff75353df77d610d3bccfbffb2c9dfa258b2fac9"
 		logic_hash = "6b7f918b83bac84df5ac6b247d4162dd385aba0a32570366c62fc4830199e86e"
 		score = 70
@@ -344101,8 +344603,8 @@ rule SIGNATURE_BASE_CN_Honker_Linux_Bin : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L239-L254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L239-L254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "26e71e6ebc6a3bdda9467ce929610c94de8a7ca0"
 		logic_hash = "d02fcf23e46a0b6d44c382e34d73ef6239b6a1afc690e417aa0e6b0898e277c0"
 		score = 70
@@ -344126,8 +344628,8 @@ rule SIGNATURE_BASE_CN_Honker_Intersect2_Beta : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L256-L272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L256-L272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3ba5f720c4994cd4ad519b457e232365e66f37cc"
 		logic_hash = "bc6a83f8f851f7fb5b620be889619fcbd9f34ba27d495c2040e207caf95854bb"
 		score = 70
@@ -344152,8 +344654,8 @@ rule SIGNATURE_BASE_CN_Honker_IIS_Logcleaner1_0_Readme : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L274-L289"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L274-L289"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2ab47d876b49e9a693f602f3545381415e82a556"
 		logic_hash = "3cbd7b2e1710c78bc8ab8d2730cc6da8eb95038f8431d5d0081db984b3d706cf"
 		score = 70
@@ -344177,8 +344679,8 @@ rule SIGNATURE_BASE_CN_Honker_Alien_Command : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L291-L306"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L291-L306"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5896b74158ef153d426fba76c2324cd9c261c709"
 		logic_hash = "a55be30fdb6598669d144308af5a9b6a21ab6140c75fdfc18cecf5d9add4a530"
 		score = 70
@@ -344202,8 +344704,8 @@ rule SIGNATURE_BASE_CN_Honker_Portrecall_Bc : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L308-L324"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L308-L324"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2084990406398afd856b2309c7f579d7d61c3767"
 		logic_hash = "f51644f195e42b91dae80ba1770aeb40790ea8528b6d09f5fed0f71d93bda5fc"
 		score = 70
@@ -344228,8 +344730,8 @@ rule SIGNATURE_BASE_CN_Honker_Tuoku_Script_MSSQL_ : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L326-L342"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L326-L342"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7097c21f92306983add3b5b29a517204cd6cd819"
 		logic_hash = "4d721fd9711799cf3fd8ba6c300e270ed25faa2fb938ea01464e9bc9a3768e22"
 		score = 70
@@ -344254,8 +344756,8 @@ rule SIGNATURE_BASE_CN_Honker_Nc_MOVE : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L344-L360"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L344-L360"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4195370c103ca467cddc8f2724a8e477635be424"
 		logic_hash = "49f41162919bb04744041ae6f7438e61d98fb7d5984a17535d9c4ce4d398671b"
 		score = 70
@@ -344280,8 +344782,8 @@ rule SIGNATURE_BASE_CN_Honker_Mssqlpw_Scan : FILE
 		date = "2015-06-23"
 		modified = "2023-12-05"
 		reference = "Disclosed CN Honker Pentest Toolset"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/cn_pentestset_scripts.yar#L362-L377"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/cn_pentestset_scripts.yar#L362-L377"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e49def9d72bfef09a639ef3f7329083a0b8b151c"
 		logic_hash = "eb3bd38ca317f0b10358581fc3dbb8ca81b991b9a4f4f2d256d81a31028411b9"
 		score = 70
@@ -344306,11 +344808,11 @@ rule SIGNATURE_BASE_SUSP_ENV_Folder_Root_File_Jan23_1 : SCRIPT FILE
 		date = "2023-01-11"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_indicators.yar#L3-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_indicators.yar#L3-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5355ae567e6255e22f566bae9fe50f4995bafba07c261461d37d5b8ba200d33a"
 		score = 70
-		quality = 58
+		quality = 83
 		tags = "SCRIPT, FILE"
 
 	strings:
@@ -344332,8 +344834,8 @@ rule SIGNATURE_BASE_MAL_Gopuram_Apr23 : FILE
 		date = "2023-04-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_gopuram.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_gopuram.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "beb775af5196f30e0ee021790a4978ca7a7ac2a7cf970a5a620ffeb89cc60b2c"
 		hash = "97b95b4a5461f950e712b82783930cb2a152ec0288c00a977983ca7788342df7"
 		logic_hash = "58d978bd09a656f2a10a4d5d2585e51efe5cfb6b6648a4b3c2ce8c4f5d2256d4"
@@ -344357,8 +344859,8 @@ rule SIGNATURE_BASE_CHAOS_Payload : FILE
 		date = "2017-07-15"
 		modified = "2023-12-05"
 		reference = "https://github.com/tiagorlampert/CHAOS"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_chaos_payload.yar#L11-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_chaos_payload.yar#L11-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ca409d3d0430fbc4c5ae52ce22616132da3a90c1ec3889571c6314e8787eee67"
 		score = 80
 		quality = 85
@@ -344382,8 +344884,8 @@ rule SIGNATURE_BASE_APT_Cobaltstrike_Beacon_Indicator : FILE
 		date = "2018-11-09"
 		modified = "2023-12-05"
 		reference = "https://github.com/JPCERTCC/aa-tools/blob/master/cobaltstrikescan.py"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cobaltstrike.yar#L40-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cobaltstrike.yar#L40-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0f429a7a8c8bbea22eba3bbf81e391dab8e957583283a995d1d60d42f17c20e7"
 		score = 75
 		quality = 83
@@ -344405,8 +344907,8 @@ rule SIGNATURE_BASE_HKTL_Cobaltstrike_Beacon_Strings
 		date = "2021-03-16"
 		modified = "2023-12-05"
 		reference = "https://www.elastic.co/blog/detecting-cobalt-strike-with-memory-signatures"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cobaltstrike.yar#L54-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cobaltstrike.yar#L54-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4349a7ad94df2269217b55c2aef9628c4eef078566c276936accdd4f996ba2cf"
 		score = 75
 		quality = 85
@@ -344429,8 +344931,8 @@ rule SIGNATURE_BASE_HKTL_Cobaltstrike_Beacon_XOR_Strings
 		date = "2021-03-16"
 		modified = "2023-12-05"
 		reference = "https://www.elastic.co/blog/detecting-cobalt-strike-with-memory-signatures"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cobaltstrike.yar#L69-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cobaltstrike.yar#L69-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b5009c29055784ce6371100417b862f723d7e3c1b4081c563fcd8770db48051f"
 		score = 75
 		quality = 85
@@ -344457,8 +344959,8 @@ rule SIGNATURE_BASE_HKTL_Cobaltstrike_Beacon_4_2_Decrypt
 		date = "2021-03-16"
 		modified = "2023-12-05"
 		reference = "https://www.elastic.co/blog/detecting-cobalt-strike-with-memory-signatures"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cobaltstrike.yar#L90-L102"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cobaltstrike.yar#L90-L102"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8685b1626c8d263f49ccf129dcd4fe1b42482fcdb37c2e109cedcecaed8c2407"
 		score = 75
 		quality = 85
@@ -344480,8 +344982,8 @@ rule SIGNATURE_BASE_HKTL_Win_Cobaltstrike : COMMODITY
 		date = "2021-05-25"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/05/27/suspected-apt29-operation-launches-election-fraud-themed-phishing-campaigns/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cobaltstrike.yar#L104-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cobaltstrike.yar#L104-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b041efb8ba2a88a3d172f480efa098d72eef13e42af6aa5fb838e6ccab500a7c"
 		logic_hash = "1e8a68050ff25f77e903af2e0a85579be1af77c64684e42e8f357eee4ae59377"
 		score = 75
@@ -344509,12 +345011,12 @@ rule SIGNATURE_BASE_OSX_Backdoor_Evilosx : FILE
 		date = "2018-02-23"
 		modified = "2023-12-05"
 		reference = "https://github.com/Marten4n6/EvilOSX, https://twitter.com/JohnLaTwC/status/966139336436498432"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_osx_evilosx.yar#L1-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_osx_evilosx.yar#L1-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "89e5b8208daf85f549d9b7df8e2a062e47f15a5b08462a4224f73c0a6223972a"
 		logic_hash = "393abf7cf74f8d079049cf8f0bdb3a79bf16185c80c43b823e19b67a9031aef6"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -344538,8 +345040,8 @@ rule SIGNATURE_BASE_APT34_Malware_HTA : FILE
 		date = "2017-12-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt34.yar#L12-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt34.yar#L12-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0bf9b988b3ef46df29e0f91c3ea186aaab8a1ccb79563e97521311bf2e1215d7"
 		score = 75
 		quality = 85
@@ -344568,8 +345070,8 @@ rule SIGNATURE_BASE_APT34_Malware_Exeruner : FILE
 		date = "2017-12-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2017/12/targeted-attack-in-middle-east-by-apt34.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt34.yar#L34-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt34.yar#L34-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "71840d9a0f8a5dc39656e6bf1ad94fa275bcd18baf6b374dfe040c161d62a960"
 		score = 75
 		quality = 85
@@ -344604,8 +345106,8 @@ rule SIGNATURE_BASE_Powershell_Emp_Eval_Jul17_A1 : FILE
 		date = "2017-07-27"
 		modified = "2023-12-05"
 		reference = "PowerShell Empire Eval"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_ps_empire_eval.yar#L11-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_ps_empire_eval.yar#L11-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e77ff4e216601c62a049569a6ea1aae13fc2612b480f4d7fad4e99dc72155da3"
 		score = 65
 		quality = 85
@@ -344629,8 +345131,8 @@ rule SIGNATURE_BASE_Powershell_Emp_Eval_Jul17_A2 : FILE
 		date = "2017-07-27"
 		modified = "2023-12-05"
 		reference = "PowerShell Empire Eval"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_ps_empire_eval.yar#L27-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_ps_empire_eval.yar#L27-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "28f320e721a61d7e2db39830652038eb4090429d73162888570a97b0bc1504d8"
 		score = 65
 		quality = 85
@@ -344654,8 +345156,8 @@ rule SIGNATURE_BASE_SUSP_SFX_Runprogram_Wscript : FILE
 		date = "2018-09-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_sfx.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_sfx.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0d00d83d4b25d80d0ca44fe1c3f3cd33ae5539d2d79c84bfdfcc470669d4f78c"
 		score = 75
 		quality = 85
@@ -344682,8 +345184,8 @@ rule SIGNATURE_BASE_KINS_Dropper
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/arPhm3"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_kins_dropper.yar#L1-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_kins_dropper.yar#L1-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cdab93f823e13e0c3104de8e05cb1572f83fb5294f359698092d73fc7983955b"
 		score = 75
 		quality = 85
@@ -344716,11 +345218,11 @@ rule SIGNATURE_BASE_KINS_DLL_Zeus
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/arPhm3"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_kins_dropper.yar#L28-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_kins_dropper.yar#L28-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bd1ebe7976d1f93856b4f8d1d62d8fff68ce6234204da9fbdc233ddbef56864d"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = ""
 
 	strings:
@@ -344746,8 +345248,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_1 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_pp_zerot.yar#L11-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_pp_zerot.yar#L11-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ad3018e6aa377b5032b04226ecb1e27b2cc7bc8294455ea51e426b5182ed7821"
 		score = 75
 		quality = 85
@@ -344770,8 +345272,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_2 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_pp_zerot.yar#L26-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_pp_zerot.yar#L26-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e31ade3690938fe0999423fbe446d9426e14abd01ebbada4eed8bddb1e2c9ea6"
 		score = 75
 		quality = 85
@@ -344794,8 +345296,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_3 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_pp_zerot.yar#L41-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_pp_zerot.yar#L41-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6920febf177667610e3edb8ba88ec137d085a867c1d6a570d4785fcc9cc62d49"
 		score = 75
 		quality = 85
@@ -344823,8 +345325,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_4 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_pp_zerot.yar#L61-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_pp_zerot.yar#L61-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8011497e7d061a9ebde06667e47b5cd9469a433e0be1401d70637e7ace8e8155"
 		score = 75
 		quality = 85
@@ -344848,8 +345350,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_5 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_pp_zerot.yar#L77-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_pp_zerot.yar#L77-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fbc1a2e078cfae7a9c72612b9c769e84d8c1d59c89e05001571ad00071e38577"
 		score = 75
 		quality = 85
@@ -344876,8 +345378,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_6 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_pp_zerot.yar#L97-L111"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_pp_zerot.yar#L97-L111"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2de78012cc384211cef6c12817fd8cef9d93eef6de3197d0cfec64c1a8022ae3"
 		score = 75
 		quality = 85
@@ -344901,8 +345403,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_7 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_pp_zerot.yar#L113-L129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_pp_zerot.yar#L113-L129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "87ab6cd5c769e7e38bef807fa7d15af3a66fed8fdb7fed49fa62d87e1049ceb4"
 		score = 75
 		quality = 85
@@ -344928,8 +345430,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_8 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_pp_zerot.yar#L131-L147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_pp_zerot.yar#L131-L147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a1d5e72970919cd5c0493f8882cbc6fb1bb3c5b6517813a4022efd0028dfe728"
 		score = 75
 		quality = 85
@@ -344955,8 +345457,8 @@ rule SIGNATURE_BASE_PP_CN_APT_Zerot_9 : FILE
 		date = "2017-02-03"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_pp_zerot.yar#L149-L163"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_pp_zerot.yar#L149-L163"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "af4b85ef01c4fa21a2506369f3bc0f8eff6e95a4cfd494e1ea11a44d75bb024e"
 		score = 75
 		quality = 85
@@ -344980,8 +345482,8 @@ rule SIGNATURE_BASE_CN_APT_Zerot_Nflogger : FILE
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_pp_zerot.yar#L165-L178"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_pp_zerot.yar#L165-L178"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dc9b19e3c4c321cb9f840ec9ff78bec9e4a075cc62ea2823d92a3fbd9f99cc07"
 		score = 75
 		quality = 85
@@ -345004,8 +345506,8 @@ rule SIGNATURE_BASE_CN_APT_Zerot_Extracted_Go : FILE
 		date = "2017-02-04"
 		modified = "2023-01-06"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_pp_zerot.yar#L180-L203"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_pp_zerot.yar#L180-L203"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bf5e2d825e4bd63e94455ffb4013fa1088098a826390c1916c0aa50866588fcb"
 		score = 75
 		quality = 85
@@ -345036,8 +345538,8 @@ rule SIGNATURE_BASE_CN_APT_Zerot_Extracted_Mcutil : FILE
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_pp_zerot.yar#L205-L223"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_pp_zerot.yar#L205-L223"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "edb6000fd65d6593bd94842e60ec099c5a652d10005f81d17063dba1a2e267d2"
 		score = 75
 		quality = 85
@@ -345065,8 +345567,8 @@ rule SIGNATURE_BASE_CN_APT_Zerot_Extracted_Zlh : FILE
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/threat-insight/post/APT-targets-russia-belarus-zerot-plugx"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cn_pp_zerot.yar#L225-L241"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cn_pp_zerot.yar#L225-L241"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "26796f75a8302bd6c93eb3ea43d0491b86770b52bd11aad6e1e250d968a77004"
 		score = 75
 		quality = 85
@@ -345092,8 +345594,8 @@ rule SIGNATURE_BASE_SUSP_LNX_Linux_Malware_Indicators_Aug20_1 : FILE
 		date = "2020-08-03"
 		modified = "2025-02-12"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_lnx_malware_indicators.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_lnx_malware_indicators.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fbe84c936709653480d469a07e284aea7ef68aedaaa4295073ce59d37eb6d791"
 		score = 65
 		quality = 85
@@ -345122,8 +345624,8 @@ rule SIGNATURE_BASE_APT17_Sample_FXSST_DLL : FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/ZiJyQv"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt17_malware.yar#L10-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt17_malware.yar#L10-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "52f1add5ad28dc30f68afda5d41b354533d8bce3"
 		logic_hash = "51d6da6c3ec46dc9e991a6a36de6d79626f1859296cda65e9027951c13aa4cd5"
 		score = 75
@@ -345156,8 +345658,8 @@ rule SIGNATURE_BASE_Fareit_Trojan_Oct15 : FILE
 		date = "2015-10-18"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/5VYtlU"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_fareit.yar#L8-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_fareit.yar#L8-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ef47e81483d5edf67d489a9a35ce56667e293350534e780d7d93b1fbc5f7113a"
 		score = 80
 		quality = 85
@@ -345188,8 +345690,8 @@ rule SIGNATURE_BASE_POSHSPY_Malware
 		date = "2017-07-15"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2017/03/dissecting_one_ofap.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_poshspy.yar#L11-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_poshspy.yar#L11-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e1f8b502950d2f7600041b5492f529682b9f5f2863c36ad40618b5ed78a94567"
 		score = 75
 		quality = 85
@@ -345216,8 +345718,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Embedded_Worddoc : FILE
 		date = "2023-01-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_100days_of_yara_2023.yar#L3-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_100days_of_yara_2023.yar#L3-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "120ca851663ef0ebef585d716c9e2ba67bd4870865160fec3b853156be1159c5"
 		logic_hash = "a53fbfe0ccb5a4ab2320cde10d17f29770d888cf21cda4fdccc3d7ae8d123293"
 		score = 65
@@ -345242,8 +345744,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Smallscreensize
 		date = "2023-01-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_100days_of_yara_2023.yar#L22-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_100days_of_yara_2023.yar#L22-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "285985c21e34f8412b49dbfe04abad9f93af195801d0a8870ec3795b8a9a3787"
 		score = 65
 		quality = 85
@@ -345266,8 +345768,8 @@ rule SIGNATURE_BASE_MAL_Janicab_LNK
 		date = "2023-01-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_100days_of_yara_2023.yar#L46-L68"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_100days_of_yara_2023.yar#L46-L68"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0c7e8427ee61672568983e51bf03e0bcf6f2e9c01d2524d82677b20264b23a3f"
 		hash = "22ede766fba7551ad0b71ef568d0e5022378eadbdff55c4a02b42e63fcb3b17c"
 		hash = "4920e6506ca557d486e6785cb5f7e4b0f4505709ffe8c30070909b040d3c3840"
@@ -345299,8 +345801,8 @@ rule SIGNATURE_BASE_SUSP_ELF_Invalid_Version : FILE
 		date = "2023-01-01"
 		modified = "2023-12-05"
 		reference = "https://tmpout.sh/1/1.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_100days_of_yara_2023.yar#L70-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_100days_of_yara_2023.yar#L70-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "05379bbf3f46e05d385bbd853d33a13e7e5d7d50"
 		logic_hash = "33f096318647867bcd90d7ba77878f43d34477b2b2cbd7410c191e60573d6cd5"
 		score = 55
@@ -345320,8 +345822,8 @@ rule SIGNATURE_BASE_MAL_ELF_Torchtriton : FILE
 		date = "2023-01-02"
 		modified = "2023-12-05"
 		reference = "https://www.bleepingcomputer.com/news/security/pytorch-discloses-malicious-dependency-chain-compromise-over-holidays/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_100days_of_yara_2023.yar#L88-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_100days_of_yara_2023.yar#L88-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2385b29489cd9e35f92c072780f903ae2e517ed422eae67246ae50a5cc738a0e"
 		logic_hash = "12de3c3785aaf3623097db58abfe8ee2cbd9a0e712bf752165952de9a5fdb07d"
 		score = 75
@@ -345352,8 +345854,8 @@ rule SIGNATURE_BASE_MAL_GOLDBACKDOOR_LNK
 		date = "2023-01-02"
 		modified = "2023-12-05"
 		reference = "https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_100days_of_yara_2023.yar#L119-L142"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_100days_of_yara_2023.yar#L119-L142"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "120ca851663ef0ebef585d716c9e2ba67bd4870865160fec3b853156be1159c5"
 		logic_hash = "043d01758c722964e848e51cf2747c5879f03f0fd43af827e2035abf113daf9d"
 		score = 75
@@ -345384,8 +345886,8 @@ rule SIGNATURE_BASE_MAL_EXE_Lockbit_V2 : FILE
 		date = "2023-01-01"
 		modified = "2023-01-06"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_100days_of_yara_2023.yar#L144-L169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_100days_of_yara_2023.yar#L144-L169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "00260c390ffab5734208a7199df0e4229a76261c3f5b7264c4515acb8eb9c2f8"
 		logic_hash = "9472727d75e34d8bf87c56b74a6dfc04052e621b5fe31732ea9a10c76a05e0c0"
 		score = 80
@@ -345416,8 +345918,8 @@ rule SIGNATURE_BASE_MAL_EXE_Prestigeransomware : FILE
 		date = "2023-01-04"
 		modified = "2023-01-06"
 		reference = "https://www.microsoft.com/en-us/security/blog/2022/10/14/new-prestige-ransomware-impacts-organizations-in-ukraine-and-poland/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_100days_of_yara_2023.yar#L171-L195"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_100days_of_yara_2023.yar#L171-L195"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5fc44c7342b84f50f24758e39c8848b2f0991e8817ef5465844f5f2ff6085a57"
 		logic_hash = "2f51ca71d28c8d0df8de22011e16919672d5f9d3f3d94594c5d0cbf7f1585a1e"
 		score = 80
@@ -345446,8 +345948,8 @@ rule SIGNATURE_BASE_MAL_EXE_Royalransomware : FILE
 		date = "2023-01-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_100days_of_yara_2023.yar#L197-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_100days_of_yara_2023.yar#L197-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a8384c9e3689eb72fa737b570dbb53b2c3d103c62d46747a96e1e1becf14dfea"
 		logic_hash = "6f93bade7709945b478cbdc721d85ad9243d56ace19fba25835cec13a6210dfb"
 		score = 75
@@ -345478,8 +345980,8 @@ rule SIGNATURE_BASE_MAL_PY_Dimorf
 		date = "2023-01-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/Ort0x36/Dimorf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_100days_of_yara_2023.yar#L224-L242"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_100days_of_yara_2023.yar#L224-L242"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7499b21f77d07364983b94134a60f7c99e71a5392386437d459a196bf71852fb"
 		score = 75
 		quality = 85
@@ -345505,8 +346007,8 @@ rule SIGNATURE_BASE_ATM_Malware_Loup_1 : FILE
 		date = "2020-08-17"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/r3c0nst/status/1295275546780327936"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_atm_loup.yar#L3-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_atm_loup.yar#L3-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6c9e9f78963ab3e7acb43826906af22571250dc025f9e7116e0201b805dc1196"
 		logic_hash = "5068c3f27cf821f512fb9a473d2bd45066d550f30fbc26f0cbebbe103e6f4ccb"
 		score = 75
@@ -345531,8 +346033,8 @@ rule SIGNATURE_BASE_Xtreme_Sep17_1 : FILE
 		date = "2017-09-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_xtreme_rat.yar#L14-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_xtreme_rat.yar#L14-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa78b43f729032291c27f67dc53bd39a85c9a50323c7adf909ca2a8c5acdd861"
 		score = 75
 		quality = 85
@@ -345561,8 +346063,8 @@ rule SIGNATURE_BASE_Xtreme_Sep17_2 : FILE
 		date = "2017-09-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_xtreme_rat.yar#L39-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_xtreme_rat.yar#L39-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cb86167e0267d52b1b7503abd8f5b988296e3cde12453ace529c4e043d2ca69e"
 		score = 75
 		quality = 85
@@ -345586,8 +346088,8 @@ rule SIGNATURE_BASE_Xtreme_Sep17_3 : FILE
 		date = "2017-09-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_xtreme_rat.yar#L55-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_xtreme_rat.yar#L55-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c110863028ab1f557270e52de608179ce582a47e0a20994f83d385ed285bda9a"
 		score = 75
 		quality = 85
@@ -345612,8 +346114,8 @@ rule SIGNATURE_BASE_Xtreme_RAT_Gen_Imp : FILE
 		date = "2017-09-27"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_xtreme_rat.yar#L71-L86"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_xtreme_rat.yar#L71-L86"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9cfd6473e7f8d1f899fe2cdbb49a4086ea7ac6151602d0964ed28b16d2d0188d"
 		score = 75
 		quality = 85
@@ -345633,8 +346135,8 @@ rule SIGNATURE_BASE_Recon_Commands_Windows_Gen1 : FILE
 		date = "2017-07-10"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/MSJCxP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_recon_indicators.yar#L12-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_recon_indicators.yar#L12-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "36beb09c428949140cb007c1022c385c9a1ae4eea8c1f1a419f96b36b8030c7c"
 		score = 60
 		quality = 85
@@ -345678,8 +346180,8 @@ rule SIGNATURE_BASE_SUSP_Recon_Outputs_Jun20_1 : FILE
 		date = "2020-06-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/cycldek-bridging-the-air-gap/97157/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_recon_indicators.yar#L52-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_recon_indicators.yar#L52-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "652b28bfb45a11eaaee198c76560c1f55edc5b32c5394e606bb5426551260f24"
 		score = 60
 		quality = 85
@@ -345704,8 +346206,8 @@ rule SIGNATURE_BASE_Mimikatz_Memory_Rule_1 : APT
 		date = "2014-12-22"
 		modified = "2023-07-04"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mimikatz.yar#L5-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mimikatz.yar#L5-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "22064af570b8e0a93ca0d45484848eda3fbecfd27c88247ef0897fe53be4b7fc"
 		score = 70
 		quality = 85
@@ -345734,8 +346236,8 @@ rule SIGNATURE_BASE_Mimikatz : FILE
 		date = "2022-11-16"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mimikatz.yar#L48-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mimikatz.yar#L48-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bf972a2c0465c3bbdde6f03d91c6f479d0f66c6d3e9512355de5a973164b56a5"
 		score = 75
 		quality = 85
@@ -345762,8 +346264,8 @@ rule SIGNATURE_BASE_Wce
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mimikatz.yar#L76-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mimikatz.yar#L76-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a16db99dcaaf1b6c33a738aab4f4d3812366258bc2f6dd32250ee1b1a0616f1c"
 		score = 75
 		quality = 85
@@ -345787,8 +346289,8 @@ rule SIGNATURE_BASE_Power_Pe_Injection
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mimikatz.yar#L91-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mimikatz.yar#L91-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "64a7033d51e8933912f37ce68bffc216073a88cae1ea7492e71a812411ae6a9d"
 		score = 75
 		quality = 85
@@ -345809,8 +346311,8 @@ rule SIGNATURE_BASE_Mimikatz_Logfile
 		date = "2015-03-31"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mimikatz.yar#L103-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mimikatz.yar#L103-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4591cda5bd5a555292087da26193accc4f00d7c0611be8d5ab6dd4dabb14a0ef"
 		score = 80
 		quality = 85
@@ -345836,8 +346338,8 @@ rule SIGNATURE_BASE_Mimikatz_Strings : FILE
 		date = "2016-06-08"
 		modified = "2023-12-05"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mimikatz.yar#L121-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mimikatz.yar#L121-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "baba1e159c0fb23f68b80459291a2d2c52e84f742f51ca30b894f7fc6282ad7a"
 		score = 65
 		quality = 85
@@ -345874,8 +346376,8 @@ rule SIGNATURE_BASE_Appinithook : FILE
 		date = "2015-07-15"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/Z292v6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mimikatz.yar#L156-L176"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mimikatz.yar#L156-L176"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e7563e4f2a7e5f04a3486db4cefffba173349911a3c6abd7ae616d3bf08cfd45"
 		logic_hash = "a4de3a062e309715c339a45a16a7ff8f9a55851cb41097a6925fd11f649547d2"
 		score = 70
@@ -345904,8 +346406,8 @@ rule SIGNATURE_BASE_HKTL_Mimikatz_Skeletonkey_In_Memory_Aug20_1
 		date = "2020-08-09"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/sbousseaden/status/1292143504131600384?s=12"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mimikatz.yar#L178-L190"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mimikatz.yar#L178-L190"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0cc9a4d3b63e07a695df342bd2c96a55570502d6fd0ab9a1b61d63e28e1c3e05"
 		score = 75
 		quality = 85
@@ -345927,8 +346429,8 @@ rule SIGNATURE_BASE_HKTL_Mimikatz_Memssp_Hookfn
 		date = "2020-08-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/sbousseaden/YaraHunts/blob/master/mimikatz_memssp_hookfn.yara"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mimikatz.yar#L192-L216"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mimikatz.yar#L192-L216"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "27cf87f801111f17af76ab4c4f8329b73165f24f755d33edbb22d845bba6d3ff"
 		score = 70
 		quality = 85
@@ -345960,8 +346462,8 @@ rule SIGNATURE_BASE_HKTL_Mimikatz_Icon : FILE
 		date = "2023-02-18"
 		modified = "2023-12-05"
 		reference = "https://blog.gentilkiwi.com/mimikatz"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mimikatz.yar#L218-L238"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mimikatz.yar#L218-L238"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a07d477d1645e6df4f0706e44df11ea006c89e4d3218ed18a8a97b60853ff4ff"
 		score = 60
 		quality = 85
@@ -345989,8 +346491,8 @@ rule SIGNATURE_BASE_APT12_Malware_Aug17 : FILE
 		date = "2017-08-30"
 		modified = "2023-12-05"
 		reference = "http://blog.macnica.net/blog/2017/08/post-fb81.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt12_malware.yar#L13-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt12_malware.yar#L13-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0766376689540680f8db699f64aa89fc32ddef619a74864eb816c598b8d08c8a"
 		score = 75
 		quality = 85
@@ -346011,8 +346513,8 @@ rule SIGNATURE_BASE_APT_Fnv1A_Plus_Extra_XOR_In_MSIL_Experimental : FILE
 		date = "2020-12-22"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_backdoor_sunburst_fnv1a_experimental.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_backdoor_sunburst_fnv1a_experimental.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6db212b21fec8d2c1b4cff9e32bdc027835ed660e7552b49f4418e7d0b35ca11"
 		score = 50
 		quality = 85
@@ -346038,8 +346540,8 @@ rule SIGNATURE_BASE_APT_HKTL_Wiper_Whispergate_Jan22_1 : FILE
 		date = "2022-01-16"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ua_wiper_whispergate.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ua_wiper_whispergate.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "72eb50a70b3f2fbb232134ef4706dbb15bdb5893fe06d899bff3b7aacdfadd30"
 		score = 85
 		quality = 85
@@ -346066,8 +346568,8 @@ rule SIGNATURE_BASE_APT_HKTL_Wiper_Whispergate_Jan22_2 : FILE
 		date = "2022-01-16"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ua_wiper_whispergate.yar#L25-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ua_wiper_whispergate.yar#L25-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "87a03e95bc1c33d1b3343ec7369c516bb15791943fbb122de11867ad4bddd565"
 		score = 90
 		quality = 85
@@ -346102,8 +346604,8 @@ rule SIGNATURE_BASE_APT_HKTL_Wiper_Whispergate_Stage3_Jan22 : FILE
 		date = "2022-01-16"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/juanandres_gs/status/1482827018404257792"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ua_wiper_whispergate.yar#L59-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ua_wiper_whispergate.yar#L59-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b06536b6a6eebd5fb398ba2617bf68a5b2c4b0035766b3cd0fc03d95019891ec"
 		score = 75
 		quality = 85
@@ -346126,8 +346628,8 @@ rule SIGNATURE_BASE_MAL_OBFUSC_Unknown_Jan22_1 : FILE
 		date = "2022-01-16"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/juanandres_gs/status/1482827018404257792"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ua_wiper_whispergate.yar#L76-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ua_wiper_whispergate.yar#L76-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "26a295d3b78c3a33d776a648aa0f410ac7cb5021ad9d3b294ff9629d6ba7132a"
 		score = 75
 		quality = 85
@@ -346159,8 +346661,8 @@ rule SIGNATURE_BASE_MAL_Unknown_Discord_Characteristics_Jan22_1 : FILE
 		date = "2022-01-16"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ua_wiper_whispergate.yar#L103-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ua_wiper_whispergate.yar#L103-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f9cf4a15be0ab35a0d0f0c9b1a191f623f905c8fc9da651872de7c025a27a806"
 		score = 75
 		quality = 85
@@ -346183,8 +346685,8 @@ rule SIGNATURE_BASE_EXPL_Exploit_TLB_Scripts : FILE
 		date = "2021-01-26"
 		modified = "2023-12-05"
 		reference = "https://github.com/outflanknl/Presentations/blob/master/Nullcon2020_COM-promise_-_Attacking_Windows_development_environments.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_tlb_scripts.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_tlb_scripts.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "39bf626d60a867d054762043f74e86998d6848439655f84be72003c112db9953"
 		score = 75
 		quality = 85
@@ -346209,8 +346711,8 @@ rule SIGNATURE_BASE_HKTL_FRP_Apr20_1
 		date = "2020-04-07"
 		modified = "2022-11-03"
 		reference = "https://github.com/fatedier/frp"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_frp_proxy.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_frp_proxy.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "21f91fd99aed8b62d804504889c41ca77567fd345cf4ea0ef00161eefa9324a7"
 		score = 70
 		quality = 85
@@ -346237,8 +346739,8 @@ rule SIGNATURE_BASE_HKTL_FRP_INI_Apr20_1 : FILE
 		date = "2020-04-07"
 		modified = "2023-12-05"
 		reference = "Chinese Hacktools OpenDir"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_frp_proxy.yar#L24-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_frp_proxy.yar#L24-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cc997dc876d7a49292b62a0fb4ff12b34dacacfd8a1b90226d6a9aee303cacdf"
 		score = 60
 		quality = 85
@@ -346265,8 +346767,8 @@ rule SIGNATURE_BASE_Gen_Python_Encoded_Adware : FILE
 		date = "2018-03-07"
 		modified = "2023-01-06"
 		reference = "https://twitter.com/JohnLaTwC/status/949048002466914304"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_python_encoded_adware.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_python_encoded_adware.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5d7239be779367e69d2e63ffd9dc6e2a1f79c4e5c6c725e8c5e59a44c0ab2fff"
 		logic_hash = "256b289cfe83384c02aacf9c7e790898ba34988c9be149b39e63791c319bfc4a"
 		score = 75
@@ -346290,8 +346792,8 @@ rule SIGNATURE_BASE_TA17_318B_Volgmer : FILE
 		date = "2017-11-15"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-318B"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_318B.yar#L9-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_318B.yar#L9-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2b3a7e501214767b7d79b33fb560b5611fa3726036a0c98d6f1904a55f306e40"
 		score = 75
 		quality = 85
@@ -346313,8 +346815,8 @@ rule SIGNATURE_BASE_Volgmer_Malware : FILE
 		date = "2017-11-15"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-318B"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_318B.yar#L34-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_318B.yar#L34-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "898c2734c56a40aa4d24c1eac2dfb7dd1f98b0bdf7a11ab518eef282becb84b6"
 		score = 75
 		quality = 85
@@ -346355,8 +346857,8 @@ rule SIGNATURE_BASE_APT_PY_Bluelight_Loader : INKYSQUID
 		date = "2021-06-22"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_inkysquid.yar#L39-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_inkysquid.yar#L39-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e7e18a6d648b1383706439ba923335ac4396f6b5d2a3dc8f30f63ded7df29eda"
 		score = 75
 		quality = 85
@@ -346383,8 +346885,8 @@ rule SIGNATURE_BASE_APT_MAL_Win_Decrok : INKYSQUID
 		date = "2021-06-23"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/08/24/north-korean-bluelight-special-inkysquid-deploys-rokrat/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_inkysquid.yar#L61-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_inkysquid.yar#L61-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6a452d088d60113f623b852f33f8f9acf0d4197af29781f889613fed38f57855"
 		logic_hash = "47fa03e95ac17ba7195858cd63b1769e5d56ab8a5edf872b345989b767050b87"
 		score = 75
@@ -346410,8 +346912,8 @@ rule SIGNATURE_BASE_APT_NK_Scarcruft_RUBY_Shellcode_XOR_Routine : APT
 		date = "2021-05-20"
 		modified = "2023-12-05"
 		reference = "https://medium.com/s2wlab/matryoshka-variant-of-rokrat-apt37-scarcruft-69774ea7bf48"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_inkysquid.yar#L104-L133"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_inkysquid.yar#L104-L133"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a97041a06729d639c22a4ee272cc96555345b692fc0da8b62e898891d02b23ea"
 		score = 75
 		quality = 85
@@ -346435,8 +346937,8 @@ rule SIGNATURE_BASE_APT_NK_Scarcruft_Evolved_ROKRAT : APT FILE
 		date = "2021-07-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/s2wlab/matryoshka-variant-of-rokrat-apt37-scarcruft-69774ea7bf48"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_inkysquid.yar#L135-L179"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_inkysquid.yar#L135-L179"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "01a2f410687c943d6c6e421ffacfe42f9e7b6afb82e43ba03a8d525e075a3a3c"
 		score = 75
 		quality = 85
@@ -346473,8 +346975,8 @@ rule SIGNATURE_BASE_Stuxnet_Malware_1
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stuxnet.yar#L10-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stuxnet.yar#L10-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8caa6bddef3c05e572ef342513190832900dcb1a7a56589ed7df48b3c6992ed1"
 		score = 75
 		quality = 85
@@ -346499,8 +347001,8 @@ rule SIGNATURE_BASE_Stuxnet_Malware_2 : FILE
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stuxnet.yar#L43-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stuxnet.yar#L43-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ecf992f8fd38b1ab3e05bfe05f260bcaf617f168484477aa81acb9b517b9f3e7"
 		score = 75
 		quality = 85
@@ -346524,8 +347026,8 @@ rule SIGNATURE_BASE_Stuxnet_Dll : FILE
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stuxnet.yar#L59-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stuxnet.yar#L59-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0c192153c268fdd330d3b9e2eb0d8383bd50ce6d036409f0cc0c9273ba8201b3"
 		score = 75
 		quality = 85
@@ -346548,8 +347050,8 @@ rule SIGNATURE_BASE_Stuxnet_Shortcut_To : FILE
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stuxnet.yar#L74-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stuxnet.yar#L74-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a8119500d38bcfc60620265386f31899e586f62e1ceeeff365fd0018ab39c30e"
 		score = 75
 		quality = 85
@@ -346572,8 +347074,8 @@ rule SIGNATURE_BASE_Stuxnet_Malware_3 : FILE
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stuxnet.yar#L89-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stuxnet.yar#L89-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d8c546fb74b419d46bab855fa07a55833ab0a23eb4081ce24a5d4ab0e4bf09dc"
 		score = 75
 		quality = 85
@@ -346603,8 +347105,8 @@ rule SIGNATURE_BASE_Stuxnet_Malware_4 : FILE
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stuxnet.yar#L112-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stuxnet.yar#L112-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a4ad77490d17cf897c4639f0b9f9473267886e99a94b4f506670207497117764"
 		score = 75
 		quality = 85
@@ -346630,8 +347132,8 @@ rule SIGNATURE_BASE_Stuxnet_Maindll_Decrypted_Unpacked
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stuxnet.yar#L130-L150"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stuxnet.yar#L130-L150"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bec740cdb4c1748d0fb546691cf8feb38c0e61adad60c069c5866f5034cb7ed9"
 		score = 75
 		quality = 85
@@ -346661,8 +347163,8 @@ rule SIGNATURE_BASE_Stuxnet_S7Hkimdb : FILE
 		date = "2016-07-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stuxnet.yar#L152-L188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stuxnet.yar#L152-L188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a44063b6a542eca17f46802e9f644540f1d6b6cb9777c20ef9ea14e44c341a1c"
 		score = 75
 		quality = 85
@@ -346688,8 +347190,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Agent_Csharp
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e77fcd2ac0c21db54563b15466962a775a5e8ef73cedb3af5cd00d5b0d615e4c"
 		score = 75
 		quality = 85
@@ -346717,8 +347219,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Agent_Powershell_Dropper
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L24-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L24-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "19f56e69685ae8c13b9dd884f8322915835c16e2c6313f01f9fa447218419108"
 		score = 75
 		quality = 85
@@ -346741,8 +347243,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Agent_Powershell_B64Encoded
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L40-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L40-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bcf9a75dbbf90044db76c56ffd07971d4252b0e75d73abf402ca4fadbfb59767"
 		score = 75
 		quality = 85
@@ -346763,8 +347265,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Agent_Py
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L54-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L54-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9b6eba750c96501aae1d86eef458d3e80de665efc7ce9d5aff842bc44363bad2"
 		score = 75
 		quality = 85
@@ -346794,8 +347296,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Agent_Py_B64Encoded
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L77-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L77-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "279fb27637d9b62b484283f778215d042de9fb83110a233e048452e921c540ee"
 		score = 75
 		quality = 85
@@ -346816,8 +347318,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Keylogger_Py
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L91-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L91-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2dc2ce153d559d795f302f5ca4a9ef9e6e5c54762472e38e6f4a26ef8a28a184"
 		score = 75
 		quality = 85
@@ -346842,8 +347344,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Keylogger_File
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L109-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L109-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6d2d677b69eaf31843e8352bfe040c9e5a8d423d17900e022b769d28789f2d98"
 		score = 75
 		quality = 85
@@ -346864,8 +347366,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Xserver_Csharp
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L123-L141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L123-L141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1201ee45df78cf3aec4b4bbb59cb7e4a70af6928895bb7c968ef02075a963405"
 		score = 75
 		quality = 85
@@ -346892,8 +347394,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Xserver_Powershell_B64Encoded
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L143-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L143-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "77315f0fc8387fa87892fc8fcea1f6e8a95560049aaa9a87519859020d0a7a3e"
 		score = 75
 		quality = 85
@@ -346915,8 +347417,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Xserver_Powershell_Dropper
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L157-L168"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L157-L168"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "640c9e52f3cf3df4e954177624e6fba4bab80a2c9442b718fe90e8577dafbbd6"
 		score = 75
 		quality = 85
@@ -346937,8 +347439,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Injector_Bin
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L170-L193"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L170-L193"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c8cd4e3c87c6d80b39069f7a94e512e3f7b739c21f6fd70c2a79829c5a04f32f"
 		score = 75
 		quality = 85
@@ -346970,8 +347472,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Timeliner_Bin
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L195-L213"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L195-L213"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c3a8cddc34134faaab93ee0df0086604e4a7b031530dd65e2e8dab705483305b"
 		score = 75
 		quality = 85
@@ -346998,8 +347500,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Checkadmin_Bin
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L215-L232"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L215-L232"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "784ec960ce2733aebc404ee5c09bb852eb45553ad167db292d05b82feedbd5a6"
 		score = 75
 		quality = 85
@@ -347025,8 +347527,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Getos_Py
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L234-L295"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L234-L295"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2535c01b703c0fcba43e771832db8cd969e4a4b112ef28e4ddfeac6491ba604c"
 		score = 75
 		quality = 85
@@ -347089,8 +347591,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Info_Vbs
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L297-L316"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L297-L316"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e37f8768c7920b8c3d9fdd6bb3a4e748c47a6c06a8aaed01655355ef3d8c3457"
 		score = 75
 		quality = 85
@@ -347118,8 +347620,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Webshell_Console_Jsp
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L318-L335"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L318-L335"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e70c15ef10b63a011edbcedc773a8e2917fd915c3ecc273c3bf2b78eb10fc570"
 		score = 75
 		quality = 85
@@ -347145,8 +347647,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Webshell_Index_Jsp
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L337-L353"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L337-L353"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "870dad9fb5456f8edbd9f3c2d0b8764cf1143399626ce4df53c93919bcb1a0cb"
 		score = 75
 		quality = 85
@@ -347171,8 +347673,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Webshell_Ver_Jsp
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L355-L372"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L355-L372"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ada6de4b07a76e79bb17793cda2b51f96554a35992a73f59c360487638ae3be3"
 		score = 75
 		quality = 85
@@ -347198,8 +347700,8 @@ rule SIGNATURE_BASE_APT_MAL_CN_Wocao_Webshell_Webinfo
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fox-it.com/en/news/whitepapers/operation-wocao-shining-a-light-on-one-of-chinas-hidden-hacking-groups/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_wocao.yar#L374-L394"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_wocao.yar#L374-L394"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "711737a56067f24f422cc7d5aeba4389741fe18a0e66f2715fce626c3b6aef19"
 		score = 75
 		quality = 85
@@ -347227,8 +347729,8 @@ rule SIGNATURE_BASE_PROMETHIUM_NEODYMIUM_Malware_1 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8abDE6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_promethium_neodymium.yar#L10-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_promethium_neodymium.yar#L10-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "143e52eedc5c3be9bbf0f916b232de26e4ed5c7e81e3f77cae70e6af84d31de1"
 		score = 75
 		quality = 85
@@ -347255,8 +347757,8 @@ rule SIGNATURE_BASE_PROMETHIUM_NEODYMIUM_Malware_2 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8abDE6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_promethium_neodymium.yar#L29-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_promethium_neodymium.yar#L29-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2d97ee2698b6a09da7f8c6850583ec7493cc288368b98b20790dd8305521f894"
 		score = 75
 		quality = 85
@@ -347282,8 +347784,8 @@ rule SIGNATURE_BASE_PROMETHIUM_NEODYMIUM_Malware_3 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8abDE6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_promethium_neodymium.yar#L47-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_promethium_neodymium.yar#L47-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "47595e07b59744f520cd9025bcec267384329b7687fd25842f5f7a8f4b360674"
 		score = 75
 		quality = 85
@@ -347309,8 +347811,8 @@ rule SIGNATURE_BASE_PROMETHIUM_NEODYMIUM_Malware_4 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8abDE6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_promethium_neodymium.yar#L65-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_promethium_neodymium.yar#L65-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0e8bb00133a94b29c482b9785048025a62e2706f3653c1915be7b702fbfe48d6"
 		score = 75
 		quality = 85
@@ -347340,8 +347842,8 @@ rule SIGNATURE_BASE_PROMETHIUM_NEODYMIUM_Malware_5 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8abDE6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_promethium_neodymium.yar#L87-L105"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_promethium_neodymium.yar#L87-L105"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "69433fae4d51f7fd7b6f5b683f9c751d0f0352b8ed805a8177085e635eb26260"
 		score = 75
 		quality = 85
@@ -347369,8 +347871,8 @@ rule SIGNATURE_BASE_PROMETHIUM_NEODYMIUM_Malware_6 : FILE
 		date = "2016-12-14"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/8abDE6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_promethium_neodymium.yar#L107-L125"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_promethium_neodymium.yar#L107-L125"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6cfccb863c3ea8f3f60520b0df03eee8e3b754699aa339fea21489d34e29f47b"
 		score = 75
 		quality = 85
@@ -347398,8 +347900,8 @@ rule SIGNATURE_BASE_APT_SAP_Netweaver_Exploitation_Activity_Apr25_1 : SCRIPT CVE
 		date = "2025-04-25"
 		modified = "2025-05-15"
 		reference = "https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_sap_netweaver_apr25.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_sap_netweaver_apr25.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ab6c5e17bba15a3f968bdbe88a8cf4a039c55b6035d91fd3c6b30092be89af5c"
 		score = 70
 		quality = 85
@@ -347421,8 +347923,8 @@ rule SIGNATURE_BASE_APT_SAP_Netweaver_Exploitation_Activity_Apr25_2 : SCRIPT CVE
 		date = "2025-04-25"
 		modified = "2025-05-15"
 		reference = "https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_sap_netweaver_apr25.yar#L16-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_sap_netweaver_apr25.yar#L16-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dfc24a4f359e2bc899ab3924bd342c2c6bd8c757b7c1d3859a47f61b9e4039a9"
 		score = 70
 		quality = 85
@@ -347443,11 +347945,11 @@ rule SIGNATURE_BASE_SUSP_WEBSHELL_Cmd_Indicator_Apr25
 		date = "2025-04-25"
 		modified = "2025-05-07"
 		reference = "https://regex101.com/r/N6oZ2h/2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_sap_netweaver_apr25.yar#L29-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_sap_netweaver_apr25.yar#L29-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b992786a58389749db40fc90363f00c5df374d514374afc2d6fdff4429cb1ec0"
 		score = 60
-		quality = 60
+		quality = 85
 		tags = ""
 
 	strings:
@@ -347465,8 +347967,8 @@ rule SIGNATURE_BASE_APT_Hiddencobra_Enc_PK_Header : HIDDEN_COBRA TYPEFRAME FILE
 		date = "2018-04-12"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ar18_165a.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ar18_165a.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d0c8345b69e5f421fd93bc239031f2e51a120ae64be1eca0c1fdae2aa55ac42a"
 		score = 75
 		quality = 85
@@ -347493,8 +347995,8 @@ rule SIGNATURE_BASE_APT_Hiddencobra_Import_Obfuscation_2 : HIDDEN_COBRA TYPEFRAM
 		date = "2018-04-12"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ar18_165a.yar#L21-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ar18_165a.yar#L21-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d52fc053afc6b3beb35a6dfd0f9b3714a5bad4e9b0dcfcce7be87d65f0a0c23e"
 		score = 75
 		quality = 85
@@ -347524,8 +348026,8 @@ rule SIGNATURE_BASE_APT_NK_AR18_165A_Hiddencobra_Import_Deob : HIDDEN_COBRA TYPE
 		date = "2018-04-12"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ar18_165a.yar#L43-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ar18_165a.yar#L43-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ae769e62fef4a1709c12c9046301aa5d"
 		hash = "e48fe20eblf5a5887f2ac631fed9ed63"
 		logic_hash = "2eff83738ca4f2db8327c1ee2a9539d7ce882a315025a656d391c16079e432cb"
@@ -347552,8 +348054,8 @@ rule SIGNATURE_BASE_APT_NK_AR18_165A_1 : FILE
 		date = "2018-06-15"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/analysis-reports/AR18-165A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ar18_165a.yar#L62-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ar18_165a.yar#L62-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7b87c537c9ff38329a5e1e39d5ad1d6cef724c580f246721443eab603534b29d"
 		score = 75
 		quality = 85
@@ -347577,11 +348079,11 @@ rule SIGNATURE_BASE_Chinachopper_Generic : FILE
 		date = "2015-03-10"
 		modified = "2022-10-27"
 		reference = "https://www.fireeye.com/content/dam/legacy/resources/pdfs/fireeye-china-chopper-report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_webshell_chinachopper.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_webshell_chinachopper.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "34cb81b077d6dae5b4565001b2ab28897c6c554f00aa102601fb9c416c6c0f09"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 
@@ -347603,8 +348105,8 @@ rule SIGNATURE_BASE_Malware_Floxif_Mpsvc_Dll : HIGHVOL FILE
 		date = "2017-04-07"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_floxif.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_floxif.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e51258558dfd9a2c65589100a224492f4582067484c99d405b2d432a48cc6ed8"
 		score = 75
 		quality = 85
@@ -347629,8 +348131,8 @@ rule SIGNATURE_BASE_Shamoon2_Wiper : FILE
 		date = "2016-12-01"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/jKIfGB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_shamoon2.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_shamoon2.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "245b03d9606f2e391f53a60aa333c6b037aa1f013794d83b761813d54782b885"
 		score = 70
 		quality = 85
@@ -347657,8 +348159,8 @@ rule SIGNATURE_BASE_Shamoon2_Comcomp : FILE
 		date = "2016-12-01"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/jKIfGB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_shamoon2.yar#L30-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_shamoon2.yar#L30-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "edebdbcf17bd9fadc67c7d76839cf569f0ea20127d4e0d216411c35e9ba54208"
 		score = 70
 		quality = 85
@@ -347684,8 +348186,8 @@ rule SIGNATURE_BASE_Eldos_Rawdisk : FILE
 		date = "2016-12-01"
 		modified = "2023-01-27"
 		reference = "https://goo.gl/jKIfGB"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_shamoon2.yar#L50-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_shamoon2.yar#L50-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ab09371b91ab6889f342c7992108ad374b5ecf67b6c2144a6282670f177d0f15"
 		score = 50
 		quality = 85
@@ -347717,8 +348219,8 @@ rule SIGNATURE_BASE_APT_IN_TA397_Wmrat : HUNTING
 		date = "2024-11-20"
 		modified = "2025-01-17"
 		reference = "https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta397_dec24.yar#L2-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta397_dec24.yar#L2-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3bf4bbd5564f4381820fb8da5810bd4d9718b5c80a7e8f055961007c6f30da2b"
 		hash = "3e9a08972b8ec9c2e64eeb46ce1db92ae3c40bc8de48d278ba4d436fc3c8b3a4"
 		hash = "40ddb4463be9d8131f363fd78e21d9de5d838a3ec4044526aea45a473d6ddd61"
@@ -347802,8 +348304,8 @@ rule SIGNATURE_BASE_SUSP_RAR_NTFS_ADS : HUNTING FILE
 		date = "2024-12-17"
 		modified = "2025-01-17"
 		reference = "https://www.proofpoint.com/us/blog/threat-insight/hidden-plain-sight-ta397s-new-attack-chain-delivers-espionage-rats"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta397_dec24.yar#L82-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta397_dec24.yar#L82-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bcca4771e8f940ce8cfcff08284545fec6163df549e1fb589d89ca3fa335f04c"
 		score = 70
 		quality = 83
@@ -347839,8 +348341,8 @@ rule SIGNATURE_BASE_SUSP_SVG_JS_Payload_Mar25 : FILE
 		date = "2025-03-20"
 		modified = "2025-03-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_svg_js_phish_mar25.yar#L3-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_svg_js_phish_mar25.yar#L3-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7b4b8e42d4df56412969cd1c38dcb750d21b10a54d257a9b918bd6ae0e0f8d11"
 		hash = "4ae2ebc103f5de7ccfd75603b543d602b5c793e1ef7db19fbb60ff2e42611f75"
 		hash = "b92e9d6f8a516e78b3e848c4b5b2815b406c9478e6be3777f3e784ceedc66f4a"
@@ -347876,11 +348378,11 @@ rule SIGNATURE_BASE_MAL_PE_Type_Babyshark_Loader : FILE
 		date = "2019-02-24"
 		modified = "2023-12-05"
 		reference = "https://unit42.paloaltonetworks.com/new-babyshark-malware-targets-u-s-national-security-think-tanks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_babyshark.yar#L4-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_babyshark.yar#L4-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0ab9a30cb731922d965a9cf58094fea36d5c74b9989324efee603808591ea6a5"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		hash1 = "6f76a8e16908ba2d576cf0e8cdb70114dcb70e0f7223be10aab3a728dc65c41c"
 
@@ -347902,8 +348404,8 @@ rule SIGNATURE_BASE_APT_NK_Babyshark_Kimjoingrat_Apr19_1 : FILE
 		date = "2019-04-27"
 		modified = "2023-12-05"
 		reference = "https://unit42.paloaltonetworks.com/babyshark-malware-part-two-attacks-continue-using-kimjongrat-and-pcrat/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_babyshark.yar#L29-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_babyshark.yar#L29-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3fec0f21e299e09ae9734f256edbbca81a53f860b42e99a78b07d344552f1062"
 		score = 75
 		quality = 85
@@ -347932,8 +348434,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Conticrypter
 		date = "2021-03-17"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ransom_conti.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ransom_conti.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "256fbd028a91da45049e2e861e16e97201f09cb92ab049eda373c80e6a796726"
 		score = 75
 		quality = 85
@@ -347958,8 +348460,8 @@ rule SIGNATURE_BASE_Connectwise_Screenconnect_Authentication_Bypass_Feb_2024_Exp
 		date = "2024-02-20"
 		modified = "2024-02-21"
 		reference = "https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L3-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L3-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f6c7a3aa2ed98e754f9523c55eb035c7bc5f8aea96a6f86c729e9658d78710fb"
 		score = 75
 		quality = 85
@@ -347983,8 +348485,8 @@ rule SIGNATURE_BASE_SUSP_Screenconnect_User_Poc_Com_Unused_Feb24 : FILE
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc/blob/45e5b2f699a4d8f2d59ec3fc79a2e3c99db71882/watchtowr-vs-ConnectWise_2024-02-21.py#L53"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L20-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L20-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2433ad11ca1d9f970eb3c536a13f07e808c2a0b8b0dd625dffbe4947268ab8f5"
 		score = 65
 		quality = 85
@@ -348008,8 +348510,8 @@ rule SIGNATURE_BASE_SUSP_Screenconnect_User_Poc_Com_Used_Feb24 : FILE
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://github.com/watchtowrlabs/connectwise-screenconnect_auth-bypass-add-user-poc/blob/45e5b2f699a4d8f2d59ec3fc79a2e3c99db71882/watchtowr-vs-ConnectWise_2024-02-21.py#L53"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L40-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L40-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "50967a07a9789f20ccbc882c3b9e3142f0c28068c0a58b9d8927d725d02bf289"
 		score = 75
 		quality = 85
@@ -348033,8 +348535,8 @@ rule SIGNATURE_BASE_SUSP_Screenconnect_Exploitation_Artefacts_Feb24 : SCRIPT
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L62-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L62-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6f0d5f878847da1afb0d7b83e84bd337cfa67c36da2cbb33af712ed4ffad490a"
 		score = 75
 		quality = 83
@@ -348082,8 +348584,8 @@ rule SIGNATURE_BASE_SUSP_Command_Line_Combos_Feb24_2 : SCRIPT FILE
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L105-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L105-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0cd7b4771aa8fd622e873c5cdc6689d24394e5faf026b36d5f228ac09f4e0441"
 		score = 75
 		quality = 85
@@ -348105,8 +348607,8 @@ rule SIGNATURE_BASE_SUSP_PS1_Combo_Transfersh_Feb24 : SCRIPT
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L120-L135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L120-L135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "64d4343ecdcbc4a28571557bec2f31c1ff73c2ecf63d0feaa0a71001bb9bf499"
 		score = 70
 		quality = 85
@@ -348130,8 +348632,8 @@ rule SIGNATURE_BASE_MAL_SUSP_RANSOM_Lockbit_Ransomnote_Feb24
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L137-L149"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L137-L149"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1fe07c33de1971b1f9430851dec4b8cd9f3ac7f087f0de18a2da4a390891b674"
 		score = 75
 		quality = 85
@@ -348152,8 +348654,8 @@ rule SIGNATURE_BASE_MAL_SUSP_RANSOM_Lazy_Ransomnote_Feb24
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L151-L163"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L151-L163"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c9416d05f0bd9aab9d6108380c1b5364f4c4e112b6e0726202f083eaacfdcf56"
 		score = 75
 		quality = 85
@@ -348174,8 +348676,8 @@ rule SIGNATURE_BASE_SUSP_MAL_Signingcert_Feb24_1 : CVE_2024_1708 CVE_2024_1709 F
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L166-L184"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L166-L184"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "824efe1fa441322d891805df9a1637ebb44d18889572604acc125bf79a2d1083"
 		score = 75
 		quality = 85
@@ -348201,8 +348703,8 @@ rule SIGNATURE_BASE_MAL_CS_Loader_Feb24_1 : CVE_2024_1708 CVE_2024_1709 FILE
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L186-L206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L186-L206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ae0e25c2dda1b727978977c674e834cd659661c597d88395a6f46ad5a179e9f0"
 		score = 75
 		quality = 85
@@ -348225,8 +348727,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Lockbit_Indicators_Feb24 : CVE_2024_1708 CVE_2024
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L208-L228"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L208-L228"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e4cd6b1a1bc57bf25c71f6bc228f45e4a996f9d9d391aeb3dda9c7d7857610bc"
 		score = 75
 		quality = 85
@@ -348250,8 +348752,8 @@ rule SIGNATURE_BASE_MAL_MSI_Mpyutils_Feb24_1 : CVE_2024_1708 CVE_2024_1709 FILE
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L230-L247"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L230-L247"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ba20db486e5d3c29c9702e10628fb3c0e55e52bbec74e3a86ed6511a6475b82f"
 		score = 70
 		quality = 85
@@ -348275,8 +348777,8 @@ rule SIGNATURE_BASE_MAL_Beacon_Unknown_Feb24_1 : CVE_2024_1708 CVE_2024_1709 FIL
 		date = "2024-02-23"
 		modified = "2024-04-24"
 		reference = "https://www.huntress.com/blog/slashandgrab-screen-connect-post-exploitation-in-the-wild-cve-2024-1709-cve-2024-1708"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L249-L268"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_connectwise_screenconnect_vuln_feb24.yar#L249-L268"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fd6ebc6676d677d6bc19398026eee7b7d2f9727ba7a3c79d1e970a6dc19548aa"
 		score = 75
 		quality = 85
@@ -348302,8 +348804,8 @@ rule SIGNATURE_BASE_Coinminer_Strings : SCRIPT HIGHVOL FILE
 		date = "2018-01-04"
 		modified = "2021-10-26"
 		reference = "https://minergate.com/faq/what-pool-address"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/pua_cryptocoin_miner.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/pua_cryptocoin_miner.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2d63bf90560c83ab6c09e0c82b6a6449bca6e7e7d0945d3782c2fa9a726b2ca1"
 		score = 60
 		quality = 85
@@ -348327,8 +348829,8 @@ rule SIGNATURE_BASE_Coinhive_Javascript_Monerominer : HIGHVOL FILE
 		date = "2018-01-04"
 		modified = "2023-12-05"
 		reference = "https://coinhive.com/documentation/miner"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/pua_cryptocoin_miner.yar#L20-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/pua_cryptocoin_miner.yar#L20-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4146b034a9785f1bb7c60db62db0e478d960f2ac9adb7c5b74b365186578ca47"
 		score = 50
 		quality = 85
@@ -348350,8 +348852,8 @@ rule SIGNATURE_BASE_PUA_Cryptominer_Jan19_1 : FILE
 		date = "2019-01-31"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/pua_cryptocoin_miner.yar#L35-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/pua_cryptocoin_miner.yar#L35-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7097d404e0317230a5f60fc66fbcb2a2a5315f8fd348a7e689aaf75c26684f9e"
 		score = 80
 		quality = 85
@@ -348377,8 +348879,8 @@ rule SIGNATURE_BASE_PUA_Crypto_Mining_Commandline_Indicators_Oct21 : SCRIPT FILE
 		date = "2021-10-24"
 		modified = "2023-12-05"
 		reference = "https://www.poolwatch.io/coin/monero"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/pua_cryptocoin_miner.yar#L54-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/pua_cryptocoin_miner.yar#L54-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7ae1a77d8ff02ec539ce2b8be668530c3f509f0c408dfa7f2b749b0a4d6f45b7"
 		score = 65
 		quality = 85
@@ -348413,8 +348915,8 @@ rule SIGNATURE_BASE_MAL_WIPER_Bibi_Oct23 : FILE
 		date = "2023-11-01"
 		modified = "2023-12-05"
 		reference = "https://x.com/ESETresearch/status/1719437301900595444?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_bibi_wiper_oct23.yar#L24-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_bibi_wiper_oct23.yar#L24-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c22dc994005f91f81d0e8e5f8d400b12ecd28336866bc62b8527e104f6339372"
 		score = 75
 		quality = 85
@@ -348443,8 +348945,8 @@ rule SIGNATURE_BASE_Regin_APT_Kerneldriver_Generic_A : FILE
 		date = "2014-11-23"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_regin_fiveeyes.yar#L14-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_regin_fiveeyes.yar#L14-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1cc367dff184f2b458a2b7c0c88a44095714525ca6bb115d03e6331cf1f22116"
 		score = 75
 		quality = 85
@@ -348479,8 +348981,8 @@ rule SIGNATURE_BASE_Regin_APT_Kerneldriver_Generic_B : FILE
 		date = "2014-11-23"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_regin_fiveeyes.yar#L43-L94"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_regin_fiveeyes.yar#L43-L94"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c2dee4f94f9eefb1c11f6e86144c6bfafc0845768200f5a839ffe3dd5d38294d"
 		score = 75
 		quality = 83
@@ -348534,8 +349036,8 @@ rule SIGNATURE_BASE_Regin_APT_Kerneldriver_Generic_C : FILE
 		date = "2014-11-23"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_regin_fiveeyes.yar#L96-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_regin_fiveeyes.yar#L96-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9454eb8b45a720fbe517caa2221fb0ceedf561902d94cabe513e921cc52fe035"
 		score = 75
 		quality = 85
@@ -348566,8 +349068,8 @@ rule SIGNATURE_BASE_Regin_Sig_Svcsstat : FILE
 		date = "2014-11-26"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_regin_fiveeyes.yar#L126-L143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_regin_fiveeyes.yar#L126-L143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5164edc1d54f10b7cb00a266a1b52c623ab005e2"
 		logic_hash = "2b1fdc2cc8c0aedaf749ee0e87a8853b91735a4e215c65df221a930d4b1d02f7"
 		score = 75
@@ -348595,8 +349097,8 @@ rule SIGNATURE_BASE_Regin_Sample_1 : FILE
 		date = "2014-11-25"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_regin_fiveeyes.yar#L145-L174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_regin_fiveeyes.yar#L145-L174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "773d7fab06807b5b1bc2d74fa80343e83593caf2"
 		logic_hash = "e8291b4a68924dccdd825ee2cc8930acb794e92e0302598872ec78eb0bf8504f"
 		score = 70
@@ -348634,8 +349136,8 @@ rule SIGNATURE_BASE_Regin_Sample_2 : FILE
 		date = "2014-11-26"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_regin_fiveeyes.yar#L176-L203"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_regin_fiveeyes.yar#L176-L203"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a7b285d4b896b66fce0ebfcd15db53b3a74a0400"
 		logic_hash = "a11d03d10661c1fc094450b250056196e5d8d16bd171eba9e37c7524aa2301d2"
 		score = 75
@@ -348673,8 +349175,8 @@ rule SIGNATURE_BASE_Regin_Sample_3 : FILE
 		date = "2014-11-27"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_regin_fiveeyes.yar#L205-L230"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_regin_fiveeyes.yar#L205-L230"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fe1419e9dde6d479bd7cda27edd39fafdab2668d498931931a2769b370727129"
 		logic_hash = "5a0f77f203765f7737c00c3df760ea7f3ed354559aad07f3053173ff09e1ce1a"
 		score = 75
@@ -348709,8 +349211,8 @@ rule SIGNATURE_BASE_Regin_Sample_Set_2 : FILE
 		date = "2014-11-26"
 		modified = "2024-04-24"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_regin_fiveeyes.yar#L232-L264"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_regin_fiveeyes.yar#L232-L264"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "26125cea704532cbc22df46af228299ae810bce60938bee7b067ed273158d76f"
 		score = 75
 		quality = 83
@@ -348753,8 +349255,8 @@ rule SIGNATURE_BASE_Regin_Sample_Set_1 : FILE
 		date = "2014-11-27"
 		modified = "2023-01-06"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_regin_fiveeyes.yar#L266-L296"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_regin_fiveeyes.yar#L266-L296"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7402f409e7dd3180d8e6fe017af19d0a1d0dd86f85279191db1bc8f6c94951ac"
 		score = 75
 		quality = 85
@@ -348793,8 +349295,8 @@ rule SIGNATURE_BASE_Apt_Regin_Legspin : FILE
 		date = "2023-01-27"
 		modified = "2024-04-24"
 		reference = "https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_regin_fiveeyes.yar#L298-L319"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_regin_fiveeyes.yar#L298-L319"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "29105f46e4d33f66fee346cfd099d1cc"
 		logic_hash = "1b026f475fdbb3c97f33895520844fa4944eb2fffc0883502a6cb79162bbd388"
 		score = 75
@@ -348825,8 +349327,8 @@ rule SIGNATURE_BASE_Apt_Regin_Hopscotch : FILE
 		date = "2023-01-27"
 		modified = "2024-04-24"
 		reference = "https://securelist.com/blog/research/68438/an-analysis-of-regins-hopscotch-and-legspin/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_regin_fiveeyes.yar#L321-L342"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_regin_fiveeyes.yar#L321-L342"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6c34031d7a5fc2b091b623981a8ae61c"
 		logic_hash = "33b5fa61aaa802a60f3d42d59eb474222841a8a557b06b23a9e325e922e2cec1"
 		score = 75
@@ -348856,8 +349358,8 @@ rule SIGNATURE_BASE_Regin_Related_Malware
 		date = "2015-06-03"
 		modified = "2024-04-24"
 		reference = "VT Analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_regin_fiveeyes.yar#L344-L367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_regin_fiveeyes.yar#L344-L367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "76c355bfeb859a347e38da89e3d30a6ff1f94229"
 		logic_hash = "61ce7a69ab357740158e355455362a4f5fddc67ee60af120733f509e7407216f"
 		score = 70
@@ -348888,8 +349390,8 @@ rule SIGNATURE_BASE_MAL_Ransomware_Germanwiper : FILE
 		date = "2019-08-05"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/r3c0nst/status/1158326526766657538"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ransom_germanwiper.yar#L1-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ransom_germanwiper.yar#L1-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dcb4f91006a893149a60e9708efb9de809f75c810bddfd2d90c8f6fffa0879ea"
 		score = 75
 		quality = 85
@@ -348921,8 +349423,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Lnkfileoverrfc : FILE
 		date = "2018-09-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_lnk_files.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_lnk_files.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "52ff949a17039c1fa5707ff503aa1a96b3925bdfef01867c9b59a8d72493a84e"
 		score = 65
 		quality = 85
@@ -348946,8 +349448,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Suspiciouscommands : FILE
 		date = "2018-09-18"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_lnk_files.yar#L20-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_lnk_files.yar#L20-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a0380927ebc89e46f9138e01f154113c5e23680cea9b117b47406003ea565c1e"
 		score = 60
 		quality = 81
@@ -348987,8 +349489,8 @@ rule SIGNATURE_BASE_SUSP_DOC_LNK_In_ZIP : FILE
 		date = "2019-07-02"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/RedDrip7/status/1145877272945025029"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_lnk_files.yar#L53-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_lnk_files.yar#L53-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ef4cdaad05af12f210aa6324a1e34a42843f814c59fb0085ac18370917ad4866"
 		score = 50
 		quality = 85
@@ -349010,8 +349512,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_1 : FILE
 		date = "2019-10-02"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_trickbot.yar#L3-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_trickbot.yar#L3-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fef15c0bda6dc2b28f34791da3ca68a03f7368b63ead17e631a2d4f05d1b40e2"
 		score = 75
 		quality = 85
@@ -349039,8 +349541,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_2 : FILE
 		date = "2019-10-02"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_trickbot.yar#L24-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_trickbot.yar#L24-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "185e59c156218b418bec0c94144b19639c17e3a9595d993e3761eae15379f9fb"
 		score = 75
 		quality = 85
@@ -349065,8 +349567,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_3 : FILE
 		date = "2019-10-02"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_trickbot.yar#L40-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_trickbot.yar#L40-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "87860212077b63bf3e4835a3a64b934fc7edd3258355a3e94a69acaba39c2516"
 		score = 75
 		quality = 85
@@ -349092,8 +349594,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_4 : FILE
 		date = "2019-10-02"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_trickbot.yar#L58-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_trickbot.yar#L58-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c109510d86260b4173bbbac5fe69936acb109e7fdbe71fbe2955e5ed85f5cd85"
 		score = 75
 		quality = 85
@@ -349122,8 +349624,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_5 : FILE
 		date = "2019-10-02"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_trickbot.yar#L79-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_trickbot.yar#L79-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e304b236dd58faa0e6fdd73bc93c24f6ff0ec6c1f9a54b104f8e87441834e22b"
 		score = 75
 		quality = 85
@@ -349150,8 +349652,8 @@ rule SIGNATURE_BASE_MAL_Trickbot_Oct19_6 : FILE
 		date = "2019-10-02"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_trickbot.yar#L98-L115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_trickbot.yar#L98-L115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "599b1f56483f4ea267595b90dd4ef93b7e2147e4a0d8449cdd9d2539a96c3f79"
 		score = 75
 		quality = 85
@@ -349177,8 +349679,8 @@ rule SIGNATURE_BASE_EXT_NK_GOLDBACKDOOR_Inital_Shellcode
 		date = "2022-04-21"
 		modified = "2023-12-05"
 		reference = "https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_goldbackdoor.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_goldbackdoor.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4df97181037a580098dbe34d3b6ceab5c7b83932f1831c36ee99876a8f1524f9"
 		score = 80
 		quality = 85
@@ -349204,8 +349706,8 @@ rule SIGNATURE_BASE_EXT_NK_GOLDBACKDOOR_Injected_Shellcode
 		date = "2022-04-21"
 		modified = "2023-12-05"
 		reference = "https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_goldbackdoor.yar#L22-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_goldbackdoor.yar#L22-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b45f408c0f342591e66ef0dfcfc1c09f8558c5e8f4bd7f824b30f00d531c7511"
 		score = 80
 		quality = 85
@@ -349234,8 +349736,8 @@ rule SIGNATURE_BASE_EXT_NK_GOLDBACKDOOR_Generic_Shellcode
 		date = "2022-04-21"
 		modified = "2023-12-05"
 		reference = "https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nk_goldbackdoor.yar#L44-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nk_goldbackdoor.yar#L44-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e046a70b1dee020ba73d960a9d91daaccd0b5c262965c8647f608c5c83a28257"
 		score = 75
 		quality = 85
@@ -349258,8 +349760,8 @@ rule SIGNATURE_BASE_Credentialstealer_Generic_Backdoor : FILE
 		date = "2017-06-07"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_credstealer_generic.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_credstealer_generic.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aa06291a91ac84f80cd2cbe5a01c2cbcc14cf6914da9d1234af9b3d833990551"
 		score = 75
 		quality = 85
@@ -349291,8 +349793,8 @@ rule SIGNATURE_BASE_Gen_Excel_Auto_Open_Evasion : FILE
 		date = "2020-09-24"
 		modified = "2023-12-05"
 		reference = "https://malware.pizza/2020/05/12/evading-av-with-excel-macros-and-biff8-xls/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_excel_auto_open_evasion.yar#L1-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_excel_auto_open_evasion.yar#L1-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e23f9f55e10f3f31a2e76a12b174b6741a2fa1f51cf23dbd69cf169d92c56ed5"
 		logic_hash = "d7d81683b9abd7b89d6d6ee4d14ff37359acd353a6bd1d88bc793525c8f203d9"
 		score = 70
@@ -349320,8 +349822,8 @@ rule SIGNATURE_BASE_APT_MAL_CISA_10365227_03_Clientuploader_Dec21 : FILE
 		date = "2021-12-23"
 		modified = "2021-12-24"
 		reference = "https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-277a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stealer_cisa_ar22_277a.yar#L4-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stealer_cisa_ar22_277a.yar#L4-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "76f552b2416ae2426b73a321485f34a611c2a3c1ca35791bc9f1834072dc28be"
 		score = 80
 		quality = 85
@@ -349348,8 +349850,8 @@ rule SIGNATURE_BASE_APT_MAL_CISA_10365227_01_APPSTORAGE_Dec21 : APPSTORAGE FILE
 		date = "2021-12-23"
 		modified = "2021-12-24"
 		reference = "https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-277a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stealer_cisa_ar22_277a.yar#L25-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stealer_cisa_ar22_277a.yar#L25-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6a46bc4efa1f22d9fc65d946dbaa7b94de6074e65c228373bb6001f152d5b603"
 		score = 80
 		quality = 85
@@ -349378,8 +349880,8 @@ rule SIGNATURE_BASE_APT_MAL_CISA_10365227_02_Clientuploader_Dec21 : FILE
 		date = "2021-12-23"
 		modified = "2021-12-24"
 		reference = "https://www.cisa.gov/uscert/ncas/analysis-reports/ar22-277a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stealer_cisa_ar22_277a.yar#L48-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stealer_cisa_ar22_277a.yar#L48-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f9f82b4577568d0bd60bac0d3132ed7ffcb338f508a8689f3126f3d2440432ef"
 		score = 80
 		quality = 81
@@ -349406,8 +349908,8 @@ rule SIGNATURE_BASE_HKTL_NFS_Fuse_NFS
 		date = "2024-10-22"
 		modified = "2025-03-20"
 		reference = "https://github.com/hvs-consulting/nfs-security-tooling"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/hktl_HvS_nfs_security_tooling.yar#L1-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/hktl_HvS_nfs_security_tooling.yar#L1-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0bd3714b865d77660404e5f3ed1e9c7b55aadc6f58d16761111be57597784686"
 		score = 75
 		quality = 85
@@ -349436,8 +349938,8 @@ rule SIGNATURE_BASE_HKTL_NFS_NFS_Analyze
 		date = "2024-10-22"
 		modified = "2025-03-20"
 		reference = "https://github.com/hvs-consulting/nfs-security-tooling"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/hktl_HvS_nfs_security_tooling.yar#L26-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/hktl_HvS_nfs_security_tooling.yar#L26-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "83a9e5b5b404bf28b0334611fe4f38227212783cecea3c9996d23cb00cad42ed"
 		score = 75
 		quality = 85
@@ -349470,8 +349972,8 @@ rule SIGNATURE_BASE_Casper_Backdoor_X86 : FILE
 		date = "2015-03-05"
 		modified = "2023-01-27"
 		reference = "http://goo.gl/VRJNLo"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_casper.yar#L4-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_casper.yar#L4-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f4c39eddef1c7d99283c7303c1835e99d8e498b0"
 		logic_hash = "027457a3d86c0a7924fd6eb09c4a753cc846ba45f0b04257d9eec396bbc27f75"
 		score = 80
@@ -349506,8 +350008,8 @@ rule SIGNATURE_BASE_Casper_EXE_Dropper
 		date = "2015-03-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/VRJNLo"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_casper.yar#L37-L58"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_casper.yar#L37-L58"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e4cc35792a48123e71a2c7b6aa904006343a157a"
 		logic_hash = "8ffba5598078fdadf2d9e8ee7fe0fef8b3b89517490a379d46cab33cd0036d6e"
 		score = 80
@@ -349537,8 +350039,8 @@ rule SIGNATURE_BASE_Casper_Included_Strings : FILE
 		date = "2015-03-06"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/VRJNLo"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_casper.yar#L60-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_casper.yar#L60-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8796f45e459747db6bc08f362db7b152242f9f5bda3b72ddfc739cc9dcdfc55f"
 		score = 50
 		quality = 85
@@ -349568,8 +350070,8 @@ rule SIGNATURE_BASE_Casper_Systeminformation_Output
 		date = "2015-03-06"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/VRJNLo"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_casper.yar#L85-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_casper.yar#L85-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "83c6216bc3e7fadfe81b9bbaca7b14e3398e972f8298c99a8eb576a40e4b4e1b"
 		score = 70
 		quality = 85
@@ -349598,8 +350100,8 @@ rule SIGNATURE_BASE_Gen_Excel_Xll_Addin_Suspicious : FILE
 		date = "2020-10-16"
 		modified = "2023-12-05"
 		reference = "https://gist.github.com/ryhanson/227229866af52e2d963cf941af135a52"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_excel_xll_addin_suspicious.yar#L3-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_excel_xll_addin_suspicious.yar#L3-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d8c3f00ef05b0b84e4c4d655d01eab6f6e67714619695fd1433726e5a940e530"
 		score = 65
 		quality = 85
@@ -349636,8 +350138,8 @@ rule SIGNATURE_BASE_Mal_Lockbit4_Packed_Feb24 : FILE
 		date = "2024-02-16"
 		modified = "2025-03-20"
 		reference = "https://0x0d4y.blog/lockbit4-0-evasion-tales/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_lockbit4_packed_win_feb24.yar#L1-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_lockbit4_packed_win_feb24.yar#L1-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "15796971d60f9d71ad162060f0f76a02"
 		logic_hash = "07281fd86efbb7167ba1cc0c6f6897418751df1a3697869e51f806c26641e365"
 		score = 100
@@ -349667,8 +350169,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_POC_Vmware_Workspace_ONE_CVE_2022_22954_Apr22_1 :
 		modified = "2025-03-29"
 		old_rule_name = "EXPL_POC_VMWare_Workspace_ONE_CVE_2022_22954_Apr22"
 		reference = "https://twitter.com/rwincey/status/1512241638994853891/photo/1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2022_22954_vmware_workspace_one.yar#L2-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2022_22954_vmware_workspace_one.yar#L2-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "20c1d55e29b777cca3cb8e92fbe45e23e6bbf972167dee8b0a012d9ff12f3841"
 		score = 60
 		quality = 85
@@ -349704,8 +350206,8 @@ rule SIGNATURE_BASE_LOG_SUSP_EXPL_POC_Vmware_Workspace_ONE_CVE_2022_22954_Apr22_
 		modified = "2025-03-29"
 		old_rule_name = "EXPL_POC_VMWare_Workspace_ONE_CVE_2022_22954_Apr22"
 		reference = "https://twitter.com/rwincey/status/1512241638994853891/photo/1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2022_22954_vmware_workspace_one.yar#L36-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2022_22954_vmware_workspace_one.yar#L36-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3c383f197da1e043e632c4d4de03fa7ff42e3fb6fa7824f326874446bcd13588"
 		score = 60
 		quality = 85
@@ -349728,8 +350230,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Notable_Strings : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_cyclops_blink.yar#L6-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_cyclops_blink.yar#L6-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fdd3a1de9d178370fcc66dbca4628d7bedfbc002bca9e463e11cb444302900ea"
 		score = 75
 		quality = 85
@@ -349763,8 +350265,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Module_Initialisation : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_cyclops_blink.yar#L39-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_cyclops_blink.yar#L39-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8bde37f642cf07e323beabaacd5c62f8422b451777fc1fc4a6bdf474db49de12"
 		score = 75
 		quality = 85
@@ -349788,8 +350290,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Modified_Install_Upgrade : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_cyclops_blink.yar#L57-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_cyclops_blink.yar#L57-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "69b89dbaf3e2661f376ff1be7c19e96c82bf84fd572fea422c109f8afdd1e5aa"
 		score = 75
 		quality = 85
@@ -349822,8 +350324,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Core_Command_Check : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_cyclops_blink.yar#L90-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_cyclops_blink.yar#L90-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "71c9da1f0e9e64be87293c985f2a4a59a6c87ffd127ce5104ebe95a0ccb316af"
 		score = 50
 		quality = 85
@@ -349846,8 +350348,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Config_Identifiers : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_cyclops_blink.yar#L106-L126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_cyclops_blink.yar#L106-L126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6fa39442d717a69dd6f31a4bb2e5865c3f16156ce24a2b419d95ed751bb0d8ee"
 		score = 75
 		quality = 85
@@ -349872,8 +350374,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Handle_Mod_0Xf_Command : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_cyclops_blink.yar#L128-L150"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_cyclops_blink.yar#L128-L150"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6e3eebe404c8cd24e1e16eb3c881b1eda78ba6b365bf89c2557329e6f89396ac"
 		score = 75
 		quality = 85
@@ -349900,8 +350402,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Default_Config_Values : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_cyclops_blink.yar#L152-L174"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_cyclops_blink.yar#L152-L174"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "180993057c110c0c0327b673c6d6e251534012de51cf6475838691e0942a1aa8"
 		score = 75
 		quality = 85
@@ -349928,8 +350430,8 @@ rule SIGNATURE_BASE_APT_Sandworm_Cyclopsblink_Handle_Mod_0X51_Command : FILE
 		date = "2022-02-23"
 		modified = "2023-12-05"
 		reference = "https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sandworm_cyclops_blink.yar#L176-L200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sandworm_cyclops_blink.yar#L176-L200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8a68f4a5f5b7a45819e9a198881aa41b75a65181b63788c8b824b339bfd6fc67"
 		score = 75
 		quality = 85
@@ -349959,8 +350461,8 @@ rule SIGNATURE_BASE_Pupy_Backdoor : FILE
 		date = "2017-08-11"
 		modified = "2023-12-05"
 		reference = "https://github.com/n1nj4sec/pupy-binaries"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_pupy_rat.yar#L13-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_pupy_rat.yar#L13-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0b12376c9cddc71f584314b07fb29fac189349b526c6d5028f475fa3984401ae"
 		score = 75
 		quality = 85
@@ -349998,8 +350500,8 @@ rule SIGNATURE_BASE_APT17_Malware_Oct17_1 : FILE
 		date = "2017-10-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/puVc9q"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt17_mal_sep17.yar#L13-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt17_mal_sep17.yar#L13-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0c4391b47df0c40dbd605515992e5eaa758d0e509e9ad24b517d104b8e7d504c"
 		score = 75
 		quality = 85
@@ -350026,8 +350528,8 @@ rule SIGNATURE_BASE_APT17_Malware_Oct17_2 : FILE
 		date = "2017-10-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/puVc9q"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt17_mal_sep17.yar#L31-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt17_mal_sep17.yar#L31-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "378a21edeaf36267986bd5158fe736b0970b0b9f0ad824f09dc6434a9ba1d7e2"
 		score = 75
 		quality = 85
@@ -350061,8 +350563,8 @@ rule SIGNATURE_BASE_APT17_Unsigned_Symantec_Binary_EFA : FILE
 		date = "2017-10-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/puVc9q"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt17_mal_sep17.yar#L61-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt17_mal_sep17.yar#L61-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7306c8ae2be4dbf56957e11d78ba85bcfa1c8570ba41f749ea5b0e2a05e9df7b"
 		score = 75
 		quality = 85
@@ -350087,8 +350589,8 @@ rule SIGNATURE_BASE_APT17_Malware_Oct17_Gen : FILE
 		date = "2017-10-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/puVc9q"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt17_mal_sep17.yar#L77-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt17_mal_sep17.yar#L77-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3e0e4a989a907f5f1aaac4ba43611dd0d2e4b4fd340234f04b3fce25843f9dc6"
 		score = 75
 		quality = 85
@@ -350122,8 +350624,8 @@ rule SIGNATURE_BASE_Whosthere_Alt : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_passthehashtoolkit.yar#L10-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_passthehashtoolkit.yar#L10-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9b4c3691872ca5adf6d312b04190c6e14dd9cbe10e94c0dd3ee874f82db897de"
 		logic_hash = "ef7bccb8f63034b885cfaec27663c9b038cd9b1811b4f25a9eae28640dac248b"
 		score = 80
@@ -350153,8 +350655,8 @@ rule SIGNATURE_BASE_Iam_Alt_Iam_Alt : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_passthehashtoolkit.yar#L33-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_passthehashtoolkit.yar#L33-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2ea662ef58142d9e340553ce50d95c1b7a405672acdfd476403a565bdd0cfb90"
 		logic_hash = "acd4dae57e8394d4ce2f3dfb44706ea35c3d684ab34fd0c707b6aeedd816280a"
 		score = 80
@@ -350184,8 +350686,8 @@ rule SIGNATURE_BASE_Genhash_Genhash : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_passthehashtoolkit.yar#L56-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_passthehashtoolkit.yar#L56-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "113df11063f8634f0d2a28e0b0e3c2b1f952ef95bad217fd46abff189be5373f"
 		logic_hash = "fe1ebe7ea94351610e0042eab020d155cbab26d790477909467c9b5a827fb6d6"
 		score = 80
@@ -350212,8 +350714,8 @@ rule SIGNATURE_BASE_Iam_Iamdll : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_passthehashtoolkit.yar#L76-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_passthehashtoolkit.yar#L76-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "892de92f71941f7b9e550de00a57767beb7abe1171562e29428b84988cee6602"
 		logic_hash = "ef7c66d2e1204a43921b6701812ea8a7bfa8e39e24d9396c95b725a4a4171010"
 		score = 80
@@ -350238,8 +350740,8 @@ rule SIGNATURE_BASE_Iam_Iam : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_passthehashtoolkit.yar#L94-L114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_passthehashtoolkit.yar#L94-L114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8a8fcce649259f1b670bb1d996f0d06f6649baa8eed60db79b2c16ad22d14231"
 		logic_hash = "f170f6f71b81a674a269ddd441c77a43afbbfe2870e1d0c4101abd2e58bff0b0"
 		score = 80
@@ -350268,8 +350770,8 @@ rule SIGNATURE_BASE_Whosthere_Alt_Pth : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_passthehashtoolkit.yar#L116-L134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_passthehashtoolkit.yar#L116-L134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fbfc8e1bc69348721f06e96ff76ae92f3551f33ed3868808efdb670430ae8bd0"
 		logic_hash = "137b0dae105f97b5d4352d16e52144e72306e61be57c5d93df77ad3f5808018e"
 		score = 80
@@ -350296,8 +350798,8 @@ rule SIGNATURE_BASE_Whosthere : FILE
 		date = "2015-07-10"
 		modified = "2023-12-05"
 		reference = "http://www.coresecurity.com/corelabs-research/open-source-tools/pass-hash-toolkit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_passthehashtoolkit.yar#L136-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_passthehashtoolkit.yar#L136-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d7a82204d3e511cf5af58eabdd6e9757c5dd243f9aca3999dc0e5d1603b1fa37"
 		logic_hash = "a13c8a1fc66381b040d6449fe9655191d7a1762da0dc70789cd497fb68fb2a55"
 		score = 80
@@ -350325,8 +350827,8 @@ rule SIGNATURE_BASE_Crimsonrat_Mar18_1 : FILE
 		date = "2018-03-06"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_crimson_rat.yar#L11-L42"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_crimson_rat.yar#L11-L42"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "59b01a98a70c4bac08d396418fac24eb96e461a45502f63edc2a9aa87e05f960"
 		score = 75
 		quality = 85
@@ -350364,11 +350866,11 @@ rule SIGNATURE_BASE_EXPL_CVE_2021_31166_Accept_Encoding_May21_1 : CVE_2021_31166
 		date = "2021-05-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/0vercl0k/CVE-2021-31166"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2021_31166.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2021_31166.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5bb5b4093a7abe9d4297a4c047803b92f7c08f56f15b0f7bd163203ae47e026d"
 		score = 70
-		quality = 60
+		quality = 85
 		tags = "CVE-2021-31166"
 
 	strings:
@@ -350386,8 +350888,8 @@ rule SIGNATURE_BASE_CVE_2014_4076_Exploitcode : CVE_2014_4076 FILE
 		date = "2018-04-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/yarGen"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2014_4076.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2014_4076.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "96b8743de8b3968d64b74af93f5e61574a3b31d33df6d51e944b4f02c7b9723e"
 		score = 75
 		quality = 85
@@ -350414,11 +350916,11 @@ rule SIGNATURE_BASE_SUSP_Macos_Plist_Suspicious : FILE
 		modified = "2025-06-03"
 		old_rule_name = "gen_malware_MacOS_plist_suspicious"
 		reference = "https://objective-see.com/blog/blog_0x3A.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_malware_MacOS_plist_suspicious.yar#L1-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_malware_MacOS_plist_suspicious.yar#L1-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "52076ec107b5bcbbe35265dfc4034a6a25a453459d22392848980b22115f68bc"
 		score = 60
-		quality = 58
+		quality = 83
 		tags = "FILE"
 		hash1 = "0541fc6a11f4226d52ae3d4158deb8f50ed61b25bb5f889d446102e1ee57b76d"
 		hash2 = "6cc6abec7d203f99c43ce16630edc39451428d280b02739757f17fd01fc7dca3"
@@ -350474,8 +350976,8 @@ rule SIGNATURE_BASE_SUSP_Two_Byte_XOR_PE_And_MZ : FILE
 		date = "2021-10-11"
 		modified = "2023-12-05"
 		reference = "https://gist.github.com/wxsBSD/bf7b88b27e9f879016b5ce2c778d3e83"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_xored_pe.yar#L2-L13"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_xored_pe.yar#L2-L13"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8a43ff9ec966df72ef35fb9ba9bbbd6f8b0f3761669bb91dc5919645d6327174"
 		score = 70
 		quality = 85
@@ -350493,8 +350995,8 @@ rule SIGNATURE_BASE_SUSP_Four_Byte_XOR_PE_And_MZ : FILE
 		date = "2021-10-11"
 		modified = "2023-12-05"
 		reference = "https://gist.github.com/wxsBSD/bf7b88b27e9f879016b5ce2c778d3e83"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_xored_pe.yar#L15-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_xored_pe.yar#L15-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "28230cd3c1d1da97a98df09243593eb59b57f376f651d5f22c3ea5903f0f73e4"
 		score = 70
 		quality = 85
@@ -350512,8 +351014,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Xsltransform_Aug21 : FILE
 		date = "2020-02-23"
 		modified = "2023-12-05"
 		reference = "https://gist.github.com/JohnHammond/cdae03ca5bc2a14a735ad0334dcb93d6"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/webshell_xsl_transform.yar#L1-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/webshell_xsl_transform.yar#L1-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3ac0b50adc4c56769d0248e213e9426a22e0f5086bf081da57f835ff1c77b716"
 		score = 75
 		quality = 85
@@ -350539,8 +351041,8 @@ rule SIGNATURE_BASE_Gen_Exploit_CVE_2017_10271_Weblogic : HIGHVOL CVE_2017_10271
 		date = "2018-03-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/c0mmand3rOpSec/CVE-2017-10271, https://www.fireeye.com/blog/threat-research/2018/02/cve-2017-10271-used-to-deliver-cryptominers.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_exploit_cve_2017_10271_weblogic.yar#L1-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_exploit_cve_2017_10271_weblogic.yar#L1-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "01e4f7b1c9c068f3953fa58749a14ea148d2b038c7266da789e0998eae83e1a7"
 		score = 75
 		quality = 85
@@ -350571,8 +351073,8 @@ rule SIGNATURE_BASE_Hvs_APT37_Smb_Scanner : FILE
 		date = "2020-12-15"
 		modified = "2023-12-05"
 		reference = "https://www.hybrid-analysis.com/sample/d16163526242508d6961f061aaffe3ae5321bd64d8ceb6b2788f1570757595fc?environmentId=2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_dec20.yar#L2-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_dec20.yar#L2-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0bea71db7052f1c22c01cfbf710d4ed24651cbbd8b0fd29f09dfd49c4e314028"
 		score = 75
 		quality = 85
@@ -350608,8 +351110,8 @@ rule SIGNATURE_BASE_Hvs_APT37_Cred_Tool : FILE
 		date = "2020-12-15"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_dec20.yar#L31-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_dec20.yar#L31-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4fb7247b88f2d252e7c9d5034c209945bc9e17f49de3dcdb5bf50b5afb302987"
 		score = 75
 		quality = 85
@@ -350639,8 +351141,8 @@ rule SIGNATURE_BASE_Hvs_APT37_RAT_Loader
 		date = "2020-12-15"
 		modified = "2023-12-05"
 		reference = "https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_dec20.yar#L52-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_dec20.yar#L52-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b70e66d387e42f5f04b69b9eb15306036702ab8a50b16f5403289b5388292db9"
 		logic_hash = "241f2683adc29e8aca30ae24278f3703fef0fed6b276dae488fdb32c167af1c9"
 		score = 75
@@ -350660,8 +351162,8 @@ rule SIGNATURE_BASE_Hvs_APT37_Webshell_Img_Thumbs_Asp : FILE
 		date = "2020-12-15"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_dec20.yar#L68-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_dec20.yar#L68-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "94d2448d3794ae3f29678a7337473d259b5cfd1c7f703fe53ee6c84dd10a48ef"
 		logic_hash = "58ccee11c08330c8cd4148e623a2e59e024d6d5f3067331dbdd962d0f6a8daa4"
 		score = 75
@@ -350696,8 +351198,8 @@ rule SIGNATURE_BASE_Hvs_APT37_Webshell_Template_Query_Asp : FILE
 		date = "2020-12-15"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_dec20.yar#L97-L120"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_dec20.yar#L97-L120"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "961a66d01c86fa5982e0538215b17fb9fae2991331dfea812b8c031e2ceb0d90"
 		logic_hash = "d8bd017e9103bddb0b8a86effa8a4b0617b54bd643bcc36b6f678a3e60f8559f"
 		score = 75
@@ -350728,8 +351230,8 @@ rule SIGNATURE_BASE_Hvs_APT37_Webshell_Controllers_Asp : FILE
 		date = "2020-12-15"
 		modified = "2023-12-05"
 		reference = "https://www.hvs-consulting.de/media/downloads/ThreatReport-Lazarus.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_dec20.yar#L140-L218"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_dec20.yar#L140-L218"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "829462fc6d84aae04a962dfc919d0a392265fbf255eab399980d2b021e385517"
 		logic_hash = "a6e53e99f7500683d3b62a7630cecb53ee6c13b335cbf9912366675db964aefe"
 		score = 75
@@ -350816,8 +351318,8 @@ rule SIGNATURE_BASE_Gen_Unicorn_Obfuscated_Powershell : FILE
 		date = "2018-04-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/trustedsec/unicorn/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_unicorn_obfuscated_powershell.yar#L1-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_unicorn_obfuscated_powershell.yar#L1-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b93d2fe6a671a6a967f31d5b3a0a16d4f93abcaf25188a2bbdc0894087adb10d"
 		logic_hash = "cb0044d5ee146213c96161d52880ce6c20d5884d57620c73f359673d4ae4b76b"
 		score = 75
@@ -350844,8 +351346,8 @@ rule SIGNATURE_BASE_EXT_EXPL_ZTH_LNK_EXPLOIT_A : FILE
 		date = "2025-03-18"
 		modified = "2025-03-29"
 		reference = "https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_lnk_zdi_can_25373.yar#L1-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_lnk_zdi_can_25373.yar#L1-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b2c6a7f0abd62d3eef916352f984d1fcc721cfba4f5de9d159de8fd428c02b31"
 		score = 75
 		quality = 85
@@ -350864,6 +351366,57 @@ rule SIGNATURE_BASE_EXT_EXPL_ZTH_LNK_EXPLOIT_A : FILE
 	condition:
 		uint32( 0 ) == 0x4C and uint32( 4 ) == 0x21401 and any of ( $spoof_* )
 }
+rule SIGNATURE_BASE_MAL_JS_NPM_Supplychain_Attack_Sep25 : FILE
+{
+	meta:
+		description = "Detects obfuscated JavaScript in NPM packages used in supply chain crypto stealer attacks in September 2025"
+		author = "Florian Roth"
+		id = "71c66281-780d-5f02-9883-fda5f6b46636"
+		date = "2025-09-09"
+		modified = "2025-09-17"
+		reference = "https://www.linkedin.com/feed/update/urn:li:activity:7370889385992437760/"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_npm_supply_chain_sep25.yar#L1-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
+		logic_hash = "98d83d83e63bedeeb2a79acbccc9a738c0f2c93256817d87ed697cdec699c89f"
+		score = 85
+		quality = 85
+		tags = "FILE"
+		hash1 = "16f6c756bc8ce5ef5d9aa1ded0f811ec0c9cee3d8f85cc151b8ca1df7b8a4337"
+
+	strings:
+		$x1 = "const _0x112fa8=_0x180f;(function(_0x13c8b9" ascii
+		$fp1 = "<html"
+		$fp2 = "<xml "
+
+	condition:
+		filesize < 200KB and 1 of ( $x* ) and not 1 of ( $fp* )
+}
+rule SIGNATURE_BASE_MAL_JS_NPM_Supplychain_Compromise_Sep25 : FILE
+{
+	meta:
+		description = "Detects a supply chain compromise in NPM packages (TinyColor, CrowdStrike etc.)"
+		author = "Florian Roth"
+		id = "ff4e1c0d-1c19-562a-be7f-5427359553cd"
+		date = "2025-09-16"
+		modified = "2025-09-17"
+		reference = "https://socket.dev/blog/tinycolor-supply-chain-attack-affects-40-packages"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_npm_supply_chain_sep25.yar#L20-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
+		logic_hash = "6ddcf152ee8b90496d9d3f7f51dc239d927a3a2095082d13c6cc7e21819097f4"
+		score = 80
+		quality = 85
+		tags = "FILE"
+
+	strings:
+		$x1 = "if (plat === \"linux\") return \"https://github.com/trufflesecurity/trufflehog/releases"
+		$sa1 = "curl -d \"$CONTENTS\" https://webhook.site/" ascii
+		$sa2 = "curl -s -X POST -d \"$CONTENTS\" \"https://webhook.site/"
+		$sb1 = " | base64 -w 0 | " ascii
+		$sb2 = " | base64 -w0)"
+
+	condition:
+		filesize < 20MB and ( 1 of ( $x* ) or ( 1 of ( $sa* ) and 1 of ( $sb* ) ) ) and not uint8( 0 ) == 0x7b
+}
 
 rule SIGNATURE_BASE_SUSP_THOR_Unsigned_Oct23_1 : FILE
 {
@@ -350874,8 +351427,8 @@ rule SIGNATURE_BASE_SUSP_THOR_Unsigned_Oct23_1 : FILE
 		date = "2023-10-28"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_unsigned_thor.yar#L4-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_unsigned_thor.yar#L4-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "12303e3549071dd6c8896f7a1222eb5905f6b4d3f320134416a5b6d53857adeb"
 		score = 75
 		quality = 85
@@ -350898,8 +351451,8 @@ rule SIGNATURE_BASE_Cobaltgang_PDF_Metadata_Rev_A
 		date = "2018-10-25"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2018/10/unit42-new-techniques-uncover-attribute-cobalt-gang-commodity-builders-infrastructure-revealed/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cobalt_gang_pdf.yar#L1-L12"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cobalt_gang_pdf.yar#L1-L12"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8020ccff761b49d98e18cd5cb3c0695956a88e86a0958bfba1a19b7e3e629bb9"
 		score = 75
 		quality = 85
@@ -350920,8 +351473,8 @@ rule SIGNATURE_BASE_Crowdstrike_Shamoon_Droppedfile
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://www.rsaconference.com/writable/presentations/file_upload/exp-w01-hacking-exposed-day-of-destruction.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_shamoon.yar#L1-L13"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_shamoon.yar#L1-L13"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ed550832b217f7edceea2edf7c4453925ed1759d97db7728f7face6ff10ee361"
 		score = 75
 		quality = 85
@@ -350946,8 +351499,8 @@ rule SIGNATURE_BASE_Ironpanda_Dnstunclient : FILE
 		date = "2015-09-16"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/E4qia9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger.yar#L10-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger.yar#L10-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a08db49e198068709b7e52f16d00a10d72b4d26562c0d82b4544f8b0fb259431"
 		logic_hash = "07c142f6eb11ecc8ed5f55d6b0cc7110c6268e189f3ce29215f75b7aba91a290"
 		score = 80
@@ -350980,8 +351533,8 @@ rule SIGNATURE_BASE_Ironpanda_Malware1 : FILE
 		date = "2015-09-16"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/E4qia9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger.yar#L38-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger.yar#L38-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a0cee5822ddf254c254a5a0b7372c9d2b46b088a254a1208cb32f5fe7eca848a"
 		logic_hash = "4b50a2c7f0f94b678fc560eefb217c067e934f8e7d64bc0f0d16afcccccd0d08"
 		score = 75
@@ -351008,8 +351561,8 @@ rule SIGNATURE_BASE_Ironpanda_Webshell_JSP : FILE
 		date = "2015-09-16"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/E4qia9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger.yar#L57-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger.yar#L57-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3be95477e1d9f3877b4355cff3fbcdd3589bb7f6349fd4ba6451e1e9d32b7fa6"
 		logic_hash = "747ce812b156bf03f8d14ef84e7d2e8535c7c70590dfcb50ce3e957bec745efc"
 		score = 75
@@ -351034,8 +351587,8 @@ rule SIGNATURE_BASE_Ironpanda_Malware_Htran : FILE
 		date = "2015-09-16"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/E4qia9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger.yar#L74-L102"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger.yar#L74-L102"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7903f94730a8508e9b272b3b56899b49736740cea5037ea7dbb4e690bcaf00e7"
 		logic_hash = "e7312a2d0ffc247eda20cb5453538a501bde6683bf34e7f4bf2230243474ba76"
 		score = 75
@@ -351071,8 +351624,8 @@ rule SIGNATURE_BASE_Ironpanda_Malware2 : FILE
 		date = "2015-09-16"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/E4qia9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger.yar#L104-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger.yar#L104-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a89c21dd608c51c4bf0323d640f816e464578510389f9edcf04cd34090decc91"
 		logic_hash = "060c681e7127349464cd98f99cef6e184fbd18d2ec415dc6c95d8ac329e6fe7e"
 		score = 75
@@ -351099,8 +351652,8 @@ rule SIGNATURE_BASE_Ironpanda_Malware3 : FILE
 		date = "2015-09-16"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/E4qia9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger.yar#L123-L141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger.yar#L123-L141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5cd2af844e718570ae7ba9773a9075738c0b3b75c65909437c43201ce596a742"
 		logic_hash = "ca55fc5aa655fb221808b4c82db520cae24e0d93422293b6ed5e573b343e93ac"
 		score = 75
@@ -351128,8 +351681,8 @@ rule SIGNATURE_BASE_Ironpanda_Malware4 : FILE
 		date = "2015-09-16"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/E4qia9"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger.yar#L143-L159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger.yar#L143-L159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0d6da946026154416f49df2283252d01ecfb0c41c27ef3bc79029483adc2240c"
 		logic_hash = "12661c8862eeb82d55a3912e0a499beb6bb19f7abe9ccfe6fa0506e6a032cfe4"
 		score = 75
@@ -351155,8 +351708,8 @@ rule SIGNATURE_BASE_Chafer_Mimikatz_Custom : FILE
 		date = "2018-03-22"
 		modified = "2023-12-05"
 		reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig_chafer_mar18.yar#L11-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig_chafer_mar18.yar#L11-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d3b74be6d221592fb867bd9589f5e4b246a093bd276efa3515d9e948a38eda48"
 		score = 75
 		quality = 85
@@ -351178,8 +351731,8 @@ rule SIGNATURE_BASE_Chafer_Exploit_Copyright_2017 : FILE
 		date = "2018-03-22"
 		modified = "2023-12-05"
 		reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig_chafer_mar18.yar#L25-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig_chafer_mar18.yar#L25-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "53d3e735bc368de152f4f4058617bc2cc5574bc13777f743442ff2bfafe92791"
 		score = 75
 		quality = 85
@@ -351204,8 +351757,8 @@ rule SIGNATURE_BASE_Chafer_Portscanner : FILE
 		date = "2018-03-22"
 		modified = "2023-12-05"
 		reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig_chafer_mar18.yar#L45-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig_chafer_mar18.yar#L45-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6e0475a5c0fc8155359376113f88f3de080968388bd3ea60664a063540688faf"
 		score = 75
 		quality = 85
@@ -351229,8 +351782,8 @@ rule SIGNATURE_BASE_Oilrig_Myrtille : FILE
 		date = "2018-03-22"
 		modified = "2022-12-21"
 		reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig_chafer_mar18.yar#L61-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig_chafer_mar18.yar#L61-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "373115c0a3fbfe93435aca07cbac52c7649a77d8b7d6eda8af5ce4a1a42e53a6"
 		score = 75
 		quality = 85
@@ -351254,8 +351807,8 @@ rule SIGNATURE_BASE_Chafer_Packed_Mimikatz : FILE
 		date = "2018-03-22"
 		modified = "2023-12-05"
 		reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig_chafer_mar18.yar#L78-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig_chafer_mar18.yar#L78-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0cee5270c9b76f1419c6989113dca221c5ba6f027a104d71f61d38cb59af51cd"
 		score = 75
 		quality = 85
@@ -351279,8 +351832,8 @@ rule SIGNATURE_BASE_Oilrig_PS_Cnc : FILE
 		date = "2018-03-22"
 		modified = "2023-12-05"
 		reference = "https://nyotron.com/wp-content/uploads/2018/03/Nyotron-OilRig-Malware-Report-March-2018b.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_oilrig_chafer_mar18.yar#L94-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_oilrig_chafer_mar18.yar#L94-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0566f0707021af0d08426eec497292098273d46b020a5f0be6b98835ceeb82bc"
 		score = 75
 		quality = 85
@@ -351303,8 +351856,8 @@ rule SIGNATURE_BASE_P0Wnedpowercat : FILE
 		date = "2017-01-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_p0wnshell.yar#L10-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_p0wnshell.yar#L10-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5882d0f91f237d2abe1149421db0e217e6dfcca70130d346a70d5c851eca085f"
 		score = 75
 		quality = 85
@@ -351333,8 +351886,8 @@ rule SIGNATURE_BASE_Hacktool_Strings_P0Wnedshell : FILE
 		date = "2017-01-14"
 		modified = "2023-02-10"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_p0wnshell.yar#L31-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_p0wnshell.yar#L31-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "faec8f0af877f1a80ff994e08c756728cea5f58000f7124c1a6e7e4c86e7f5c0"
 		score = 75
 		quality = 85
@@ -351371,8 +351924,8 @@ rule SIGNATURE_BASE_P0Wnedpotato
 		date = "2017-01-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_p0wnshell.yar#L64-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_p0wnshell.yar#L64-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d9107db6c6460429358a2f9f1f47d103e96811152e8d03517871ff0c66578d05"
 		score = 75
 		quality = 85
@@ -351399,8 +351952,8 @@ rule SIGNATURE_BASE_P0Wnedexploits
 		date = "2017-01-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_p0wnshell.yar#L83-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_p0wnshell.yar#L83-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "40f23316117faa63fa9e9a5d281600f8e9d41857aac815d22559391c74dec157"
 		score = 75
 		quality = 85
@@ -351424,8 +351977,8 @@ rule SIGNATURE_BASE_P0Wnedshellx64
 		date = "2017-01-14"
 		modified = "2021-09-15"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_p0wnshell.yar#L99-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_p0wnshell.yar#L99-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d7cd33548ed3485cc6f3cd289813a8eb83b34e800b839c5c8f8add5f9e01a3da"
 		score = 75
 		quality = 85
@@ -351452,8 +352005,8 @@ rule SIGNATURE_BASE_P0Wnedlistenerconsole
 		date = "2017-01-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_p0wnshell.yar#L120-L140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_p0wnshell.yar#L120-L140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "068e590f6f4f99c27814f2bf96d51e1c8c6422afcf8b99bb9f1852216335da7b"
 		score = 75
 		quality = 85
@@ -351483,8 +352036,8 @@ rule SIGNATURE_BASE_P0Wnedbinaries
 		date = "2017-01-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_p0wnshell.yar#L142-L161"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_p0wnshell.yar#L142-L161"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4df7fcf508a9257ea418bd1995158c3676037b310dc884d44658977fda81b13b"
 		score = 75
 		quality = 85
@@ -351513,8 +352066,8 @@ rule SIGNATURE_BASE_P0Wnedamsibypass
 		date = "2017-01-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_p0wnshell.yar#L163-L178"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_p0wnshell.yar#L163-L178"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1f7613506058706fc74979fdd4f9e425e9d16527120e0f2f49bc21e3e43d3b16"
 		score = 75
 		quality = 85
@@ -351539,8 +352092,8 @@ rule SIGNATURE_BASE_P0Wnedshell_Outputs
 		date = "2017-01-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/Cn33liz/p0wnedShell"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_p0wnshell.yar#L180-L196"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_p0wnshell.yar#L180-L196"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "85d5317a473d981fe6ee1362789f34653a838c63d823bb62028a25c9db27cf6e"
 		score = 75
 		quality = 85
@@ -351566,8 +352119,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASP_Embedded_Mar21_1 : FILE
 		date = "2021-03-05"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4a8b4cea6f53dad9771cb694ec55f305f04dfdbd8e663154cad672ca414c138c"
 		score = 85
 		quality = 85
@@ -351590,8 +352143,8 @@ rule SIGNATURE_BASE_APT_WEBSHELL_HAFNIUM_Secchecker_Mar21_1 : FILE
 		date = "2021-03-05"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/markus_neis/status/1367794681237667840"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L18-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L18-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e0e4df860bdde7d5c277f596535c493d926095be6f46f6ba41b6177afbfc5cd9"
 		score = 75
 		quality = 85
@@ -351614,8 +352167,8 @@ rule SIGNATURE_BASE_APT_HAFNIUM_Forensic_Artefacts_Mar21_1
 		date = "2021-03-02"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L35-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L35-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eb86595956092506c2e29373faaf39a3987f9feed36a53b191bedd498db05cbb"
 		score = 75
 		quality = 85
@@ -351638,8 +352191,8 @@ rule SIGNATURE_BASE_APT_WEBSHELL_HAFNIUM_Chopper_Webshell : APT HAFNIUM WEBSHELL
 		date = "2021-03-05"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L50-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L50-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c185a8da2a18fa59a8eeb36dbd95ba12c9c61717efc5f2d19d2d5b27ee243f2b"
 		score = 75
 		quality = 85
@@ -351663,8 +352216,8 @@ rule SIGNATURE_BASE_APT_WEBSHELL_Tiny_Webshell : APT HAFNIUM WEBSHELL FILE
 		date = "2021-03-05"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L67-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L67-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "099c8625c58b315b6c11f5baeb859f4c"
 		logic_hash = "9309f9b57353b6fe292048d00794699a8637a3e6e429c562fb36c7e459003a3b"
 		score = 75
@@ -351688,8 +352241,8 @@ rule SIGNATURE_BASE_HKTL_PS1_Powercat_Mar21 : FILE
 		date = "2021-03-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/besimorhino/powercat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L84-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L84-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cbd5c6f7c5b4ed713482588ee4490a2326fe11cfaacfb3bfc6a6d94130a8bc83"
 		score = 75
 		quality = 85
@@ -351715,8 +352268,8 @@ rule SIGNATURE_BASE_HKTL_Nishang_PS1_Invoke_Powershelltcponeline
 		date = "2021-03-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/samratashok/nishang/blob/master/Shells/Invoke-PowerShellTcpOneLine.ps1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L105-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L105-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "59622bff95de1077d26ee4547f37cd1045c0c1fc6817df40ff2564b33a962a07"
 		score = 75
 		quality = 85
@@ -351740,8 +352293,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Simpleseesharp : WEBSHELL UNCLASSIFIED FILE
 		date = "2021-03-01"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/03/02/active-exploitation-of-microsoft-exchange-zero-day-vulnerabilities/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L121-L136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L121-L136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "893cd3583b49cb706b3e55ecb2ed0757b977a21f5c72e041392d1256f31166e2"
 		logic_hash = "6f62249a68bae94e5cbdb4319ea5cde9dc071ec7a4760df3aafe78bc1e072c30"
 		score = 75
@@ -351764,8 +352317,8 @@ rule SIGNATURE_BASE_WEBSHELL_CVE_2021_27065_Webshells : CVE_2021_27065 FILE
 		date = "2021-03-05"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L182-L200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L182-L200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "71795ba67bc8a4cea06b93da34b6291029ff74b200e37eb66f6ac51a6ff194cd"
 		score = 75
 		quality = 61
@@ -351793,8 +352346,8 @@ rule SIGNATURE_BASE_APT_MAL_ASPX_HAFNIUM_Chopper_Mar21_3 : FILE
 		date = "2021-03-07"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L202-L216"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L202-L216"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "391b366d78c2f24dc006a5365ec232a9a3c2fe0ea514b18897701ceeffcc81ca"
 		score = 85
 		quality = 85
@@ -351816,8 +352369,8 @@ rule SIGNATURE_BASE_APT_MAL_ASPX_HAFNIUM_Chopper_Mar21_4 : FILE
 		date = "2021-03-07"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L218-L233"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L218-L233"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "933ab74a0e30e2a728444d491c9eb0ff134db05d905aeb48efe3ba65674a3730"
 		score = 85
 		quality = 79
@@ -351840,8 +352393,8 @@ rule SIGNATURE_BASE_APT_HAFNIUM_Forensicartefacts_WER_Mar21_1 : CVE_2021_26857 F
 		date = "2021-03-07"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1368471533048446976"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L235-L250"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L235-L250"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2e135cb47f9fb5ca19ee1058fa6b4f39c098d2dfbab69bc19e80412ab695f126"
 		score = 40
 		quality = 85
@@ -351863,8 +352416,8 @@ rule SIGNATURE_BASE_APT_HAFNIUM_Forensicartefacts_Cab_Recon_Mar21_1 : FILE
 		date = "2021-03-11"
 		modified = "2023-12-05"
 		reference = "https://discuss.elastic.co/t/detection-and-response-for-hafnium-activity/266289/3?u=dstepanic"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L252-L273"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L252-L273"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "de3acb2d01ad14d73263af9e62ef7c715cde259e3f2fbbcbbb41d55589c3f0ab"
 		score = 70
 		quality = 85
@@ -351888,11 +352441,11 @@ rule SIGNATURE_BASE_WEBSHELL_Compiled_Webshell_Mar2021_1 : FILE
 		date = "2021-03-05"
 		modified = "2021-03-12"
 		reference = "https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Vorfaelle/Exchange-Schwachstellen-2021/MSExchange_Schwachstelle_Detektion_Reaktion.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L275-L295"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L275-L295"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d2e5f91f7bb50984c491eb9632d3863febc986760e4d03c8255872887ce4dc4a"
 		score = 75
-		quality = 56
+		quality = 81
 		tags = "FILE"
 
 	strings:
@@ -351918,8 +352471,8 @@ rule SIGNATURE_BASE_APT_MAL_ASP_DLL_HAFNIUM_Mar21_1 : FILE
 		date = "2021-03-05"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L297-L325"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L297-L325"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a4a3f9c7029e67647823a13079655b24648f5e4a7e238439b7a933b19477c20c"
 		score = 65
 		quality = 85
@@ -351952,8 +352505,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Fileexplorer_Mar21_1 : FILE
 		date = "2021-03-31"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L363-L397"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L363-L397"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7b4ffd222b38e76455fff2650b72bdcaff281323103f342b427013cd3fffdc21"
 		score = 80
 		quality = 85
@@ -351993,8 +352546,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Chopper_Like_Mar21_1 : FILE
 		date = "2021-03-31"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hafnium.yar#L399-L416"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hafnium.yar#L399-L416"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "baa9eb1e3c4ac5ce49d27b1c3f75c8b6590567e25d98761a8b704478f2cee970"
 		score = 85
 		quality = 85
@@ -352019,11 +352572,11 @@ rule SIGNATURE_BASE_Office_OLE_DDE : FILE
 		date = "2017-10-12"
 		modified = "2023-12-05"
 		reference = "https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_dde_in_office_docs.yar#L48-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_dde_in_office_docs.yar#L48-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2d2f7dce166dc8ef8aba7e8eaafaf4d1bb34cdc1ce97d34125a65147cf5e08ac"
 		score = 50
-		quality = 35
+		quality = 60
 		tags = "FILE"
 
 	strings:
@@ -352043,8 +352596,8 @@ rule SIGNATURE_BASE_APT_APT41_POISONPLUG_3 : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt41.yar#L14-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt41.yar#L14-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b74b89ac382b2b839c169cd1388d86888172f133091afd079ec42c9380935fdc"
 		score = 80
 		quality = 85
@@ -352071,8 +352624,8 @@ rule SIGNATURE_BASE_APT_APT41_POISONPLUG_SHADOW : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt41.yar#L33-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt41.yar#L33-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fc923c7e85f3870e08a077b344e575d3c349fa02f3d218a9a7ec31992f14866b"
 		score = 85
 		quality = 85
@@ -352091,8 +352644,8 @@ rule SIGNATURE_BASE_APT_APT41_CRACKSHOT : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt41.yar#L46-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt41.yar#L46-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "70dd9edfc7f9ace7b00a35eb2ef664aa4fbaab8e2d268922d1593074897e769c"
 		score = 85
 		quality = 85
@@ -352118,8 +352671,8 @@ rule SIGNATURE_BASE_APT_APT41_POISONPLUG_2 : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt41.yar#L66-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt41.yar#L66-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f2ec2e91edaaf976169b1fa6645aeae75135e5d5f522e0fda2438f84d674f383"
 		score = 70
 		quality = 85
@@ -352145,8 +352698,8 @@ rule SIGNATURE_BASE_APT_APT41_POISONPLUG : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt41.yar#L84-L106"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt41.yar#L84-L106"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "34459c2a8a13b8084c93a640723a3e2b67d2f695ff84ab63f4e313cacc458f32"
 		score = 80
 		quality = 85
@@ -352174,8 +352727,8 @@ rule SIGNATURE_BASE_APT_APT41_HIGHNOON : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt41.yar#L108-L135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt41.yar#L108-L135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c8afa91f90157c3ac0f7954cd2d42022392c4e6f039d88d1dd4bace19028c2b1"
 		score = 85
 		quality = 85
@@ -352211,8 +352764,8 @@ rule SIGNATURE_BASE_APT_APT41_HIGHNOON_2 : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt41.yar#L137-L157"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt41.yar#L137-L157"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dc35b78df1631b1c9650de2bac625a7bc629225f36fe5e32fbff829cb77dc9ac"
 		score = 75
 		quality = 85
@@ -352238,8 +352791,8 @@ rule SIGNATURE_BASE_APT_APT41_HIGHNOON_BIN : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt41.yar#L159-L180"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt41.yar#L159-L180"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c6557bff952454482271d1b52fb37b2dd0471abd237449fd9c94b293ea5218b3"
 		score = 90
 		quality = 85
@@ -352266,8 +352819,8 @@ rule SIGNATURE_BASE_APT_APT41_HIGHNOON_BIN_2 : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt41.yar#L182-L200"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt41.yar#L182-L200"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1e3d622b4719962f59d95dbf1374c526c22461dd1d9313504f28e8e5c9184272"
 		score = 85
 		quality = 85
@@ -352295,8 +352848,8 @@ rule SIGNATURE_BASE_APT_APT41_Revokedcert_Aug19_1 : FILE
 		date = "2019-08-07"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt41.yar#L202-L231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt41.yar#L202-L231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f78c1310f99ac1993b01f3469f2f8e0765b79b2ea17fc6e7cff4e99949ca1139"
 		score = 60
 		quality = 85
@@ -352314,8 +352867,8 @@ rule SIGNATURE_BASE_APT_APT41_CN_ELF_Speculoos_Backdoor : FILE
 		date = "2020-04-14"
 		modified = "2023-12-05"
 		reference = "https://unit42.paloaltonetworks.com/apt41-using-new-speculoos-backdoor-to-target-organizations-globally/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt41.yar#L233-L267"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt41.yar#L233-L267"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ee4cbbc5fc51fb24cbf6017dfb4763ac72a0b23a3b6e794b909e678ebfbabc03"
 		score = 90
 		quality = 85
@@ -352355,8 +352908,8 @@ rule SIGNATURE_BASE_SUSP_Unsigned_OSPPSVC : FILE
 		date = "2019-09-26"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2019/09/24/no-summer-vacations-zebrocy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_sign_anomalies.yar#L4-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_sign_anomalies.yar#L4-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "27d8d8d19e25a2e3cffb765a0b3122e38dcb72d60c00c554163ee193a04b3d82"
 		score = 65
 		quality = 85
@@ -352386,8 +352939,8 @@ rule SIGNATURE_BASE_SUSP_PE_Signed_By_Suspicious_Entitiy_Mar23 : FILE
 		date = "2023-03-06"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/labs/driving-through-defenses-targeted-attacks-leverage-signed-malicious-microsoft-drivers/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_sign_anomalies.yar#L28-L214"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_sign_anomalies.yar#L28-L214"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2fb7a38e69a88e3da8fece4c6a1a81842c1be6ae9d6ac299afa4aef4eb55fd4b"
 		hash = "9a24befcc0c0926abb49d43174fe25c2469cca06d6ab3b5000d7c9d434c42fe9"
 		hash = "9ad716f0173489e74fefe086000dfbea9dc093b1c3460bed9cdb82f923073806"
@@ -352572,8 +353125,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_1 : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_passcv.yar#L10-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_passcv.yar#L10-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dfa356b4dff12c3de467c74763fc4d233db9ff5bc3e9ac9f052d331fa47a4ded"
 		score = 75
 		quality = 85
@@ -352606,8 +353159,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_Signing_Cert : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_passcv.yar#L36-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_passcv.yar#L36-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ead1de262858960a13b375713183f775bc275fbf4beba4c0839cef2baa5e9f00"
 		score = 50
 		quality = 85
@@ -352637,8 +353190,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_2 : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_passcv.yar#L59-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_passcv.yar#L59-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f640f1dc60c6714195dcdb9a0bb4fb0c34e0a62673bca00c7f49f7b73c3f9b0a"
 		score = 75
 		quality = 85
@@ -352670,8 +353223,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_Excalibur_1 : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_passcv.yar#L84-L105"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_passcv.yar#L84-L105"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ffbd971368420460573c4ecc68261088ffacf91ab9ae72405b41393b04aa2b46"
 		score = 75
 		quality = 85
@@ -352699,8 +353252,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_3 : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_passcv.yar#L107-L124"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_passcv.yar#L107-L124"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1032f41688e7cb3fe0be33b143c1af43ee705737a70af3b336ba8504ffe169a9"
 		score = 75
 		quality = 85
@@ -352726,8 +353279,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_4 : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_passcv.yar#L126-L141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_passcv.yar#L126-L141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c445e745ef520438fa7c4ddcae2657b57c80d798640fdd7c85eabf535f158911"
 		score = 75
 		quality = 85
@@ -352752,8 +353305,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Tool_Ntscan : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_passcv.yar#L143-L159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_passcv.yar#L143-L159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f2b41c1e6db8c9288663cccbf5659484ed415b403068cc566b31aa044bf0de9e"
 		score = 75
 		quality = 85
@@ -352778,8 +353331,8 @@ rule SIGNATURE_BASE_Passcv_Sabre_Malware_5 : FILE
 		date = "2016-10-20"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/digitally-signed-malware-targeting-gaming-companies"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_passcv.yar#L161-L182"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_passcv.yar#L161-L182"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "30508c6561a2bb908945e9092da1d5cf2257b8b183effcea25a1ba15567f3d20"
 		score = 75
 		quality = 85
@@ -352809,8 +353362,8 @@ rule SIGNATURE_BASE_Sofacy_Malware_Strangespaces : FILE
 		date = "2015-12-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_dec15.yar#L8-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_dec15.yar#L8-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ee8bbebaa0978d038424cee3775ba312476afa014ce0d57c73d6844f758116ca"
 		score = 75
 		quality = 85
@@ -352835,8 +353388,8 @@ rule SIGNATURE_BASE_Sofacy_Malware_AZZY_Backdoor_1 : FILE
 		date = "2015-12-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_dec15.yar#L25-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_dec15.yar#L25-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a9dc96d45702538c2086a749ba2fb467ba8d8b603e513bdef62a024dfeb124cb"
 		logic_hash = "9c99f218d856d374423cada147bc38c8319f9ebff1e43e012143fad7af992d29"
 		score = 75
@@ -352861,8 +353414,8 @@ rule SIGNATURE_BASE_Sofacy_AZZY_Backdoor_Implant_1 : FILE
 		date = "2015-12-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_dec15.yar#L42-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_dec15.yar#L42-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1bab1a3e0e501d3c14652ecf60870e483ed4e90e500987c35489f17a44fef26c"
 		logic_hash = "b6ddf1274ed78db0c7183e3cc8063c01e4d011bc2947ec05449f3fd0df2050e7"
 		score = 75
@@ -352889,8 +353442,8 @@ rule SIGNATURE_BASE_Sofacy_AZZY_Backdoor_Helperdll : FILE
 		date = "2015-12-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_dec15.yar#L61-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_dec15.yar#L61-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6cd30c85dd8a64ca529c6eab98a757fb326de639a39b597414d5340285ba91c6"
 		logic_hash = "100903551eeacf4266fc97a09949bdafe05e94698bed7cea295c8e970df22ec8"
 		score = 75
@@ -352915,8 +353468,8 @@ rule SIGNATURE_BASE_Sofacy_Collectorstealer_Gen1 : FILE
 		date = "2015-12-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_dec15.yar#L80-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_dec15.yar#L80-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1b6693fa45fed5ed001d8fb4b43427c7036d95cb36b125e7242864d000085018"
 		score = 75
 		quality = 85
@@ -352943,8 +353496,8 @@ rule SIGNATURE_BASE_Sofacy_Collectorstealer_Gen2 : FILE
 		date = "2015-12-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_dec15.yar#L99-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_dec15.yar#L99-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "e917166adf6e1135444f327d8fff6ec6c6a8606d65dda4e24c2f416d23b69d45"
 		hash = "92dcb0d8394d0df1064e68d90cd90a6ae5863e91f194cbaac85ec21c202f581f"
 		hash = "b1f2d461856bb6f2760785ee1af1a33c71f84986edf7322d3e9bd974ca95f92d"
@@ -352971,8 +353524,8 @@ rule SIGNATURE_BASE_Sofacy_Collectorstealer_Gen3 : FILE
 		date = "2015-12-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/72924/sofacy-apt-hits-high-profile-targets-with-updated-toolset/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_dec15.yar#L118-L143"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_dec15.yar#L118-L143"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "92dcb0d8394d0df1064e68d90cd90a6ae5863e91f194cbaac85ec21c202f581f"
 		hash = "4e4606313c423b681e11110ca5ed3a2b2632ec6c556b7ab9642372ae709555f3"
 		logic_hash = "8e7f56013629d8b4d0c7600552590e8073deb16d5b6dced11444c2110b88f387"
@@ -353004,8 +353557,8 @@ rule SIGNATURE_BASE_Crunchrat : FILE
 		date = "2017-11-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/t3ntman/CrunchRAT"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_crunchrat.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_crunchrat.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e29cfe6dd2ca69b1a8cd0cb36f7513dd9befd392906225196991dc62fcc80870"
 		score = 75
 		quality = 85
@@ -353035,8 +353588,8 @@ rule SIGNATURE_BASE_Winnti_Signing_Cert : FILE
 		date = "2015-10-10"
 		modified = "2025-08-11"
 		reference = "https://securelist.com/analysis/publications/72275/i-am-hdroot-part-1/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti.yar#L9-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti.yar#L9-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6fd5f2808e7d683b9c4b7f5d4ccfd0eb87037eb2e70700b2c083db8c6ddf4a26"
 		score = 75
 		quality = 85
@@ -353062,8 +353615,8 @@ rule SIGNATURE_BASE_Winnti_Malware_Nsiproxy : FILE
 		date = "2015-10-10"
 		modified = "2025-08-11"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti.yar#L28-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti.yar#L28-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "742b091cc630ecea995be8d022eabadef1725dbd952f66a9ca62ecdee6985733"
 		score = 75
 		quality = 85
@@ -353097,8 +353650,8 @@ rule SIGNATURE_BASE_Winnti_Malware_Updatedll : FILE
 		date = "2015-10-10"
 		modified = "2025-08-11"
 		reference = "VTI research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti.yar#L56-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti.yar#L56-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4b483e77106cc0e2f8ed2398de8b34b8246472875ad3e0612fa06cac96b7e6aa"
 		score = 75
 		quality = 85
@@ -353136,8 +353689,8 @@ rule SIGNATURE_BASE_Winnti_Malware_FWPK : FILE
 		date = "2015-10-10"
 		modified = "2023-01-06"
 		reference = "VTI research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti.yar#L90-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti.yar#L90-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6e87b06f6bf11dceb04c8eb4910f5d98ec3fe430fa984eeed8b73e99b28c5abe"
 		score = 75
 		quality = 85
@@ -353172,8 +353725,8 @@ rule SIGNATURE_BASE_Winnti_Malware_Streamportal_Gen : FILE
 		date = "2015-10-10"
 		modified = "2025-08-11"
 		reference = "VTI research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti.yar#L119-L141"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti.yar#L119-L141"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "249f51b263fbcab650983d75482fd4787934731e415fcbd0e6f6925032aac690"
 		score = 75
 		quality = 85
@@ -353205,8 +353758,8 @@ rule SIGNATURE_BASE_WINNTI_Kingsoft_Moz_Confustion : FILE
 		date = "2018-04-13"
 		modified = "2025-08-11"
 		reference = "https://www.virustotal.com/en/file/070ee4a40852b26ec0cfd79e32176287a6b9d2b15e377281d8414550a83f6496/analysis/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti.yar#L143-L159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti.yar#L143-L159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ebd8465f484e1142ac741263282ea1c6f98e6bd0637ebdcec6ecc6233193407e"
 		score = 75
 		quality = 85
@@ -353225,8 +353778,8 @@ rule SIGNATURE_BASE_APT_Winnti_MAL_Dec19_1 : FILE
 		date = "2019-12-06"
 		modified = "2025-06-03"
 		reference = "https://www.verfassungsschutz.de/download/broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti.yar#L160-L181"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti.yar#L160-L181"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2ffeb40b096e5112adbb9c07b27b954424d6ef11a0a9bd736b43df9aa1e9af3e"
 		score = 75
 		quality = 85
@@ -353252,8 +353805,8 @@ rule SIGNATURE_BASE_APT_Winnti_MAL_Dec19_2
 		date = "2019-12-06"
 		modified = "2025-08-11"
 		reference = "https://www.verfassungsschutz.de/download/broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti.yar#L183-L206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti.yar#L183-L206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "216557999b7100f26556f9f7088b16ba125ac39b308cb77c997d620ce9591d24"
 		score = 75
 		quality = 85
@@ -353285,8 +353838,8 @@ rule SIGNATURE_BASE_APT_Winnti_MAL_Dec19_3
 		date = "2019-12-06"
 		modified = "2025-08-11"
 		reference = "https://www.verfassungsschutz.de/download/broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti.yar#L208-L224"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti.yar#L208-L224"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "601f8a3cba57fea46c16c36f8276631fcd22feef4ea1388a1ea35b00929b9fbb"
 		score = 75
 		quality = 85
@@ -353311,8 +353864,8 @@ rule SIGNATURE_BASE_APT_Winnti_MAL_Dec19_4
 		date = "2019-12-06"
 		modified = "2025-08-11"
 		reference = "https://www.verfassungsschutz.de/download/broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti.yar#L226-L240"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti.yar#L226-L240"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "32909e915a6e602ad1e8698cf5c128c2e54670770b97f54b1414c5798c42cc00"
 		score = 75
 		quality = 85
@@ -353335,8 +353888,8 @@ rule SIGNATURE_BASE_APT_Winnti_MAL_Dec19_5
 		date = "2019-12-06"
 		modified = "2025-08-11"
 		reference = "https://www.verfassungsschutz.de/download/broschuere-2019-12-bfv-cyber-brief-2019-01.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti.yar#L242-L269"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti.yar#L242-L269"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "977d11fbb7cf4678d4da179c43d5566520ee97ac528e269a9b985e5bc75641b7"
 		score = 75
 		quality = 85
@@ -353372,8 +353925,8 @@ rule SIGNATURE_BASE_APT_CN_Group_Loader_Jan20_1
 		date = "2020-02-01"
 		modified = "2025-08-11"
 		reference = "https://twitter.com/VK_Intel/status/1223411369367785472?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti.yar#L271-L283"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti.yar#L271-L283"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "30a180ada2390ca8df4bf7883624a5a176249622b4c34ce96931fe62b09ea8e3"
 		score = 80
 		quality = 85
@@ -353394,8 +353947,8 @@ rule SIGNATURE_BASE_Winnti_Dropper_X64_Libtomcrypt_Fns : TAU CN APT
 		date = "2019-08-26"
 		modified = "2025-08-11"
 		reference = "https://www.carbonblack.com/2019/09/04/cb-tau-threat-intelligence-notification-winnti-malware-4-0/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti.yar#L285-L332"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti.yar#L285-L332"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "39d23f2a12a3b78182e52847e2fdb2d09386765138c37eb7f75edfc680505531"
 		score = 75
 		quality = 83
@@ -353448,8 +354001,8 @@ rule SIGNATURE_BASE_Winnti_Dropper_X86_Libtomcrypt_Fns : TAU CN APT
 		date = "2019-08-26"
 		modified = "2025-08-11"
 		reference = "https://www.carbonblack.com/2019/09/04/cb-tau-threat-intelligence-notification-winnti-malware-4-0/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti.yar#L334-L375"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti.yar#L334-L375"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "84bfe001758677ff3a0d60d98e29c33ad1525a0afb27b73df750b2131e298879"
 		score = 75
 		quality = 85
@@ -353496,8 +354049,8 @@ rule SIGNATURE_BASE_Redsails_EXE : FILE
 		date = "2017-10-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/BeetleChunks/redsails"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_redsails.yar#L11-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_redsails.yar#L11-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fe9232989fb29686f11ee8cd59090fb6602301b00ff12d4a0dff8279a1718086"
 		score = 75
 		quality = 85
@@ -353521,8 +354074,8 @@ rule SIGNATURE_BASE_Redsails_PY
 		date = "2017-10-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/BeetleChunks/redsails"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_redsails.yar#L27-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_redsails.yar#L27-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4c5426a427e2c25cf9e44ae5f9ec477c9ab11f611d9a0db444c36e7cae176562"
 		score = 75
 		quality = 85
@@ -353550,11 +354103,11 @@ rule SIGNATURE_BASE_Gen_Python_Reverse_Shell : FILE
 		date = "2018-02-24"
 		modified = "2023-12-05"
 		reference = "https://www.virustotal.com/en/file/9ec5102bcbabc45f2aa7775464f33019cfbe9d766b1332ee675957c923a17efd/analysis/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_python_reverse_shell.yara#L1-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_python_reverse_shell.yara#L1-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "12b1424265cd0ea62b8dd5c08933f1285a156d906df6c31ca9a94fbc303f248e"
 		score = 75
-		quality = 58
+		quality = 83
 		tags = "FILE"
 		hash1 = "9ec5102bcbabc45f2aa7775464f33019cfbe9d766b1332ee675957c923a17efd"
 		hash2 = "bfb5c622a3352bb71b86df81c45ccefaa68b9f7cc0a3577e8013aad951308f12"
@@ -353582,8 +354135,8 @@ rule SIGNATURE_BASE_Sofacy_Campaign_Mal_Feb18_Cdnver : FILE
 		date = "2018-02-07"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ClearskySec/status/960924755355369472"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy.yar#L4-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy.yar#L4-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cd3fa21710054a96cc85da13d98e0882deaa574708c833349638b57b6088131c"
 		score = 75
 		quality = 85
@@ -353613,8 +354166,8 @@ rule SIGNATURE_BASE_Sofacy_Trojan_Loader_Feb18_1 : FILE
 		date = "2018-03-01"
 		modified = "2023-12-05"
 		reference = "https://www.reverse.it/sample/e3399d4802f9e6d6d539e3ae57e7ea9a54610a7c4155a6541df8e94d67af086e?environmentId=100"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy.yar#L29-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy.yar#L29-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b1946af23fa0de69f5631a66fa211dab5d8731b5afdb23898428842232752e77"
 		score = 75
 		quality = 85
@@ -353641,8 +354194,8 @@ rule SIGNATURE_BASE_APT_ATP28_Sofacy_Indicators_May19_1 : FILE
 		date = "2019-05-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1129647994603790338"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy.yar#L53-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy.yar#L53-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4e3530f540cc66e99b82bd88887943c8e524d4d750734058d9a7b27f76bc6871"
 		score = 60
 		quality = 85
@@ -353670,8 +354223,8 @@ rule SIGNATURE_BASE_HKTL_Sentinelone_Remotepotato0_Privesc : FILE
 		date = "2021-04-26"
 		modified = "2023-12-05"
 		reference = "https://labs.sentinelone.com/relaying-potatoes-dce-rpc-ntlm-relay-eop"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_remote_potato0.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_remote_potato0.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f3a3a917908af6260f40b217f966750a095140abb6bf85cf3a728725bc16996f"
 		score = 75
 		quality = 79
@@ -353696,8 +354249,8 @@ rule SIGNATURE_BASE_APT_Webshell_Tiny_1 : FILE
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_aus_parl_compromise.yar#L12-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_aus_parl_compromise.yar#L12-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "277162f720195c94d36fd3350d0dda785007e8cc6ed2ab2aa1a6a6262f2993fa"
 		score = 75
 		quality = 85
@@ -353718,8 +354271,8 @@ rule SIGNATURE_BASE_APT_Webshell_AUS_Tiny_2 : FILE
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_aus_parl_compromise.yar#L25-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_aus_parl_compromise.yar#L25-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e26c265d2b1606257d8c843921601f14cae2beaf246f8e37daeeb6c5ff12f289"
 		score = 75
 		quality = 85
@@ -353742,8 +354295,8 @@ rule SIGNATURE_BASE_APT_Webshell_AUS_Jscript_3 : FILE
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_aus_parl_compromise.yar#L40-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_aus_parl_compromise.yar#L40-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e144e555dd80e15ac9072a645e629a86ca1a6b52949d236ec3daedbf06bd6718"
 		score = 75
 		quality = 85
@@ -353766,8 +354319,8 @@ rule SIGNATURE_BASE_APT_Webshell_AUS_4 : FILE
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_aus_parl_compromise.yar#L56-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_aus_parl_compromise.yar#L56-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4a4f26b50631021979e4a8246a1e1c10150f4fb03eb7d77a1042e41ef57b3961"
 		score = 75
 		quality = 85
@@ -353792,8 +354345,8 @@ rule SIGNATURE_BASE_APT_Script_AUS_4 : FILE
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_aus_parl_compromise.yar#L73-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_aus_parl_compromise.yar#L73-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3a81365572380964abe07a1ec16a9ea299bf16a4e624285faaa6f72c44f762d2"
 		score = 75
 		quality = 83
@@ -353820,8 +354373,8 @@ rule SIGNATURE_BASE_APT_Webshell_AUS_5 : FILE
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_aus_parl_compromise.yar#L92-L111"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_aus_parl_compromise.yar#L92-L111"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fb0e53e5561f7f14f2ad6afcda2798d353cf4d54d12ae3354b03d62ed0c00bf3"
 		score = 75
 		quality = 85
@@ -353849,8 +354402,8 @@ rule SIGNATURE_BASE_HKTL_Lazycat_Logeraser
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_aus_parl_compromise.yar#L113-L135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_aus_parl_compromise.yar#L113-L135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2b4b69dd675172b9b0c08fac674b6daa107535694b4073750501627fb48d12c2"
 		score = 75
 		quality = 35
@@ -353881,8 +354434,8 @@ rule SIGNATURE_BASE_HKTL_Powerkatz_Feb19_1
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_aus_parl_compromise.yar#L137-L152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_aus_parl_compromise.yar#L137-L152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d1d39d68c5c5a3f6142a966925e2a136e937bc09abddd4080862346683886455"
 		score = 75
 		quality = 85
@@ -353906,8 +354459,8 @@ rule SIGNATURE_BASE_HKTL_Unknown_Feb19_1
 		date = "2019-02-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyb3rops/status/1097423665472376832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_aus_parl_compromise.yar#L154-L172"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_aus_parl_compromise.yar#L154-L172"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "231c771ed24106a8daf352a0df1bc2db43ebd8d1108d7fa1162d03d40e738d46"
 		score = 75
 		quality = 85
@@ -353934,8 +354487,8 @@ rule SIGNATURE_BASE_Gen_Python_Pyminifier_Encoded_Payload : FILE
 		date = "2019-12-16"
 		modified = "2023-12-05"
 		reference = "https://github.com/liftoff/pyminifier"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_python_pyminifier_encoded_payload.yar#L1-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_python_pyminifier_encoded_payload.yar#L1-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "01df8765ea35db382d1dd67a502bf1d9647d8fe818ec31abff41c7e41c2816c0"
 		hash = "15d201152a9465497a0f9dd6939e48315b358702c5e2a3c506ad436bb8816da7"
 		hash = "ab91f76394ddf866cc0b315d862a19b57ded93be5dfc2dd0a81e6a43d0c5f301"
@@ -353966,8 +354519,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_DLL_Moveit_Jun23_1 : FILE
 		date = "2023-06-01"
 		modified = "2023-12-05"
 		reference = "https://www.trustedsec.com/blog/critical-vulnerability-in-progress-moveit-transfer-technical-analysis-and-recommendations/?utm_content=251159938&utm_medium=social&utm_source=twitter&hss_channel=tw-403811306"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vuln_moveit_0day_jun23.yar#L2-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vuln_moveit_0day_jun23.yar#L2-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "47c2ec1e833852941434586b61d6f435b9acb32b2ff48e0a9e8006e0f9ff8056"
 		score = 85
 		quality = 85
@@ -353992,8 +354545,8 @@ rule SIGNATURE_BASE_WEBSHELL_ASPX_Moveit_Jun23_1 : FILE
 		date = "2023-06-01"
 		modified = "2023-12-05"
 		reference = "https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vuln_moveit_0day_jun23.yar#L24-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vuln_moveit_0day_jun23.yar#L24-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "436f9a503ad938541faa8f34604310ba6d932e40a41dc189ccd293b7191a7621"
 		score = 85
 		quality = 85
@@ -354019,8 +354572,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Moveit_Exploitation_Indicator_Jun23_1
 		date = "2023-06-01"
 		modified = "2023-12-05"
 		reference = "https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vuln_moveit_0day_jun23.yar#L43-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vuln_moveit_0day_jun23.yar#L43-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "26674d8dea5cb2e95e442c4c75d80ca610f7373f0b216c0b1c83a5b1f9f70316"
 		score = 70
 		quality = 85
@@ -354042,8 +354595,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Moveit_Exploitation_Indicator_Jun23_2
 		date = "2023-06-03"
 		modified = "2023-12-05"
 		reference = "https://www.huntress.com/blog/moveit-transfer-critical-vulnerability-rapid-response"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vuln_moveit_0day_jun23.yar#L58-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vuln_moveit_0day_jun23.yar#L58-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "56328d078801a702ad47f01f356df6f00be8da593d03c549e77312af9b47b5be"
 		score = 70
 		quality = 85
@@ -354070,8 +354623,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Moveit_Exploitation_Indicator_Jun23_3
 		date = "2023-06-13"
 		modified = "2023-12-05"
 		reference = "https://attackerkb.com/topics/mXmV0YpC3W/cve-2023-34362/rapid7-analysis"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vuln_moveit_0day_jun23.yar#L81-L94"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vuln_moveit_0day_jun23.yar#L81-L94"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2eaa06c31687c6368f036a705fdc1b1c42355f19c098ae764a998039cc4aebb5"
 		score = 70
 		quality = 85
@@ -354093,8 +354646,8 @@ rule SIGNATURE_BASE_Zeus_Panda : FILE
 		date = "2017-08-04"
 		modified = "2023-12-05"
 		reference = "https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_zeus_panda.yar#L11-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_zeus_panda.yar#L11-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "63312763196259204dcee6b6c46ae1a16abeab0afabbce9e2e8413131856b04e"
 		score = 75
 		quality = 85
@@ -354125,8 +354678,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf : FILE
 		date = "2017-02-09"
 		modified = "2022-08-18"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L10-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L10-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4f0eab53a135242c7891b8c88e937a854c945a10000ca4cbf7b21f4596dca410"
 		score = 75
 		quality = 85
@@ -354148,8 +354701,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_2
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L25-L40"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L25-L40"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8f803a5d71a084e1ea453638bdeaa2dd590a1912be652b74b065d9afd332ffa2"
 		score = 75
 		quality = 85
@@ -354174,8 +354727,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Psh
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L42-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L42-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2e6015e8c91ccd8647e78220d10c2d704867369d962b734bb4522a1213be2f2d"
 		score = 75
 		quality = 85
@@ -354200,8 +354753,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Exe
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L59-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L59-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3baa242e90dd845e022785101ebc2d5c0d84007d20aef6a2bb6a9a8c6280d4eb"
 		score = 75
 		quality = 85
@@ -354229,8 +354782,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_3
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L79-L102"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L79-L102"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d1aeb97c19365f996dc1bc0fd6e01342878967be25d3e042158eba986af28b4a"
 		score = 75
 		quality = 83
@@ -354263,8 +354816,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_4
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L104-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L104-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8e84ef13aa72c7c35520b3534b908c7d00240915ab02f8216a2cef6440c322a2"
 		score = 75
 		quality = 85
@@ -354291,8 +354844,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Exe_2
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L123-L139"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L123-L139"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bd82f496ade1a62e0aee8c8c90cee84377cb90adf11c87652082e74c8c85e568"
 		score = 75
 		quality = 83
@@ -354318,8 +354871,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_5
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L141-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L141-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cb602670329391b091f87818a0f5defaa8f688f7921978510739b96ca63a2f12"
 		score = 75
 		quality = 85
@@ -354344,8 +354897,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_6
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L158-L177"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L158-L177"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b9498828a55477049922e50329d0c38ee34b8484562113a2686669ccbb8b3318"
 		score = 75
 		quality = 85
@@ -354374,8 +354927,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_7
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L179-L194"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L179-L194"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "167d295de5ffc9c88cf72f086fef4514f08cc3b9dd2d93b3ec36acffd6430370"
 		score = 75
 		quality = 85
@@ -354400,8 +354953,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_8
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L196-L215"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L196-L215"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d2b26276843cdfef2d1458ee6c3e2ecea962d1cd42bc21b86ebd03599bebcbc6"
 		score = 75
 		quality = 85
@@ -354430,8 +354983,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Cmd
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L217-L230"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L217-L230"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ea44b3d00733eb7d4f924ccaece5265fcd90a462acb954a134b5355ecb0621e5"
 		score = 75
 		quality = 85
@@ -354454,8 +355007,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_9 : FILE
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L232-L252"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L232-L252"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b5761b51b79f83c48deafaf3786cb90ef493ab0448cd67b86655cecb0160a627"
 		score = 75
 		quality = 83
@@ -354482,8 +355035,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_10 : FILE
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L254-L269"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L254-L269"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c772fdc40e110ef1287da680dc4ef1718b86856abab4d814ec7bc2ee1e7808ee"
 		score = 75
 		quality = 85
@@ -354508,8 +355061,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Svc : FILE
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L271-L285"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L271-L285"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "21c6aa2333335a5822328fb5176ca37060eb401640ed5cc340aefb63685078f4"
 		score = 75
 		quality = 85
@@ -354533,8 +355086,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_11
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L287-L302"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L287-L302"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f003989a99315b42c0c73beaa2928d0187fe92a4bf329912d64fac9f8fc9358c"
 		score = 75
 		quality = 83
@@ -354559,8 +355112,8 @@ rule SIGNATURE_BASE_Msfpayloads_Msf_Ref
 		date = "2017-02-09"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L304-L323"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L304-L323"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ed6e408575b88ff67479ac1b1a2f37c5fad3ec200a446700840ad4245386bfc4"
 		score = 75
 		quality = 85
@@ -354589,8 +355142,8 @@ rule SIGNATURE_BASE_MAL_Metasploit_Framework_UA : FILE
 		date = "2018-08-16"
 		modified = "2023-12-05"
 		reference = "https://github.com/rapid7/metasploit-framework/commit/12a6d67be48527f5d3987e40cac2a0cbb4ab6ce7"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L325-L339"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L325-L339"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "986fea99735b93aed9dbf72582c009e11a1e7ba19b256902f93312474ef34b4a"
 		score = 65
 		quality = 85
@@ -354613,8 +355166,8 @@ rule SIGNATURE_BASE_HKTL_Meterpreter_Inmemory
 		date = "2020-06-29"
 		modified = "2023-04-21"
 		reference = "https://www.reddit.com/r/purpleteamsec/comments/hjux11/meterpreter_memory_indicators_detection_tooling/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_metasploit_payloads.yar#L341-L363"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_metasploit_payloads.yar#L341-L363"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4b39dbcb276842a1306205cf2e51ce86b6d2aa21353d277df15f4ea3b3d97678"
 		score = 85
 		quality = 85
@@ -354642,8 +355195,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Gen_1 : FILE
 		date = "2016-04-22"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nanocore_rat.yar#L8-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nanocore_rat.yar#L8-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "09fab3ef1b4ca9092fd69fb09c4ef759946fcb5b84161441bff797bb4009ed00"
 		score = 70
 		quality = 85
@@ -354670,8 +355223,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Gen_2 : FILE
 		date = "2016-04-22"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nanocore_rat.yar#L28-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nanocore_rat.yar#L28-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "23b3d149012fb8395b7daa2ecaf3ee66fdeac352ac94d632d76e52df2c6e8ea6"
 		score = 100
 		quality = 85
@@ -354696,8 +355249,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Sample_1 : FILE
 		date = "2016-04-22"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nanocore_rat.yar#L46-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nanocore_rat.yar#L46-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c74e5fe7e9d4dd7f032281b0e617f2355bc5844acf04a8ffbfd42165c7d9b8e4"
 		score = 75
 		quality = 85
@@ -354722,8 +355275,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Sample_2 : FILE
 		date = "2016-04-22"
 		modified = "2023-12-05"
 		reference = "https://www.sentinelone.com/blogs/teaching-an-old-rat-new-tricks/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nanocore_rat.yar#L64-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nanocore_rat.yar#L64-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "505176b7320e95c652f0b6fdc6fadc3d16ff30115263862ba61209fa2fb82a2d"
 		score = 75
 		quality = 85
@@ -354748,8 +355301,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Feb18_1 : FILE
 		date = "2018-02-19"
 		modified = "2023-12-05"
 		reference = "Internal Research - T2T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nanocore_rat.yar#L92-L115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nanocore_rat.yar#L92-L115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "824fd7304fb298ced69811078aa2dd23d7116554cffb8b6e4b690fccc93a4caf"
 		score = 75
 		quality = 85
@@ -354778,8 +355331,8 @@ rule SIGNATURE_BASE_Nanocore_RAT_Feb18_2 : FILE
 		date = "2018-02-19"
 		modified = "2023-12-05"
 		reference = "Internal Research - T2T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_nanocore_rat.yar#L117-L137"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_nanocore_rat.yar#L117-L137"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c104e431a4ecc0d18d7eb74e7a55d32bf8978ee922637d48f3f6a9466a0f5b1a"
 		score = 75
 		quality = 85
@@ -354809,8 +355362,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_1 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L13-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L13-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6e94111abe83aa500bfa35a3a7c2d43c3ed4011bc540401f047e84cfc27204ca"
 		score = 75
 		quality = 85
@@ -354836,8 +355389,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_2 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L31-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L31-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ddd3dee11e25ea40fa3cc578c6a836ea850359a5914d5eb5d16ea4340827b91b"
 		score = 75
 		quality = 85
@@ -354862,8 +355415,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_3 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L48-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L48-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f1617829ccf7da6ee2e9f692fbf1f61d3f1c6a17103db85190d6a8b4fca69328"
 		score = 75
 		quality = 85
@@ -354887,8 +355440,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_4 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L64-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L64-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f258070054a29cbec0876536d295b85c7bd9f23988d1e0fc2ba58660b0796716"
 		score = 75
 		quality = 85
@@ -354919,8 +355472,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_5 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L87-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L87-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6f2d4cfd55017ebb34fb6e8ad1b0b46b184926c69d4bacee88dc639771f96792"
 		score = 75
 		quality = 85
@@ -354944,8 +355497,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_6 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L103-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L103-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f6cc84ebed26a0dbecfcb3ffb3a11c111ae3d5b40497d59ada518d33bee57fdd"
 		score = 75
 		quality = 85
@@ -354968,8 +355521,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_7 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L118-L131"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L118-L131"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "198f8869e56d5549d9195524a86f6557162c5d25b4915bec0bf513797d880ea1"
 		score = 75
 		quality = 85
@@ -354992,8 +355545,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_8 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L133-L148"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L133-L148"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6c8ddc7fb5f3256e57e66f502f6e3c582d82540f773bf4113cac4a685d45f81b"
 		score = 75
 		quality = 85
@@ -355019,8 +355572,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_9 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L150-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L150-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0500481ae4bb7d4a223a106d2887b994e5000815704e678b2f3ff127a86c22a2"
 		score = 75
 		quality = 85
@@ -355043,8 +355596,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_10 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L172-L189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L172-L189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "79a8dfd63e96ccc9259272476e364e53b841b42255a2a5f3b9f93e91caa5d1c2"
 		score = 75
 		quality = 85
@@ -355071,8 +355624,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_11 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L191-L210"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L191-L210"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "066fc3622a0db5cc511e85f6efc08191c2c9268524c8761dc17a05e6d133c263"
 		score = 75
 		quality = 85
@@ -355100,8 +355653,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_12 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L212-L234"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L212-L234"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "49357a34f3b1d0bb86d1c6ddfa6a6c3b92bfafaebd050d835c0a902199a2121b"
 		score = 75
 		quality = 85
@@ -355134,8 +355687,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_13 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L236-L254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L236-L254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3c319a3ca78687cd2af77d97b4b4a8e72dadd812bf3da2145a23df278c3aa9a2"
 		score = 75
 		quality = 85
@@ -355163,8 +355716,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_14 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L256-L276"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L256-L276"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c96a40495bc2a17a6215c877ad054bd2e1e10c524c2d54da1955d370b9ccdcd7"
 		score = 75
 		quality = 85
@@ -355192,8 +355745,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_15 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L278-L299"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L278-L299"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "22769d215e52965f48eb3455b39fbd8f8ce950a67f8132612d42b78fde9822a5"
 		score = 75
 		quality = 85
@@ -355224,8 +355777,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_16 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L301-L317"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L301-L317"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "950ece29e8fd056e3506684bce9b16eb185d63c1b020e4911972f5fcbdadbe30"
 		score = 75
 		quality = 85
@@ -355250,8 +355803,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_17 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L319-L343"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L319-L343"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0724e07614e704d9ac8a1ae4aecfcf3d9800dde6f83eeecc8427ab6205e321a6"
 		score = 75
 		quality = 85
@@ -355284,8 +355837,8 @@ rule SIGNATURE_BASE_APT_Thrip_Sample_Jun18_18 : FILE
 		date = "2018-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/blogs/threat-intelligence/thrip-hits-satellite-telecoms-defense-targets "
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_thrip.yar#L345-L367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_thrip.yar#L345-L367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5cac313bd77900e67f0528d660671394915dff7159ca6fa067fd9c392d7c269a"
 		score = 75
 		quality = 85
@@ -355317,8 +355870,8 @@ rule SIGNATURE_BASE_HKTL_Natbypass_Dec22_1 : T1090 FILE
 		date = "2022-12-27"
 		modified = "2023-12-05"
 		reference = "https://github.com/cw1997/NATBypass"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/hktl_natbypass.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/hktl_natbypass.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8af76d7d9d4500dc219090fbd8ca8cd9fd17bfc224f14a411febfd6f75b92206"
 		score = 80
 		quality = 85
@@ -355344,8 +355897,8 @@ rule SIGNATURE_BASE_Minirat_Gen_1 : FILE
 		date = "2018-01-22"
 		modified = "2023-12-05"
 		reference = "https://www.eff.org/deeplinks/2018/01/dark-caracal-good-news-and-bad-news"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_darkcaracal.yar#L12-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_darkcaracal.yar#L12-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "53c4ba16ae2c3eb3a6c7371e7fc8b962cfbee5b70abd8267294834eac3e55769"
 		score = 75
 		quality = 85
@@ -355373,8 +355926,8 @@ rule SIGNATURE_BASE_Exploit_MS15_077_078 : FILE
 		date = "2015-07-21"
 		modified = "2023-12-05"
 		reference = "https://code.google.com/p/google-security-research/issues/detail?id=473&can=1&start=200"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2015_2426.yar#L10-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2015_2426.yar#L10-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "354219a1ed88c891c64513a057266199919406309460d92792a4be509f9580a1"
 		score = 75
 		quality = 85
@@ -355409,8 +355962,8 @@ rule SIGNATURE_BASE_Exploit_MS15_077_078_Hackingteam : FILE
 		date = "2015-07-21"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2015_2426.yar#L38-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2015_2426.yar#L38-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c94582629e555c9fd0b29302720078a7eb47d3013d0c1b5edd4e060c2062fa92"
 		score = 75
 		quality = 85
@@ -355440,8 +355993,8 @@ rule SIGNATURE_BASE_APT_Artradownloader2_Aug19_1 : FILE
 		date = "2019-08-27"
 		modified = "2023-12-05"
 		reference = "https://unit42.paloaltonetworks.com/multiple-artradownloader-variants-used-by-bitter-to-target-pakistan/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_patchwork.yar#L2-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_patchwork.yar#L2-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c365c3d678c881eeb626b5d26e6164b473990387619337459ccdd8d9f0633b49"
 		score = 75
 		quality = 85
@@ -355479,8 +356032,8 @@ rule SIGNATURE_BASE_VUL_Tomcat_Catalina_CVE_2020_1938 : FILE
 		date = "2020-02-28"
 		modified = "2023-12-05"
 		reference = "https://www.chaitin.cn/en/ghostcat"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vul_cve_2020_1938.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vul_cve_2020_1938.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "902b469c8a31add2254e8d5ade6bc22f1bc0a2b10ea70f3131f0640f2900e667"
 		score = 50
 		quality = 85
@@ -355506,8 +356059,8 @@ rule SIGNATURE_BASE_MAL_Avemaria_RAT_Jul19 : FILE
 		date = "2019-07-01"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/abuse_ch/status/1145697917161934856"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_avemaria_rat.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_avemaria_rat.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a848ec579db6a07faeab5c855a56889b4bfeaa2958d0388f7fe8c6dcdea7e457"
 		score = 75
 		quality = 85
@@ -355532,8 +356085,8 @@ rule SIGNATURE_BASE_Shadowpad_Nssock2 : FILE
 		date = "2017-08-15"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/shadowpad-in-corporate-networks/81432/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_shadowpad.yar#L13-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_shadowpad.yar#L13-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ea9675d5acfdc80cfa787db2c2dfe2169aa7c5e3ead35f020d0b0b664ecb4bf4"
 		score = 75
 		quality = 85
@@ -355558,8 +356111,8 @@ rule SIGNATURE_BASE_Powershell_Suite_Hacktools_Gen_Strings : FILE
 		date = "2017-12-27"
 		modified = "2023-12-05"
 		reference = "https://github.com/FuzzySecurity/PowerShell-Suite"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_suite.yar#L2-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_suite.yar#L2-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0f14a0665c60e85c0cf508f46130b09e467a16270fcd1aa8d0319e17778d4d75"
 		score = 75
 		quality = 83
@@ -355613,8 +356166,8 @@ rule SIGNATURE_BASE_Powershell_Suite_Eidolon : FILE
 		date = "2017-12-27"
 		modified = "2023-12-05"
 		reference = "https://github.com/FuzzySecurity/PowerShell-Suite"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_suite.yar#L48-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_suite.yar#L48-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "587a9a8569801e2aa96a6f171705fdc1db5632734b54e5a9eb8282502e1efc63"
 		score = 75
 		quality = 85
@@ -355639,8 +356192,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Bypassuac : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_empire.yar#L9-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_empire.yar#L9-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ab0f900a6915b7497313977871a64c3658f3e6f73f11b03d2d33ca61305dc6a8"
 		logic_hash = "1697065405fa0e255cdd77fa39f53866118caf0bad6a3d72756590303610e7b6"
 		score = 70
@@ -355666,8 +356219,8 @@ rule SIGNATURE_BASE_Empire_Lib_Modules_Trollsploit_Message : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_empire.yar#L28-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_empire.yar#L28-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "71f2258177eb16eafabb110a9333faab30edacf67cb019d5eab3c12d095655d5"
 		logic_hash = "70b7d91395ae30131c1448511425abf32ddedf04632266454aa008330ff28222"
 		score = 70
@@ -355693,8 +356246,8 @@ rule SIGNATURE_BASE_Empire_Persistence : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_empire.yar#L47-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_empire.yar#L47-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ae8875f7fcb8b4de5cf9721a9f5a9f7782f7c436c86422060ecdc5181e31092f"
 		logic_hash = "3c398aa180b6f2225a25f9b1430e89991c7e391930e2be140e89c67da67b3614"
 		score = 70
@@ -355719,8 +356272,8 @@ rule SIGNATURE_BASE_Empire_Portscan : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_empire.yar#L65-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_empire.yar#L65-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b355efa1e7b3681b1402e22c58ce968795ef245fd08a0afb948d45c173e60b97"
 		logic_hash = "162ac4ccc8629a2d017831cdc6d1bf8d7a62b844bf68a0d61956b2f41a5e004b"
 		score = 70
@@ -355744,8 +356297,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Shellcode : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_empire.yar#L82-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_empire.yar#L82-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "fa75cfd57269fbe3ad6bdc545ee57eb19335b0048629c93f1dc1fe1059f60438"
 		logic_hash = "968a140f75aa17bd9aac243483cade931dc047854b65b2f61146492c2cf01ea5"
 		score = 70
@@ -355770,8 +356323,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Mimikatz : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_empire.yar#L100-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_empire.yar#L100-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c5481864b757837ecbc75997fa24978ffde3672b8a144a55478ba9a864a19466"
 		logic_hash = "3e16bed3dd7b36920cdf01507f35e38d004e3ce2f3301911a8ee4aedbae6c5c3"
 		score = 70
@@ -355796,8 +356349,8 @@ rule SIGNATURE_BASE_Empire_Lib_Modules_Credentials_Mimikatz_Pth : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_empire.yar#L118-L133"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_empire.yar#L118-L133"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6dee1cf931e02c5f3dc6889e879cc193325b39e18409dcdaf987b8bf7c459211"
 		logic_hash = "6989c2e50ce642e0300e1293f46cd36e5141274d1e7172a8312595bb515bede2"
 		score = 70
@@ -355821,8 +356374,8 @@ rule SIGNATURE_BASE_Empire_Write_Hijackdll : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_empire.yar#L135-L151"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_empire.yar#L135-L151"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "155fa7168e28f15bb34f67344f47234a866e2c63b3303422ff977540623c70bf"
 		logic_hash = "e01157fe4adaf647474292bfbbb8196c0b7e89433da52a386a8d9573ae543679"
 		score = 70
@@ -355847,8 +356400,8 @@ rule SIGNATURE_BASE_Empire_Skeleton_Key : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_empire.yar#L153-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_empire.yar#L153-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3d02f16dcc38faaf5e97e4c5dbddf761f2816004775e6af8826cde9e29bb750f"
 		logic_hash = "910451b2b2ed7cb5f7891d97d15e49da24b182adc903926f539fc4bfe589f2d5"
 		score = 70
@@ -355874,8 +356427,8 @@ rule SIGNATURE_BASE_Empire_Invoke_Wmi : FILE
 		date = "2015-08-06"
 		modified = "2023-12-05"
 		reference = "https://github.com/PowerShellEmpire/Empire"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_empire.yar#L172-L188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_empire.yar#L172-L188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a914cb227f652734a91d3d39745ceeacaef7a8b5e89c1beedfd6d5f9b4615a1d"
 		logic_hash = "7179a22eec8eb9e59bf590e671e6849d5b960c58eb8fa591bc3b340d64f1d076"
 		score = 70
@@ -355900,8 +356453,8 @@ rule SIGNATURE_BASE_MAL_Sophos_XG_Pygmy_Goat_AES_Key : FILE
 		date = "2024-10-22"
 		modified = "2024-12-12"
 		reference = "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/pygmy-goat/ncsc-mar-pygmy-goat.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_sophos_pygmy_nov24.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_sophos_pygmy_nov24.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "da6c5d7a03eab01ddbb460cbdd16622839b3a52cfa4e91f169d3d477c60cfed4"
 		score = 75
 		quality = 69
@@ -355930,8 +356483,8 @@ rule SIGNATURE_BASE_MAL_Sophos_XG_Pygmy_Goat_Magic_Strings : FILE
 		date = "2024-10-22"
 		modified = "2024-12-12"
 		reference = "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/pygmy-goat/ncsc-mar-pygmy-goat.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_sophos_pygmy_nov24.yar#L26-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_sophos_pygmy_nov24.yar#L26-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "df40e818002a72ee649dd2bb79cb59938dc108690cce03c99a72fc036406c4b2"
 		score = 75
 		quality = 85
@@ -355958,8 +356511,8 @@ rule SIGNATURE_BASE_MAL_Earthworm_Socks_Proxy_ID_Generation : FILE
 		date = "2024-10-22"
 		modified = "2024-12-12"
 		reference = "https://www.ncsc.gov.uk/static-assets/documents/malware-analysis-reports/pygmy-goat/ncsc-mar-pygmy-goat.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_sophos_pygmy_nov24.yar#L46-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_sophos_pygmy_nov24.yar#L46-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6837cba2637ed02d1d620c037b200d528c09a39498c1e320873a3a244e67932c"
 		score = 75
 		quality = 85
@@ -355993,8 +356546,8 @@ rule SIGNATURE_BASE_CVE_2015_1701_Taihou : CVE_2015_1701 FILE
 		date = "2015-05-13"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/W4nU0q"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2015_1701.yar#L2-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2015_1701.yar#L2-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d230e036c303642c40bdf83be2b097f6e447a7e7d4292c495179edbae8a4124c"
 		score = 70
 		quality = 85
@@ -356028,8 +356581,8 @@ rule SIGNATURE_BASE_Muddywater_Mal_Doc_Feb18_1 : FILE
 		date = "2018-02-26"
 		modified = "2023-12-05"
 		reference = "Internal Research - TI2T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_muddywater.yar#L10-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_muddywater.yar#L10-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b675b004f86695821737b7fc05276c8350e44f5822ec458a74658f895ccf7082"
 		score = 75
 		quality = 85
@@ -356053,8 +356606,8 @@ rule SIGNATURE_BASE_Muddywater_Mal_Doc_Feb18_2 : FILE
 		date = "2018-02-26"
 		modified = "2023-12-05"
 		reference = "Internal Research - TI2T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_muddywater.yar#L28-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_muddywater.yar#L28-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b198396d27b32f8aa57a25cd6e33deb2bcfb726731e2e07f8b9d50b5f6ff13a0"
 		score = 75
 		quality = 85
@@ -356082,8 +356635,8 @@ rule SIGNATURE_BASE_MAL_Muddywater_Droppedtask_Jun18_1 : FILE
 		date = "2018-06-12"
 		modified = "2023-12-05"
 		reference = "https://app.any.run/tasks/719c94eb-0a00-47cc-b583-ad4f9e25ebdb"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_muddywater.yar#L48-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_muddywater.yar#L48-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "776ae1adab223ae258d1c1c0c501e177dafe196964a2ede31789a7caa8495b2d"
 		score = 75
 		quality = 85
@@ -356110,8 +356663,8 @@ rule SIGNATURE_BASE_APT_MAL_DNS_Hijacking_Campaign_AA19_024A : FILE
 		date = "2019-01-25"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/AA19-024A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_aa19_024a.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_aa19_024a.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8e9ec132df6cf6a89f6694682292feec0f3a762c2df6b1dc8180d9ab68e7183b"
 		score = 75
 		quality = 85
@@ -356139,8 +356692,8 @@ rule SIGNATURE_BASE_Freemilk_APT_Mal_1 : FILE
 		date = "2017-10-05"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_freemilk.yar#L13-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_freemilk.yar#L13-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d66feceb01ecdd84345def58270a8788b563c99a7efadf9a3049c5fbbbd15da8"
 		score = 75
 		quality = 85
@@ -356172,8 +356725,8 @@ rule SIGNATURE_BASE_Freemilk_APT_Mal_2 : FILE
 		date = "2017-10-05"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_freemilk.yar#L41-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_freemilk.yar#L41-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ad2cc04542e93add3e7856574d4de5aa371cc31542f87b1e90d30e12e0149341"
 		score = 75
 		quality = 85
@@ -356199,8 +356752,8 @@ rule SIGNATURE_BASE_Freemilk_APT_Mal_3 : FILE
 		date = "2017-10-05"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_freemilk.yar#L62-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_freemilk.yar#L62-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "be68f624a2a374525857193d27f0645be5d10c198954dd90350448c3127e4bb5"
 		score = 75
 		quality = 83
@@ -356227,8 +356780,8 @@ rule SIGNATURE_BASE_Freemilk_APT_Mal_4 : FILE
 		date = "2017-10-05"
 		modified = "2023-12-05"
 		reference = "https://researchcenter.paloaltonetworks.com/2017/10/unit42-freemilk-highly-targeted-spear-phishing-campaign/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_freemilk.yar#L80-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_freemilk.yar#L80-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "deedb1da7e3421cd300fceea354a690e22005bab16eb0cc20b46f912393b637d"
 		score = 75
 		quality = 85
@@ -356257,8 +356810,8 @@ rule SIGNATURE_BASE_SUSP_Vulndriver_HP_Hardware_Diagnostics_Etdsupp_May23 : FILE
 		date = "2023-05-12"
 		modified = "2023-12-05"
 		reference = "https://github.com/alfarom256/HPHardwareDiagnostics-PoC/tree/main/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/susp_vulndriver_hp_hardware_diagnostics_etdsupp_may23.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/susp_vulndriver_hp_hardware_diagnostics_etdsupp_may23.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f744abb99c97d98e4cd08072a897107829d6d8481aee96c22443f626d00f4145"
 		logic_hash = "bb50f591e49b1b0b08ccbe4ca5cb3685d8f358e51e6d6f77677bc05701f6b301"
 		score = 65
@@ -356283,8 +356836,8 @@ rule SIGNATURE_BASE_Apt_RU_Turla_Kazuar_Debugview_Pefeatures : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.epicturla.com/blog/sysinturla"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_kazuar.yar#L15-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_kazuar.yar#L15-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "10c2e47e5c1885c7dc19d1fb7933c9b15911cbe4c6fba99b7f763738ae934126"
 		score = 85
 		quality = 85
@@ -356305,8 +356858,8 @@ rule SIGNATURE_BASE_APT_MAL_RU_Turla_Kazuar_May20_1 : FILE
 		date = "2020-05-28"
 		modified = "2023-12-05"
 		reference = "https://www.epicturla.com/blog/sysinturla"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_kazuar.yar#L61-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_kazuar.yar#L61-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "547ed3cd88057ab91a0804ecf515eacca04fcf6e490aed1ee0f6a26c3d6b8268"
 		score = 75
 		quality = 85
@@ -356333,8 +356886,8 @@ rule SIGNATURE_BASE_Kraken_Bot_Sample : FILE
 		date = "2015-05-07"
 		modified = "2023-12-05"
 		reference = "https://blog.gdatasoftware.com/blog/article/dissecting-the-kraken.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_kraken_bot1.yar#L8-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_kraken_bot1.yar#L8-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "798e9f43fc199269a3ec68980eb4d91eb195436d"
 		logic_hash = "2e0f0a981ce3483aad8e48f6a259f9875ea4f8449feb24bafbae07243dd82a16"
 		score = 90
@@ -356361,8 +356914,8 @@ rule SIGNATURE_BASE_MAL_BACKORDER_LOADER_WIN_Go_Jan23 : LOADER GOLANG BACKORDER
 		date = "2025-01-23"
 		modified = "2025-03-20"
 		reference = "EclecticIQ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_win_go_backorder_loader.yar#L1-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_win_go_backorder_loader.yar#L1-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "70c91ffdc866920a634b31bf4a070fb3c3f947fc9de22b783d6f47a097fec2d8"
 		logic_hash = "9e79ec9e58e02b7660383ff20957b95bc3c61ed3badc9af3d5829ebe5bf6bd7b"
 		score = 80
@@ -356392,8 +356945,8 @@ rule SIGNATURE_BASE_Invoke_Mimikittenz : FILE
 		date = "2016-07-19"
 		modified = "2023-12-05"
 		reference = "https://github.com/putterpanda/mimikittenz"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mimikittenz.yar#L10-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mimikittenz.yar#L10-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f0410a0290d09d3574854b55ffe578f6f799368e14677b581cd65d18700a8656"
 		score = 90
 		quality = 85
@@ -356420,8 +356973,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_COVID19_Apr20_1 : FILE
 		date = "2020-04-15"
 		modified = "2023-12-05"
 		reference = "https://unit42.paloaltonetworks.com/covid-19-themed-cyber-attacks-target-government-and-medical-organizations/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_covid_ransom.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_covid_ransom.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9b32ce1dff9d27c5f7541de97cd1198b0d837a69ee260b327c66a22ca6f30091"
 		score = 75
 		quality = 85
@@ -356446,8 +356999,8 @@ rule SIGNATURE_BASE_APT_MAL_Fujinama : FILE
 		date = "2021-01-07"
 		modified = "2023-12-05"
 		reference = "https://reaqta.com/2021/01/fujinama-analysis-leonardo-spa"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_fujinama_rat.yar#L1-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_fujinama_rat.yar#L1-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9bff8ee5424a939b5278b2d1b349d898d138b9efb3cf783221826abb4d8015ef"
 		score = 75
 		quality = 51
@@ -356479,8 +357032,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Venus_Nov22_1 : FILE
 		date = "2022-11-16"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/dyngnosis/status/1592588860168421376"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ransom_venus.yar#L3-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ransom_venus.yar#L3-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3c94d59015897f180ef55608a2761b37c7b52193e28895ea6a4c0548acf3ad34"
 		score = 85
 		quality = 85
@@ -356515,8 +357068,8 @@ rule SIGNATURE_BASE_MAL_Prolock_Malware : FILE
 		date = "2020-05-17"
 		modified = "2023-12-05"
 		reference = "https://raw.githubusercontent.com/fboldewin/YARA-rules/master/Prolock.Malware.yar"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ransom_prolock.yar#L1-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ransom_prolock.yar#L1-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "da8a0ec683475019daddd4acdd00d4c36eedacad3deef2be4220b86cbf5f9df0"
 		score = 75
 		quality = 85
@@ -356544,8 +357097,8 @@ rule SIGNATURE_BASE_MAL_Exilerat_Feb19_1 : FILE
 		date = "2019-02-04"
 		modified = "2023-12-05"
 		reference = "https://creativecommons.org/licenses/by-nc/4.0/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_exile_rat.yar#L4-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_exile_rat.yar#L4-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0556bc0dbd33502d5bf823cf265a4e133d9af43076abe35a86cf5e20ab314e35"
 		score = 75
 		quality = 85
@@ -356572,8 +357125,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Big_Link_File : FILE
 		date = "2018-05-15"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_lnk.yar#L2-L12"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_lnk.yar#L2-L12"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6e44483583249939494e76f14b022e698ba59dfe8b58133a69135144ef60c743"
 		score = 65
 		quality = 85
@@ -356591,8 +357144,8 @@ rule SIGNATURE_BASE_Trojandownloader : FILE
 		date = "2015-02-11"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/wJ8V1I"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_malware_generic.yar#L4-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_malware_generic.yar#L4-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5b8d4280ff6fc9c8e1b9593cbaeb04a29e64a81e"
 		logic_hash = "4911098beea1d348d41d6a38c03b343bb7b8a8090ba664fd4b0747045127c686"
 		score = 60
@@ -356636,8 +357189,8 @@ rule SIGNATURE_BASE_Ismdoor_Jul17_A2 : FILE
 		date = "2017-08-01"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/Voulnet/status/892104753295110145"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_malware_generic.yar#L54-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_malware_generic.yar#L54-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7944f690be190927c905d3b3c6e26765504af9fcfb445cf70c8899af115d5001"
 		score = 75
 		quality = 85
@@ -356664,8 +357217,8 @@ rule SIGNATURE_BASE_Unknown_Malware_Sample_Jul17_2 : FILE
 		date = "2017-08-01"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/iqH8CK"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_malware_generic.yar#L73-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_malware_generic.yar#L73-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "966e14331fa89f2cdb5593a0c10227264085ee127deed28341e395ba6845e19d"
 		score = 75
 		quality = 85
@@ -356691,8 +357244,8 @@ rule SIGNATURE_BASE_MAL_Unspecified_Jan18_1 : FILE
 		date = "2018-01-19"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_malware_generic.yar#L91-L110"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_malware_generic.yar#L91-L110"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cd4f7247473e04c348b49970ee3a6fd01415f005ac6dc7a79fbf937a693a80f4"
 		score = 75
 		quality = 85
@@ -356721,8 +357274,8 @@ rule SIGNATURE_BASE_Octowave_Loader_03_2025 : FILE
 		date = "2025-03-19"
 		modified = "2025-03-21"
 		reference = "https://yaratoolkit.securitybreak.io/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_octowave_loader_mar25.yar#L1-L285"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_octowave_loader_mar25.yar#L1-L285"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "266568d5f0f95cc805a833745a9e63689234ae927c2903230438c080f7ec2e56"
 		score = 75
 		quality = 85
@@ -356875,8 +357428,8 @@ rule SIGNATURE_BASE_Octowave_Loader_Supporting_File_03_2025 : FILE
 		date = "2025-03-19"
 		modified = "2025-03-21"
 		reference = "https://x.com/CyberRaiju/status/1893450184224362946?t=u0X6ST2Qgnrf-ujjphGOSg&s=19"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_octowave_loader_mar25.yar#L287-L312"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_octowave_loader_mar25.yar#L287-L312"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "42abd38e704a17ef81b423829c2dd356749873a5d036e43cc2746debfb3f5434"
 		score = 75
 		quality = 85
@@ -356906,8 +357459,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Oct16_A : FILE
 		date = "2016-10-08"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_malware_set_oct16.yar#L10-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_malware_set_oct16.yar#L10-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d71e6640be1b10790d49c084b9ba248e35a6a56dfe9c5a3f219a209024ebec27"
 		score = 80
 		quality = 85
@@ -356945,8 +357498,8 @@ rule SIGNATURE_BASE_Sality_Malware_Oct16 : FILE
 		date = "2016-10-08"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_malware_set_oct16.yar#L48-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_malware_set_oct16.yar#L48-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5bf14bbb0a7298a7bc896029c4b92ef9adf24307e4d05dcf86a518b266d1c2a8"
 		score = 80
 		quality = 85
@@ -356970,8 +357523,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Oct16_C : FILE
 		date = "2016-10-08"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_malware_set_oct16.yar#L65-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_malware_set_oct16.yar#L65-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1f212ef700e77c82954d997beef1157835da38330b583d02df418e10b6c182ee"
 		score = 80
 		quality = 85
@@ -356995,8 +357548,8 @@ rule SIGNATURE_BASE_Bladabindi_Malware_B64 : FILE
 		date = "2016-10-08"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_malware_set_oct16.yar#L91-L108"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_malware_set_oct16.yar#L91-L108"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "081a6361e29fc231f1467b837c51a39b8cccf8caa20844b22d469ce2bbd0c7fb"
 		score = 75
 		quality = 85
@@ -357023,8 +357576,8 @@ rule SIGNATURE_BASE_Dorkbot_Injector_Malware : FILE
 		date = "2016-10-08"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_malware_set_oct16.yar#L110-L129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_malware_set_oct16.yar#L110-L129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "36138520b0d39dc311b8e9355d1d1c215908a5fe1c01eec76c689f7e74a84303"
 		score = 75
 		quality = 85
@@ -357053,8 +357606,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Oct16_D : FILE
 		date = "2016-10-08"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_malware_set_oct16.yar#L131-L150"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_malware_set_oct16.yar#L131-L150"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "78cde422987d2aff64967b86b6cf9279c112a2bfb713a2ea40fe952379d2e326"
 		score = 75
 		quality = 85
@@ -357082,8 +357635,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Oct16_E : FILE
 		date = "2016-10-08"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_malware_set_oct16.yar#L152-L167"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_malware_set_oct16.yar#L152-L167"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2040a8cee840560a5aa6065df17206c0313d85b2d11ce482baab05c492360f35"
 		score = 75
 		quality = 85
@@ -357108,8 +357661,8 @@ rule SIGNATURE_BASE_Crime_Win_Rat_Alienspy : FILE
 		date = "2015-04-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_alienspy_rat.yar#L2-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_alienspy_rat.yar#L2-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2b6fec104a89badb057619f648119dcf6debd294ee2b80a1fde6ffa30a7a45f7"
 		score = 75
 		quality = 85
@@ -357159,8 +357712,8 @@ rule SIGNATURE_BASE_MAL_Qakbotloader_Export_Section_Feb23 : FILE
 		date = "2023-02-17"
 		modified = "2023-12-05"
 		reference = "https://github.com/kevoreilly/CAPEv2/blob/master/LICENSE"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_qbot_feb23.yar#L22-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_qbot_feb23.yar#L22-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6f99171c95a8ed5d056eeb9234dbbee123a6f95f481ad0e0a966abd2844f0e1a"
 		logic_hash = "0e40cd6acdbfb17670b414bd6f2ecdf1ae26ddd6a5d85931973b98963a43aba8"
 		score = 75
@@ -357184,8 +357737,8 @@ rule SIGNATURE_BASE_LNK_Malicious_Nov1 : FILE
 		date = "2017-11-06"
 		modified = "2023-12-05"
 		reference = "https://www.virustotal.com/en/file/ee069edc46a18698fa99b6d2204895e6a516af1a306ea986a798b178f289ecd6/analysis/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_mal_link.yar#L2-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_mal_link.yar#L2-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a1aa29497a0e4741807e3d74d54be69061aed21524c5f901615bd21e2ef13c67"
 		score = 60
 		quality = 81
@@ -357215,8 +357768,8 @@ rule SIGNATURE_BASE_Equationgroup_Emptycriss : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L15-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L15-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fcfbe4a8a959491dfba9e5d958e43221d83a1e49dcf005872a1b71efb1226d99"
 		score = 75
 		quality = 85
@@ -357241,8 +357794,8 @@ rule SIGNATURE_BASE_Equationgroup_Scripme : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L32-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L32-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5cffded6563bb3c94868f25e086be8d92837a7656707bf4e6a9e9f375d9ee7e0"
 		score = 75
 		quality = 85
@@ -357268,8 +357821,8 @@ rule SIGNATURE_BASE_Equationgroup_Crypttool : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L50-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L50-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ae2d5eda038326376511450e1f5bd2bbf6264d23df013b005b322d70eb6266a0"
 		score = 75
 		quality = 85
@@ -357293,8 +357846,8 @@ rule SIGNATURE_BASE_Equationgroup_Dumppoppy : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L66-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L66-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b6fb6a3799196375796da6f3a0169246145e668019dd692da67ca6f06d09c3dc"
 		score = 75
 		quality = 85
@@ -357319,8 +357872,8 @@ rule SIGNATURE_BASE_Equationgroup_Auditcleaner : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L84-L102"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L84-L102"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "30a6ae9ce7d02c1d945d57eabf29f430ad4cdbc48dba5fe71654efc2c59fde08"
 		score = 75
 		quality = 85
@@ -357347,8 +357900,8 @@ rule SIGNATURE_BASE_Equationgroup_Reverse_Shell : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L104-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L104-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6dc388fecbf606b19c04626d64f5fe4184f07c2a1597a6f8337aa4a827b2d89b"
 		score = 75
 		quality = 85
@@ -357372,8 +357925,8 @@ rule SIGNATURE_BASE_Equationgroup_Tnmunger : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L120-L134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L120-L134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ddb957ca9350288d0fa98ba20847a99dcba931b5a03d0ae94cd3409f82f728eb"
 		score = 75
 		quality = 85
@@ -357397,8 +357950,8 @@ rule SIGNATURE_BASE_Equationgroup_Ys_Ratload : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L136-L151"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L136-L151"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "82d00b7eecdb60911ecd933387eeb2ce4eec9721993beee60247d1273ad3368f"
 		score = 75
 		quality = 85
@@ -357423,8 +357976,8 @@ rule SIGNATURE_BASE_Equationgroup_Eh_1_1_0 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L153-L168"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L153-L168"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d0972bb57076606b3c84f3cbbb0be85cd5663c7cd6f6d9f09a2991cb6532bfa9"
 		score = 75
 		quality = 85
@@ -357449,8 +358002,8 @@ rule SIGNATURE_BASE_Equationgroup_Evolvingstrategy_1_0_1 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L170-L188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L170-L188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "87d25f1a4ca4a75292ab6cdcd1a79890c4475c2a9b34761ed92988bd517b4497"
 		score = 75
 		quality = 85
@@ -357476,8 +358029,8 @@ rule SIGNATURE_BASE_Equationgroup_Toast_V3_2_0 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L190-L205"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L190-L205"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a505eaafb6882e2701fe0a9b8712f85c1073d83291436eeaa7f4c52876d12359"
 		score = 75
 		quality = 85
@@ -357502,8 +358055,8 @@ rule SIGNATURE_BASE_Equationgroup_Sshobo : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L207-L223"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L207-L223"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "90c892e06ccedb6a3208d728e9f3c27c14bbe1b4c13b63d4a350bbbf38efbe9d"
 		score = 75
 		quality = 85
@@ -357529,8 +358082,8 @@ rule SIGNATURE_BASE_Equationgroup_Magicjack_V1_1_0_0_Client_1_1_0_0 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L225-L239"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L225-L239"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "44e853b8d148f84107d29449aa44b2e52226c9d2f397c019aa0f1d347863e388"
 		score = 75
 		quality = 85
@@ -357554,8 +358107,8 @@ rule SIGNATURE_BASE_Equationgroup_Packrat : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L241-L256"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L241-L256"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7e88e14e0d9c8e8f5ccca3bea78b875bf75fbf0dd54badc339237ca94f0d6373"
 		score = 75
 		quality = 85
@@ -357580,8 +358133,8 @@ rule SIGNATURE_BASE_Equationgroup_Telex : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L258-L274"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L258-L274"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9661bc43831307cb04883cfe8e54ebb2fe72bf3d7731b2b483cd19c40a5aeaa9"
 		score = 75
 		quality = 85
@@ -357607,8 +358160,8 @@ rule SIGNATURE_BASE_Equationgroup_Calserver : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L276-L291"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L276-L291"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "85080074058703a696ac7f978abd8f4d5234f6553c19736fb52375421c4af42b"
 		score = 75
 		quality = 85
@@ -357633,8 +358186,8 @@ rule SIGNATURE_BASE_Equationgroup_Porkclient : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L293-L308"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L293-L308"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4de13f1cac8698fc86e44d29143877924aec4e6712415ee6b35810afed8072d6"
 		score = 75
 		quality = 85
@@ -357659,8 +358212,8 @@ rule SIGNATURE_BASE_Equationgroup_Electricslide : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L310-L326"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L310-L326"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0803b61afc592d4fba523dc54d8f856a557b916a9f6e256efccd50178e8e024c"
 		score = 75
 		quality = 85
@@ -357686,8 +358239,8 @@ rule SIGNATURE_BASE_Equationgroup_Libxmexploit2 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L328-L343"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L328-L343"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7bd88d15cca38e91c65e8373194e35ab9492a80eb27b22ad4000e192f2d9b886"
 		score = 75
 		quality = 85
@@ -357712,8 +358265,8 @@ rule SIGNATURE_BASE_Equationgroup_Wrap_Telnet : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L345-L360"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L345-L360"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aa7fda8b95b697bb0541642677579f9db9df379048421481cdb66068032bf681"
 		score = 75
 		quality = 85
@@ -357738,8 +358291,8 @@ rule SIGNATURE_BASE_Equationgroup_Elgingamble
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L362-L378"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L362-L378"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e561794d969b6198f71115087db8cc89043f2079252eef22458450e16596b0eb"
 		score = 75
 		quality = 85
@@ -357765,8 +358318,8 @@ rule SIGNATURE_BASE_Equationgroup_Cmsd : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L380-L397"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L380-L397"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2b9c7ef750c2e45df7839395db51c93204bc9855f5de05bd59c50bb6a964bc8b"
 		score = 75
 		quality = 85
@@ -357792,8 +358345,8 @@ rule SIGNATURE_BASE_Equationgroup_Ebbshave : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L399-L415"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L399-L415"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8a1a5ddefc646dc55161eb9b2a1b0e4176df7e99660db48b245af3ef9ab0871c"
 		score = 75
 		quality = 85
@@ -357819,8 +358372,8 @@ rule SIGNATURE_BASE_Equationgroup_Eggbasket : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L417-L432"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L417-L432"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e4800d5c820a18d3483dc5c055c0e2f5374ce3b160ecb4d940a00ec4a90ca50d"
 		score = 75
 		quality = 85
@@ -357845,8 +358398,8 @@ rule SIGNATURE_BASE_Equationgroup_Jparsescan : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L434-L448"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L434-L448"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d86b6757abb5ad1902e91f100e6a6bea52e6e14684d184b6b8138270484275f4"
 		score = 75
 		quality = 85
@@ -357870,8 +358423,8 @@ rule SIGNATURE_BASE_Equationgroup_Sambal : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L450-L467"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L450-L467"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6066332b16996a9d8635d3752f46c6529cfc2c94d3d6f0c9791f2068c982bf3e"
 		score = 75
 		quality = 85
@@ -357898,8 +358451,8 @@ rule SIGNATURE_BASE_Equationgroup_Pclean_V2_1_1_2 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L469-L483"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L469-L483"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9323ef0c76348d242b010cf0f1c6a1bf5dd120a02418350bb0ed137f468ac624"
 		score = 75
 		quality = 85
@@ -357923,8 +358476,8 @@ rule SIGNATURE_BASE_Equationgroup_Envisioncollision : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L485-L501"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L485-L501"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8cd8c24b212ca71feb6093682fc614c88790c10d7c7d72dac65b047e5791894a"
 		score = 75
 		quality = 85
@@ -357950,8 +358503,8 @@ rule SIGNATURE_BASE_Equationgroup_Cmsex : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L503-L520"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L503-L520"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "997e08a49c5ae82bcc590e5febd449a4d3e9098f5aa154ccc0824b976f0a6365"
 		score = 75
 		quality = 85
@@ -357978,8 +358531,8 @@ rule SIGNATURE_BASE_Equationgroup_Exze : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L522-L537"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L522-L537"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b8678f58da689be9507a345b6b80ece6cdb7a78d73db339bdc15ad0a66b4a2e6"
 		score = 75
 		quality = 85
@@ -358004,8 +358557,8 @@ rule SIGNATURE_BASE_Equationgroup_DUL : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L539-L553"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L539-L553"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "55df9a844352babf0c30075139e2a62cbf9db898280546d27b172e4d611ce1c0"
 		score = 75
 		quality = 85
@@ -358029,8 +358582,8 @@ rule SIGNATURE_BASE_Equationgroup_Slugger2 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L555-L574"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L555-L574"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3c736fdfa96d5e99bc4d093c03a81b8a4f58501ec8c03a2891f9f694d88b5284"
 		score = 75
 		quality = 85
@@ -358058,8 +358611,8 @@ rule SIGNATURE_BASE_Equationgroup_Ebbisland : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L576-L594"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L576-L594"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1f4b5054d4239e23146f0764ffe9037b658ecdb9a5f479956c5c45abc1012a17"
 		score = 75
 		quality = 85
@@ -358087,8 +358640,8 @@ rule SIGNATURE_BASE_Equationgroup_Jackpop : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L596-L614"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L596-L614"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6efc4ccd2727f93713ad35dc1f054fa25e976e8c3d95f00226fbd56d7f1ce30b"
 		score = 75
 		quality = 85
@@ -358115,8 +358668,8 @@ rule SIGNATURE_BASE_Equationgroup_Parsescan : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L616-L630"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L616-L630"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "25e0bc21f93cd72814cd6114883ed903af84a62dced126201b6037a476dbd2cd"
 		score = 75
 		quality = 85
@@ -358140,8 +358693,8 @@ rule SIGNATURE_BASE_Equationgroup_Jscan : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L632-L646"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L632-L646"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d3bbdb90da9fa5b8b41a8b5d35a9b42e4fa15f291146575b0ef22e81441dcbde"
 		score = 75
 		quality = 85
@@ -358165,8 +358718,8 @@ rule SIGNATURE_BASE_Equationgroup_Promptkill : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L648-L662"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L648-L662"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7b46161b8cbb9a539171349b3e2a58f8e5a48c344b6d99020b3e96da9c878771"
 		score = 75
 		quality = 85
@@ -358190,8 +358743,8 @@ rule SIGNATURE_BASE_Equationgroup_Epoxyresin_V1_0_0 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L664-L681"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L664-L681"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c1cbc18f05b299837463aa27a9c47ea0355ca5974b2c6ab1e0a18cc9ad1b26a1"
 		score = 75
 		quality = 83
@@ -358217,8 +358770,8 @@ rule SIGNATURE_BASE_Equationgroup_Estopmoonlit : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L683-L699"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L683-L699"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "06293b6f48d2595f3426088cddc4b0c4d1ebc1de90fa640d5b5e806a45a2b6bd"
 		score = 75
 		quality = 85
@@ -358244,8 +358797,8 @@ rule SIGNATURE_BASE_Equationgroup_Envoytomato : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L701-L715"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L701-L715"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f15b3b4281ec45a7a71c9bf8b88c60befec665f78b76a615c5912a6b7f94235b"
 		score = 75
 		quality = 85
@@ -358269,8 +358822,8 @@ rule SIGNATURE_BASE_Equationgroup_Smash : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L717-L732"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L717-L732"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "073496e34dded05be40ee851442f9c0ec998f35e02a5d4221677a195b792f786"
 		score = 75
 		quality = 85
@@ -358295,8 +358848,8 @@ rule SIGNATURE_BASE_Equationgroup_Ratload : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L734-L749"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L734-L749"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "34298175663a01b26e317c31c720f2f4fe93a5c7e375c9642664479d8672e8cd"
 		score = 75
 		quality = 85
@@ -358321,8 +358874,8 @@ rule SIGNATURE_BASE_Equationgroup_Ys : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L751-L766"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L751-L766"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4962cc732ce3dea6dc52c7d91ce94089eb4498ba4c442ecc6363ea75de47de31"
 		score = 75
 		quality = 85
@@ -358347,8 +358900,8 @@ rule SIGNATURE_BASE_Equationgroup_Ewok : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L768-L784"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L768-L784"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d10d75885daa8cd20e5d7d7e142d1e7a2dbc10a50debf7892629f67b948bbdbe"
 		score = 75
 		quality = 85
@@ -358374,8 +358927,8 @@ rule SIGNATURE_BASE_Equationgroup_Xspy : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L786-L799"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L786-L799"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "94ab45d6c94c63c5c9c68ee3d509143af4eb574058c0cd4f26eed8058dbd9213"
 		score = 75
 		quality = 85
@@ -358398,8 +358951,8 @@ rule SIGNATURE_BASE_Equationgroup_Estesfox
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L801-L814"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L801-L814"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bfbc8ac62dcb61b492b1803de535f51ceb54ac83e45071270a6ef5faeaa521b2"
 		score = 75
 		quality = 85
@@ -358422,8 +358975,8 @@ rule SIGNATURE_BASE_Equationgroup_Elatedmonkey_1_0_1_1 : FILE
 		date = "2017-04-08"
 		modified = "2022-08-18"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L816-L832"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L816-L832"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "756337ecb951357c5440ea2fe010982089539c35dc556288d61db6de22348c1f"
 		score = 75
 		quality = 85
@@ -358448,8 +359001,8 @@ rule SIGNATURE_BASE_Equationgroup_Scanner : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L834-L849"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L834-L849"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b0454fd41d3591fc5811da6407a422b7c28d0b923109cdfa85b337cc7fffb178"
 		score = 75
 		quality = 85
@@ -358474,8 +359027,8 @@ rule SIGNATURE_BASE_Equationgroup__Ftshell_Ftshell_V3_10_3_0 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L853-L871"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L853-L871"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1eb7915fd057b2cc5f788ca11b3c71210ce5e7ac29c52790c249490435e62926"
 		score = 75
 		quality = 85
@@ -358503,8 +359056,8 @@ rule SIGNATURE_BASE_Equationgroup__Scanner_Scanner_V2_1_2 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L873-L892"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L873-L892"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3c42aaacea1347fd64d7f91421f692e77e33e273d4c2e71806ef7f5f086aba11"
 		score = 75
 		quality = 85
@@ -358533,8 +359086,8 @@ rule SIGNATURE_BASE_Equationgroup__Ghost_Sparc_Ghost_X86_3 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L894-L912"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L894-L912"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c4ad8e06934c1ece520863951f14cbf86d1bc4bba97aede1d58def1e5c7df4eb"
 		score = 75
 		quality = 85
@@ -358562,8 +359115,8 @@ rule SIGNATURE_BASE_Equationgroup__Pclean_V2_1_1_Pclean_V2_1_1_4 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L914-L930"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L914-L930"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5622d6fff876fa5d07795491d14f0396378c1b07b69cf8bcabb5e0bd3c19e72a"
 		score = 75
 		quality = 85
@@ -358589,8 +359142,8 @@ rule SIGNATURE_BASE_Equationgroup__Jparsescan_Parsescan_5 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L932-L950"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L932-L950"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "719baa53db53f4cc4f3e9ed935814e42e5cb4b7fb8eaaa373feb73df69bfcde0"
 		score = 75
 		quality = 85
@@ -358618,8 +359171,8 @@ rule SIGNATURE_BASE_Equationgroup__Funnelout_V4_1_0_1 : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L952-L969"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L952-L969"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ae0b387725017de2766593ea55677dca36eee68107e0692a7d5e2526db74765b"
 		score = 75
 		quality = 85
@@ -358646,8 +359199,8 @@ rule SIGNATURE_BASE_Equationgroup__Magicjack_V1_1_0_0_Client : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L971-L988"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L971-L988"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5e22b01aa9b1283fa7a326b7c0f8047ed373fac750c89e9ba02c49f0f454e275"
 		score = 75
 		quality = 85
@@ -358674,8 +359227,8 @@ rule SIGNATURE_BASE_Equationgroup__Ftshell : FILE
 		date = "2017-04-08"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L990-L1007"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L990-L1007"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "84c646b2c81f870f650fafd26471017b00b3b7020e72390f818304958e694572"
 		score = 75
 		quality = 85
@@ -358702,8 +359255,8 @@ rule SIGNATURE_BASE_Equationgroup_Store_Linux_I386_V_3_3_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1018-L1033"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1018-L1033"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f284c2fecee23f01f83e0534d7d56a88b102e6dcc02a26321fe246604dc8cb0e"
 		score = 75
 		quality = 85
@@ -358728,8 +359281,8 @@ rule SIGNATURE_BASE_Equationgroup_Morerats_Client_Genkey : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1035-L1049"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1035-L1049"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c1d823e297b0b1f47f12a3240d59f5ecc482f1140e5b2962f76ec2fff719664a"
 		score = 75
 		quality = 85
@@ -358753,8 +359306,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursetingle_2_0_1_2_Mswin32_V_2_0_1 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1051-L1065"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1051-L1065"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bc27edc946beb5065d4fe43e53a33b448c24c7dd3eae0cedd4770c02fce7836b"
 		score = 75
 		quality = 85
@@ -358778,8 +359331,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursesleepy_Mswin32_V_1_0_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1067-L1082"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1067-L1082"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0dcbf2b314ff9c392ae0cb4f14762dd20c6b85f7f547af683db3aea1c57dee57"
 		score = 75
 		quality = 85
@@ -358804,8 +359357,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursehelper_Win2K_I686_V_2_2_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1084-L1100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1084-L1100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f6c92fc3540750a1223682b1672575b3a3120f5ebf63190a9b31d7e4e5ce13c7"
 		score = 75
 		quality = 85
@@ -358830,8 +359383,8 @@ rule SIGNATURE_BASE_Equationgroup_Morerats_Client_Addkey : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1102-L1117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1102-L1117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ec5b7499e3c3cc6b581c381ae61a4c987691c0d93dd589a5907fd7419335963a"
 		score = 75
 		quality = 85
@@ -358856,8 +359409,8 @@ rule SIGNATURE_BASE_Equationgroup_Noclient_3_3_2 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1119-L1136"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1119-L1136"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "14b1f135da81fd9a071e0f692bc7f1ab6f6f63d7dd05e1557e5c2d51135727b6"
 		score = 75
 		quality = 85
@@ -358884,8 +359437,8 @@ rule SIGNATURE_BASE_Equationgroup_Curseflower_Mswin32_V_1_0_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1138-L1153"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1138-L1153"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e70954945b3a5e08e5ae216b16702056b403dbf14391276eae1ed13e8273c1ee"
 		score = 75
 		quality = 85
@@ -358909,8 +359462,8 @@ rule SIGNATURE_BASE_Equationgroup_Tmpwatch : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1155-L1169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1155-L1169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6fab5100f6ee0bf9a4e13e262c8d47e600f5aad64c7e04fe08fa42a5d78c38e8"
 		score = 75
 		quality = 85
@@ -358934,8 +359487,8 @@ rule SIGNATURE_BASE_Equationgroup_Orleans_Stride_Sunos5_9_V_2_4_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1171-L1186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1171-L1186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1380b22e661926ebb2878d89c80e115a58d0bfc060681a55564c97c1e9f36765"
 		score = 75
 		quality = 85
@@ -358960,8 +359513,8 @@ rule SIGNATURE_BASE_Equationgroup_Morerats_Client_Noprep : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1188-L1203"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1188-L1203"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c27815333e05d318bc32d01e755386bc1d1dbfd9f2b92a460fbd0f703e9ba210"
 		score = 75
 		quality = 85
@@ -358986,8 +359539,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursezinger_Linuxrh7_3_V_2_0_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1205-L1221"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1205-L1221"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa56fe4dd44d266741a3f0b0edfc24660b260c1ade45c23171f22bc43a3bee75"
 		score = 75
 		quality = 85
@@ -359013,8 +359566,8 @@ rule SIGNATURE_BASE_Equationgroup_Seconddate_Implantstandalone_3_0_3 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1223-L1238"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1223-L1238"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8d56f471104bfb2ef2bf730e5a8b60c123706f12eb52226895b123b16eed2883"
 		score = 75
 		quality = 85
@@ -359039,8 +359592,8 @@ rule SIGNATURE_BASE_Equationgroup_Watcher_Solaris_I386_V_3_3_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1240-L1256"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1240-L1256"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "61ded97e99e6bdfe2738c6d73719b3182d970aba8ea9d7cab751349669129de2"
 		score = 75
 		quality = 85
@@ -359066,8 +359619,8 @@ rule SIGNATURE_BASE_Equationgroup_Gr_Dev_Bin_Now : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1258-L1272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1258-L1272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1d7f009c5593ac1b1517024b828b016d705b63f6812a49d909f35c34b936e6d7"
 		score = 75
 		quality = 85
@@ -359091,8 +359644,8 @@ rule SIGNATURE_BASE_Equationgroup_Gr_Dev_Bin_Post : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1274-L1287"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1274-L1287"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ffd95302df11d1ebab37817e967a1ad4d1e85e62b38a0ccd6adf0f36925e64c1"
 		score = 75
 		quality = 85
@@ -359115,8 +359668,8 @@ rule SIGNATURE_BASE_Equationgroup_Curseyo_Win2K_V_1_0_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1289-L1306"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1289-L1306"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ad9bb848a0c4805a14465ff44e3c967c9afa7369536a211a8a1fb100902fbb55"
 		score = 75
 		quality = 85
@@ -359142,8 +359695,8 @@ rule SIGNATURE_BASE_Equationgroup_Gr : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1308-L1322"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1308-L1322"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6df2a36e51fbe23e090094a91da76ca881a65d7e129c6e428ffef13787f230bc"
 		score = 75
 		quality = 85
@@ -359167,8 +359720,8 @@ rule SIGNATURE_BASE_Equationgroup_Curseroot_Win2K_V_2_1_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1324-L1340"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1324-L1340"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "64ea35c9287ed35b5e7fbc8aaa228f87bc003111dd6fc35f5277eeea5f371a2c"
 		score = 75
 		quality = 85
@@ -359194,8 +359747,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursewham_Curserazor_Cursezinger_Curseroot_Win
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1342-L1362"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1342-L1362"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a5a8e6a516b51c2eed616c80a1162990c1dda4460ec7786793d66820ca15b5a4"
 		score = 75
 		quality = 85
@@ -359224,8 +359777,8 @@ rule SIGNATURE_BASE_Equationgroup_Watcher_Linux_I386_V_3_3_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1364-L1381"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1364-L1381"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "245662b561178f4d929ed858811846b2a49dc80af25396864a3d7bd90d16ac2b"
 		score = 75
 		quality = 85
@@ -359252,8 +359805,8 @@ rule SIGNATURE_BASE_Equationgroup_Charm_Saver_Win2K_V_2_0_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1383-L1399"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1383-L1399"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "87cea1f46a3165485274165e840a4945d6f6a6f9ff7fd011e685e8bb90acae8a"
 		score = 75
 		quality = 85
@@ -359278,8 +359831,8 @@ rule SIGNATURE_BASE_Equationgroup_Cursehappy_Win2K_V_6_1_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1401-L1415"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1401-L1415"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3bf5878c3be20a7a543d4937c6d820df726062e39ee262a6c31f7e91b32fd55e"
 		score = 75
 		quality = 85
@@ -359303,8 +359856,8 @@ rule SIGNATURE_BASE_Equationgroup_Morerats_Client_Store : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1417-L1433"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1417-L1433"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "34dc21d933d56b6f6c342ca110d9cff7bb51d9fd1b88b359861e5b5650679ad0"
 		score = 75
 		quality = 85
@@ -359330,8 +359883,8 @@ rule SIGNATURE_BASE_Equationgroup_Watcher_Linux_X86_64_V_3_3_0 : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1435-L1450"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1435-L1450"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "be2ca3791ef1025db6a1dd6bcdf1a9f0b224c3f7585af4546029840251c50094"
 		score = 75
 		quality = 85
@@ -359356,8 +359909,8 @@ rule SIGNATURE_BASE_Equationgroup_Linux_Exactchange : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1452-L1472"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1452-L1472"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a0bcf5aa1f434fe9698a7408df68870d4908cdf87f22bb4acfedc50bb2c8f11f"
 		score = 75
 		quality = 85
@@ -359387,8 +359940,8 @@ rule SIGNATURE_BASE_Equationgroup_X86_Linux_Exactchange : FILE
 		date = "2017-04-09"
 		modified = "2023-12-05"
 		reference = "https://medium.com/@shadowbrokerss/dont-forget-your-base-867d304a94b1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1474-L1490"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1474-L1490"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9365eb74a364eb83150672919ea1abe635465fe3239fff26ba91037c74971466"
 		score = 75
 		quality = 85
@@ -359414,8 +359967,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Eclipsedwing_Rpcproxy_Pcdlllaunc
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1502-L1519"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1502-L1519"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8a01ea872c161521301182b922ece893f9ad1a33d902ec94963946f3b07d7266"
 		score = 75
 		quality = 85
@@ -359442,8 +359995,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Explodingcantouch_1_2_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1521-L1536"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1521-L1536"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9239a61e71c86fc239f75baa9c781da18553e3c502495ad7429eaf3c744e870c"
 		score = 75
 		quality = 85
@@ -359468,8 +360021,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Architouch_1_0_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1538-L1551"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1538-L1551"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cb6959b7b50e6f2895bab5f3355bef836c9a9774285cfb5fea339ce3d2c67f73"
 		score = 75
 		quality = 85
@@ -359492,8 +360045,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Erraticgopher_1_0_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1553-L1569"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1553-L1569"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6b099bd202a962e64cb4f417eb7e09893b869e950eb0740394d222e8b4b89283"
 		score = 75
 		quality = 85
@@ -359519,8 +360072,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Esteemaudit_2_1_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1571-L1585"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1571-L1585"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "272d435758c0021bfd84d84c00eb05ece2461a39d092693b61d362365ab098cd"
 		score = 75
 		quality = 85
@@ -359544,8 +360097,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Darkpulsar_1_1_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1587-L1601"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1587-L1601"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "da8e1723da9e2d9955a3042bceb313d7d10903bfc078ba090c1c5a57be243b96"
 		score = 75
 		quality = 85
@@ -359569,8 +360122,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Educatedscholar_1_0_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1603-L1617"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1603-L1617"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0265ce5dfb5697a0610a6023b75f6e3ef2ef0308f639978a8617337df2e16c77"
 		score = 75
 		quality = 85
@@ -359594,8 +360147,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Doublepulsar_1_3_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1619-L1634"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1619-L1634"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1b7ed9dbd4312541bd4d939602f63ce1d909729cce1845b018be6a07a9cb7fe2"
 		score = 75
 		quality = 85
@@ -359620,8 +360173,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Erraticgophertouch_1_0_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1636-L1651"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1636-L1651"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "08646f7887daddd8efac875bc7b111df7a52feae0a4b81bfd2d2ae7ef9453b5e"
 		score = 75
 		quality = 85
@@ -359646,8 +360199,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Smbtouch_1_1_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1653-L1666"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1653-L1666"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b5eb9d45dfc47470236923a5b8174bc17733e4333db6f8bbe63c4f4bc913cf26"
 		score = 75
 		quality = 85
@@ -359670,8 +360223,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Educatedscholartouch_1_0_0 : FIL
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1668-L1682"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1668-L1682"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4c06fad158db8337ff768ad1553401ec31eee6b0d50333ce91a3a12e79d8981a"
 		score = 75
 		quality = 85
@@ -359695,8 +360248,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Esteemaudittouch_2_1_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1684-L1698"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1684-L1698"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f4e62ec7a68115d5ff155ea94fb2c99b9177e928533338a111e531c694ff7b8f"
 		score = 75
 		quality = 85
@@ -359720,8 +360273,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Rpctouch_2_1_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1700-L1714"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1700-L1714"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3ea1f30c0a2c91cc9ca2eec8eaab167c83f4f52c2732d03d1e7fb99e63986662"
 		score = 75
 		quality = 85
@@ -359745,8 +360298,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Mofconfig_1_0_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1716-L1729"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1716-L1729"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a922eb01efa52601b72c3d91a26585504fcf706a9ed16a36328f94f5871b0b24"
 		score = 75
 		quality = 85
@@ -359769,8 +360322,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Easypi_Explodingcan : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1731-L1747"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1731-L1747"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c5978d8cbffde2339cadd84f44d1df24e76f298a2f05bd9a6565246bfae1b1e3"
 		score = 75
 		quality = 85
@@ -359796,8 +360349,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Eclipsedwingtouch_1_0_4 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1749-L1763"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1749-L1763"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4707dbbb302b9b2192bdd23e4b64e25b5b2f49c3dd7951905a07cb5b54d524d9"
 		score = 75
 		quality = 85
@@ -359821,8 +360374,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Iistouch_1_2_2 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1765-L1779"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1765-L1779"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f4f5e17d3777d6ae8bfd0646eeffcd631331e4d8966f5124ebc9352438dc790f"
 		score = 75
 		quality = 85
@@ -359846,8 +360399,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Namedpipetouch_2_0_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1781-L1800"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1781-L1800"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "63d4395db4672b7a146dbd285e42344fb895b38f67fa9f7885b73855d7211190"
 		score = 75
 		quality = 85
@@ -359875,8 +360428,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Easybee_1_0_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1802-L1816"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1802-L1816"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e3488a1d686b9ad468553cfe2c939e70ea6b9a21409df8b06bb54418495576ec"
 		score = 75
 		quality = 85
@@ -359900,8 +360453,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Regread_1_1_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1818-L1832"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1818-L1832"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5bf833d7fb073ad74037cf6df4729c75d50641a46a962aee8deac19e31b74419"
 		score = 75
 		quality = 85
@@ -359925,8 +360478,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Englishmansdentist_1_2_0 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1834-L1848"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1834-L1848"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cd415731c1c8398d2b0b1758c4e7eb3e708620b269f9312cf0a750ab2099162e"
 		score = 75
 		quality = 85
@@ -359950,8 +360503,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Architouch_Eternalsynergy_Smbtou
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1850-L1870"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1850-L1870"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "faeac75104a15cac8528663a82eadbc7bc22cc0a1d1a3b3dfccb6ea46fb24a67"
 		score = 75
 		quality = 85
@@ -359980,8 +360533,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Eternalromance_2 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1872-L1889"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1872-L1889"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "481a08bc73ac66245c0712599a61cccdf5127276a09a67cf894f76b7763c5c9b"
 		score = 75
 		quality = 85
@@ -360008,8 +360561,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Emphasismine : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1891-L1910"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1891-L1910"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "20ec32f5e9e439fb212985d5ae104ae5742231f594423cd125a9e64ed6eb234a"
 		score = 75
 		quality = 85
@@ -360038,8 +360591,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Eternalromance : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1912-L1930"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1912-L1930"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "757740038b9b1e1d099bb208104e9f48e7eb57ffb2de09e83c66df7914b816cb"
 		score = 75
 		quality = 85
@@ -360067,8 +360620,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Gen4 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1932-L1963"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1932-L1963"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "68a85b4109a2222dce0625aae8a55541206b9275236232e5049e5b4ee28d8e52"
 		score = 75
 		quality = 85
@@ -360108,8 +360661,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Gen1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1965-L1984"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1965-L1984"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cd40d51ba26706517dae332d84f574eb206a424693cfb586375695e364990b5d"
 		score = 75
 		quality = 85
@@ -360138,8 +360691,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Gen2 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L1986-L2012"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L1986-L2012"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2c0833e92e23d595ebcf4af042febc44fba594356a647eb98e48b6fabf018d72"
 		score = 75
 		quality = 85
@@ -360174,8 +360727,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Gen3 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2014-L2042"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2014-L2042"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "99b293d441fd27a6295e6a93123cf45e787472fb61575d566e7b4e0c61226fdb"
 		score = 75
 		quality = 85
@@ -360212,8 +360765,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Yak : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2054-L2070"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2054-L2070"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "69b9514508f557376d876262793e5650289abfeeeee8b5ca9beaf42f3ec4d64c"
 		score = 75
 		quality = 85
@@ -360239,8 +360792,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Aduser_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2072-L2086"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2072-L2086"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d378773f4acd850e5a8d92d6cce84d57f659330edc025565cf4bc34afb0a6ae6"
 		score = 75
 		quality = 85
@@ -360264,8 +360817,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Remoteexecute_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2088-L2112"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2088-L2112"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aa46cb188ba820199c013633ade72ab1c8bea316384042e9e3b5098c439841a5"
 		score = 75
 		quality = 85
@@ -360299,8 +360852,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Banner_Implant9X : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2114-L2129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2114-L2129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5bda7b8ab097c0a5ca90b05147d4227e5a03735b99633b5081d80d2d72bceba9"
 		score = 75
 		quality = 85
@@ -360324,8 +360877,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Greatdoc_Dll_Config : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2131-L2147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2131-L2147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "edb14cc9e51bbf6b3ca2c52f841edfa3df1ca89b3e7c1b5a59baf3a13be0fc46"
 		score = 75
 		quality = 85
@@ -360351,8 +360904,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Scanner : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2149-L2166"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2149-L2166"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7f2ee4ac260b78764573187c501ed27fbfdf573e618f15dbd307177afa670605"
 		score = 75
 		quality = 85
@@ -360379,8 +360932,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Mcl_Ntmemory_Std : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2168-L2183"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2168-L2183"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5d3c76cf0ca0f798e1ca3c0a1b88c3bb425f1c36439842c4c33247dfcb44a877"
 		score = 75
 		quality = 85
@@ -360405,8 +360958,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Tacothief : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2185-L2198"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2185-L2198"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "565d94ac0dd65de0926d11ae08ee78f14dcb211ca97c77c39f394fb36890fc6f"
 		score = 75
 		quality = 85
@@ -360429,8 +360982,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Ntevt : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2200-L2219"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2200-L2219"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "29572cce9af51adf12db019f885f868fd77ff9034a6944a6286a4d2a0988842a"
 		score = 75
 		quality = 85
@@ -360457,8 +361010,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Processes_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2221-L2236"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2221-L2236"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e9e26224b7eafc999c9638d4591a45297e3293b0e90e63c2d207ee52848c4ce2"
 		score = 75
 		quality = 85
@@ -360483,8 +361036,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_St_Lp : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2238-L2254"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2238-L2254"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "38a48a931856e0eb8e16b7902f5e494b50f8895d4221b5359fc3339d1b52eb8e"
 		score = 75
 		quality = 85
@@ -360510,8 +361063,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Epwrapper : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2256-L2271"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2256-L2271"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9a1a54cd3fef3db9a20f3be25336fcbabe0d993403f001a04a02b5dbfd629543"
 		score = 75
 		quality = 85
@@ -360536,8 +361089,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Diba_Target_2000 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2273-L2290"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2273-L2290"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dfcd7d928c921dbe7162712ca74a105a938fd9ac675faaaa228d05139b2077de"
 		score = 75
 		quality = 85
@@ -360563,8 +361116,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Dllload_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2292-L2309"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2292-L2309"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ab50ad9e01c55b3f40e98e6e2cf77c1ad7d6d6ec81a56bbb2263a6e05912e272"
 		score = 75
 		quality = 85
@@ -360590,8 +361143,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_EXPA : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2311-L2327"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2311-L2327"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2aa4ee5b128714cfa7f5d29f7ef110e1b18fb7bc21351444b2472ff74c4139d3"
 		score = 75
 		quality = 85
@@ -360617,8 +361170,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Remoteexecute_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2329-L2345"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2329-L2345"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3eedb6abb09989784a7dc5e721f9901e936f2c0241967b48858e5e5897b9f24a"
 		score = 75
 		quality = 85
@@ -360643,8 +361196,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_DS_Parselogs : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2347-L2362"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2347-L2362"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e4c35476b512378d1e3c7e7e3e9dae16adb0d4de4ecab143d034110836c11d0d"
 		score = 75
 		quality = 85
@@ -360669,8 +361222,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Oracle_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2364-L2379"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2364-L2379"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "568a5d103527e6fd99bbac8d49a2d667f464fd16d5bf276f98c88c39e129b58b"
 		score = 75
 		quality = 85
@@ -360695,8 +361248,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Dmgz_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2381-L2395"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2381-L2395"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9ae3e0c30c9dbee311d4e5576b1a447ac57f8b1786dc5753246ad3c08ccecb85"
 		score = 75
 		quality = 85
@@ -360720,8 +361273,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Setresourcename : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2397-L2413"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2397-L2413"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e26aac30e06da14060a955761d08e6f543db2f2747be2959b0090f60e6eb52a5"
 		score = 75
 		quality = 85
@@ -360747,8 +361300,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Drivers_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2415-L2431"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2415-L2431"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "45190a317f3d293dbc3015873080d1253bfb3298008f5dea69ab1a5780a70721"
 		score = 75
 		quality = 85
@@ -360773,8 +361326,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Shares_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2433-L2449"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2433-L2449"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "11a1af97d720286a7fadf8b056f8f7add70acb041a828441166f5c74bc7a819d"
 		score = 75
 		quality = 85
@@ -360800,8 +361353,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Ntfltmgr : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2451-L2475"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2451-L2475"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9f280baf785f54218cbf47f65419cfe23c687e58021f36b5d116904d2cec9a9b"
 		score = 75
 		quality = 85
@@ -360834,8 +361387,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Diba_Target_BH : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2477-L2492"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2477-L2492"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "273e38e287b1597753f653c0ed8300936581a1b767029d3f0ba757de589bcd5a"
 		score = 75
 		quality = 85
@@ -360860,8 +361413,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_LP : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2494-L2508"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2494-L2508"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cd7b92f13e0a00d23baef70e38b476b62394106dfa70e831786f398c573aa744"
 		score = 75
 		quality = 85
@@ -360885,8 +361438,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Remotecommand_Lp : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2510-L2524"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2510-L2524"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "974772264324e7721f51a88534aaa3b4eb1d409e04f673783caf4849d90522de"
 		score = 75
 		quality = 85
@@ -360910,8 +361463,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Lp_Mstcp : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2526-L2545"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2526-L2545"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5d1423661f95d955f411414138da45cc4be59b2e6bf8e70f471b8f41fc9ea3f4"
 		score = 75
 		quality = 83
@@ -360939,8 +361492,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Renamer : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2547-L2561"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2547-L2561"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4941f31be6674499b202a3071d795317e6d97fb19088ea370180708e3d04bca7"
 		score = 75
 		quality = 85
@@ -360964,8 +361517,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_Exploit : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2563-L2579"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2563-L2579"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6f04ec5d1066b34ebee2504f7d229610e525743f7536d58bf99fc4f89ac6aa3b"
 		score = 75
 		quality = 85
@@ -360991,8 +361544,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_Level3_Gen : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2581-L2600"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2581-L2600"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2ba0f5ada13bd8c71836f26e278c334fdbf2578eac189852befee7a81c07e169"
 		score = 75
 		quality = 85
@@ -361020,8 +361573,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Put_Implant9X : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2602-L2618"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2602-L2618"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e79a59e400aac544dc1160d5898e3053f88f7d5bc142440177526187650484e7"
 		score = 75
 		quality = 85
@@ -361046,8 +361599,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Promiscdetect_Safe : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2620-L2635"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2620-L2635"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4b8c2e9a00af4e6aed7f603dee0439357e3389180fbd2e83d6809e76dc7d0428"
 		score = 75
 		quality = 85
@@ -361072,8 +361625,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Packetscan_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2637-L2652"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2637-L2652"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aa2106d2aad3e81c864181c851574f76f48cd4fe48bb3327135f2956d271dfde"
 		score = 75
 		quality = 85
@@ -361098,8 +361651,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Setports : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2654-L2668"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2654-L2668"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b2c61f6ca2d59d5e596e7c5c87ed3476d957763daeaf41e6f356bacf26415faf"
 		score = 75
 		quality = 85
@@ -361123,8 +361676,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Grdo_Filescanner_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-01-06"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2670-L2686"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2670-L2686"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ae88d27f41dd4888c445c654c919b3862fe3fc8c92aef816b22b2fb408a49cce"
 		score = 75
 		quality = 85
@@ -361149,8 +361702,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Msgks_Mskgu : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2688-L2704"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2688-L2704"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d3a230d29997ab247db2b7a2a0f369206513a98c16f744e2fb1fca6495d5e36b"
 		score = 75
 		quality = 85
@@ -361176,8 +361729,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Ifconfig_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2706-L2722"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2706-L2722"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e88f589bed7830a1be81c85c9eb77b7f5c14bef2f0f1b3be6293aa9c5e870278"
 		score = 75
 		quality = 85
@@ -361202,8 +361755,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Diba_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2724-L2739"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2724-L2739"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3ee7a1284e2abd0282606c22b9112bd1af536e5fd48ef27e8d9216da8e1fb1c5"
 		score = 75
 		quality = 85
@@ -361228,8 +361781,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Dsz_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2741-L2755"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2741-L2755"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3d76131a42aed642a8c54076544488a8d24ec16416469813324541d72e30101b"
 		score = 75
 		quality = 85
@@ -361253,8 +361806,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Genkey : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2757-L2770"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2757-L2770"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cdaa33645d0ea614891fc0579937e983b8b4f6c4830191518dc8272791dcc8df"
 		score = 75
 		quality = 85
@@ -361277,8 +361830,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Wmi_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2772-L2785"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2772-L2785"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "69754b6f26292aa1a457c71d079d934ce75794624c38e9d19c84ceb77a5fb26d"
 		score = 75
 		quality = 85
@@ -361301,8 +361854,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Clocksvc : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2787-L2807"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2787-L2807"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "04cdd8e4ca9df0231ca66caa8083eff1fe0834cdedc4360fce0a934970a6d162"
 		score = 75
 		quality = 85
@@ -361331,8 +361884,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Xxxridearea : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2809-L2825"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2809-L2825"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4d2eeabbb3bb27f46232fe0a43f0ecda9f3589dbe6b08fd4f8aac14f6d12090b"
 		score = 75
 		quality = 85
@@ -361358,8 +361911,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Yak_Min_Install : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2827-L2842"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2827-L2842"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f224c87c5626fee98dae5b4bbab2b4468bdd126ac63371ede53545d7cb177123"
 		score = 75
 		quality = 85
@@ -361384,8 +361937,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Setouraddr : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2844-L2858"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2844-L2858"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d49bcef48afeb63b763c88443930f28be1d6f9f27d5f0bd9161d151fa3081868"
 		score = 75
 		quality = 85
@@ -361409,8 +361962,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Getadmin_LSADUMP_Modifyprivilege
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2860-L2882"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2860-L2882"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ee5c818c29ccb1b280669f7f5e828963c4523b73b68674d8c0aae72189f0208c"
 		score = 75
 		quality = 85
@@ -361441,8 +361994,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Sendpktrigger : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2884-L2897"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2884-L2897"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "277367e69406a84ff4ff6b57d05bf97468b0083e23f9c5cd14cdd26cad5846d7"
 		score = 75
 		quality = 85
@@ -361465,8 +362018,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Dmgz_Target_2 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2899-L2916"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2899-L2916"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ab9ab949ee17655e424f6a65d3605e9900d214d1c620e051104762d5c214419f"
 		score = 75
 		quality = 85
@@ -361492,8 +362045,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Mstcp32_DXGHLP16_Tdip : FILE
 		date = "2017-04-15"
 		modified = "2023-01-06"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2918-L2938"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2918-L2938"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "35fab86ca4cb287c8046a1764a91523673e12b5729d87c90b0c298dcbfcf86eb"
 		score = 75
 		quality = 85
@@ -361522,8 +362075,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Regprobe : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2940-L2955"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2940-L2955"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "01e7387c26ae3736c8fac1a3bb6ff283f8b06949af7a4ac36a556b292412bda2"
 		score = 75
 		quality = 85
@@ -361548,8 +362101,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Doublefeaturedll_Dll_2 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2957-L2974"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2957-L2974"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0d6751ebfb2541c86b74583b7867de0a193ca106bf77337c8b10f15cdeb596bd"
 		score = 75
 		quality = 85
@@ -361576,8 +362129,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Gangsterthief_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2976-L2993"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2976-L2993"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c8145d6eedf20cf95baf329a6240b5b740273ff0a7f82edd3c346eb8c67e69e1"
 		score = 75
 		quality = 85
@@ -361604,8 +362157,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Setcallbackports : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L2995-L3009"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L2995-L3009"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e087534589228ac1af8b8b8d2ebbc1bc99fc25b38cb4c4d840cab8e90e75644a"
 		score = 75
 		quality = 85
@@ -361629,8 +362182,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Diba_Target_BH_2000 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3011-L3025"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3011-L3025"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0cd3ba351b1c5716ed322c9f177a848322324526f3d39c2be5cc34bc6aee9fa6"
 		score = 75
 		quality = 85
@@ -361654,8 +362207,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Rc5 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3027-L3043"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3027-L3043"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6d9ba73fe2a6da99ba44b00bcb5ecf51e983ac245fd5c6e620d35e8120514464"
 		score = 75
 		quality = 85
@@ -361681,8 +362234,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_Level_Generic : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3045-L3075"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3045-L3075"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ddb3441b62b477ab7e3406a22e2a246b60c1d1d25e4acf52ee452a2dfac2daf7"
 		score = 75
 		quality = 85
@@ -361721,8 +362274,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_Level3_Http_Exe : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3077-L3094"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3077-L3094"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "50d83b157c338830eea6aba2e09e9d513dd5b50e257d1a16c0d51616bfa26a7f"
 		score = 75
 		quality = 85
@@ -361748,8 +362301,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Parsecapture : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3096-L3111"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3096-L3111"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8946bc6d1812a998757a4032755f37aa2be6121a958ebfb6fec90fa60da038fb"
 		score = 75
 		quality = 85
@@ -361774,8 +362327,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Activedirectory_Target : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3113-L3127"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3113-L3127"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0dee634fe81870b21531046be512e9e54b127207c1910ca5ce5dfab63b1d0603"
 		score = 75
 		quality = 85
@@ -361799,8 +362352,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_PC_Legacy_Dll : HIGHVOL FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3129-L3144"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3129-L3144"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "923a595737bc83fe05d0ca7301c70e1cb03cecf97dfa99f5967b77b892a9a533"
 		score = 75
 		quality = 85
@@ -361825,8 +362378,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Svctouch : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3146-L3159"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3146-L3159"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0e876611ffe4740141a0454f68cfc7dd3c46e0fd44deeb9f3e0f66c8fccd3745"
 		score = 75
 		quality = 85
@@ -361849,8 +362402,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Pwd_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3161-L3176"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3161-L3176"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f565c42781ff4b0b37e7c00673fb2da2877018317cd415bdb47d4e019485c727"
 		score = 75
 		quality = 85
@@ -361874,8 +362427,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Kisucomms_Target_2000 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3178-L3198"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3178-L3198"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7d350228ad779d0453c1077afb2b533036eb1e43e4f74a433d68c781db963ab1"
 		score = 75
 		quality = 85
@@ -361902,8 +362455,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Sldecoder : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3200-L3214"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3200-L3214"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "81a74169dc8f93f314f384bd859df07a4ffaaf430b221b440de922fad3497535"
 		score = 75
 		quality = 85
@@ -361927,8 +362480,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Windows_Implant : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3216-L3229"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3216-L3229"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5b6b349c98a328b4bbdd6d8718af8477c36ec219bb0076dd56998395d0ef5f32"
 		score = 75
 		quality = 85
@@ -361951,8 +362504,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Msgkd_Msslu64_Msgki_Mssld : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3231-L3256"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3231-L3256"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f61ce58356ffca197d4a2a4aae43414bcb8f2f284dbee818124dd450f4b50cb9"
 		score = 75
 		quality = 85
@@ -361986,8 +362539,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17_Setcallback : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3258-L3272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3258-L3272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "63a17dd56874085753cae92f70d6248ceaac6eaea99fda0d3a551e4988a73895"
 		score = 75
 		quality = 85
@@ -362011,8 +362564,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Doublefeaturereader_Doublefeatu
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3274-L3293"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3274-L3293"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9049e1fe31917ecc27e57afecd5845afcd966aac83d386b7c0995c1e3378a0d0"
 		score = 75
 		quality = 85
@@ -362040,8 +362593,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Vtuner_Vtuner_1 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3295-L3315"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3295-L3315"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8c161b36599b11264c31c54b94d6bdba53b3f13d27861ededc9f03bba394b775"
 		score = 75
 		quality = 85
@@ -362070,8 +362623,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Ecwi_ESKE_EVFR_RPC2_2 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3317-L3336"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3317-L3336"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "73522034c6588fee090eff87602568371562bdbcbe781ee6e152f3b854514690"
 		score = 75
 		quality = 85
@@ -362100,8 +362653,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__EAFU_Ecwi_ESKE_EVFR_RPC2_4 : FI
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3338-L3361"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3338-L3361"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ed6e0e4e5a0849aad64bbc47c047f3fe388052d0ebe89de0257d4422fb39be21"
 		score = 75
 		quality = 85
@@ -362133,8 +362686,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Sendcftrigger_Sendpktrigger_6 :
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3363-L3379"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3363-L3379"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4fb290bdf15e0701b6d543e1f978011046abe23e58c790ee1b992a5e0443a271"
 		score = 75
 		quality = 85
@@ -362160,8 +362713,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Addresource : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3381-L3398"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3381-L3398"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e59863ac7f1147cdbc34cbd2b09183487999d9f01974279c7ccc0c5af7a99976"
 		score = 75
 		quality = 85
@@ -362188,8 +362741,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ESKE_RPC2_8 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3400-L3416"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3400-L3416"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1fa706fb7f138d679421fe6c5b29d6bf93893adc8bffe9dffaafa728c1b2d1d5"
 		score = 75
 		quality = 85
@@ -362215,8 +362768,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ETBL_ETRE_10 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3441-L3458"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3441-L3458"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bc30c62da7a7fd9144efef6f44c50552234f372c38c4479a024fbb0ca72530de"
 		score = 75
 		quality = 85
@@ -362243,8 +362796,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ELV_ESKE_ETBL_ETRE_EVFR_11 : FI
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3460-L3479"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3460-L3479"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8d43aa4823de248308597bd02cd27e598808b94e1ad7348ddb9e27d8a37ac426"
 		score = 75
 		quality = 85
@@ -362273,8 +362826,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ELV_ESKE_EVFR_Ridearea2_12 : FI
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3481-L3498"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3481-L3498"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0119cd825c02a094ddd76c5cb27bee6cef112f25333eab62017448804b29286e"
 		score = 75
 		quality = 85
@@ -362301,8 +362854,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ELV_ESKE_13 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3500-L3516"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3500-L3516"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0a1859266b859d4da660a7fc7d0015954ff100c39b941b5461ba0c99b5103547"
 		score = 75
 		quality = 85
@@ -362328,8 +362881,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__Nameprobe_SMBTOUCH_14 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3518-L3535"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3518-L3535"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c60fc34aa42810a5622fbe53122ded4ffb4ee321fed1badd481ce5c2ae5225ef"
 		score = 75
 		quality = 85
@@ -362356,8 +362909,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ELV_ESKE_EVFR_RPC2_15 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3537-L3555"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3537-L3555"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6c61d17e1a985deb31bd6e1d603283e77df477b52fce9eb8b6cb4e99b2f9c4dc"
 		score = 75
 		quality = 85
@@ -362385,8 +362938,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ELV_ESKE_EVFR_16 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3557-L3578"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3557-L3578"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3e6c4e013727bbbf3859374af46553067a9fc782f2eca582ea13d8eab03380ce"
 		score = 75
 		quality = 85
@@ -362417,8 +362970,8 @@ rule SIGNATURE_BASE_Equationgroup_Toolset_Apr17__ETBL_ETRE_SMBTOUCH_17 : FILE
 		date = "2017-04-15"
 		modified = "2023-12-05"
 		reference = "https://steemit.com/shadowbrokers/@theshadowbrokers/lost-in-translation"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3580-L3597"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3580-L3597"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ef86350732b5064035ff58b63202be29e906d2b566af105f03298e3e339eda52"
 		score = 75
 		quality = 85
@@ -362445,8 +362998,8 @@ rule SIGNATURE_BASE_Equationgroup_Scanner_Output : FILE
 		date = "2017-04-17"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_apr17.yar#L3609-L3626"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_apr17.yar#L3609-L3626"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a8ac7e7f14d72798a1f6658eae4c66d871a525c8cb49afa2ca8656047da20524"
 		score = 75
 		quality = 85
@@ -362474,8 +363027,8 @@ rule SIGNATURE_BASE_Sofacy_Oct17_1 : FILE
 		date = "2017-10-23"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_oct17_camp.yar#L13-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_oct17_camp.yar#L13-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c3620d0b347e6cc54af9e046f6b3b6515bfa23dd11225ce2720e09838708a42e"
 		score = 75
 		quality = 85
@@ -362511,8 +363064,8 @@ rule SIGNATURE_BASE_Sofacy_Oct17_2 : FILE
 		date = "2017-10-23"
 		modified = "2023-12-05"
 		reference = "http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sofacy_oct17_camp.yar#L49-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sofacy_oct17_camp.yar#L49-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c2736cf9efbb022590f4c23986531e645ac412a5b98a950b143f2d75a33e8063"
 		score = 75
 		quality = 85
@@ -362539,8 +363092,8 @@ rule SIGNATURE_BASE_TA459_Malware_May17_1 : FILE
 		date = "2017-05-31"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/RLf9qU"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta459.yar#L12-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta459.yar#L12-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2655d4c3a28ad2f77bbf50cd3dface7de49f675f0f974aa44d9b69c3f803da30"
 		score = 75
 		quality = 85
@@ -362564,8 +363117,8 @@ rule SIGNATURE_BASE_TA459_Malware_May17_2 : FILE
 		date = "2017-05-31"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/RLf9qU"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta459.yar#L28-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta459.yar#L28-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9904f3905672e5209df037dff1fa2e4d88ee33531096045eb9b9f7460458b6a2"
 		score = 75
 		quality = 85
@@ -362591,8 +363144,8 @@ rule SIGNATURE_BASE_Darkeyev3_Cryptor : FILE
 		date = "2015-05-24"
 		modified = "2023-12-05"
 		reference = "http://darkeyev3.blogspot.fi/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/generic_cryptors.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/generic_cryptors.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fdd3a9c22aebb40d000a642f2433adc7dd591784bdf2924edc3effce7bbfa5c2"
 		score = 55
 		quality = 85
@@ -362624,8 +363177,8 @@ rule SIGNATURE_BASE_ATM_Malware_Dispenserxfs_1 : FILE
 		date = "2019-02-27"
 		modified = "2023-01-06"
 		reference = "https://twitter.com/r3c0nst/status/1100775857306652673"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_atm_dispenserxfs.yar#L4-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_atm_dispenserxfs.yar#L4-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3c7331b29f7cd8c40f99e235664f86361ba99c9ca0092c1cfb6faf367764303e"
 		score = 80
 		quality = 85
@@ -362650,8 +363203,8 @@ rule SIGNATURE_BASE_APT_UNC2447_MAL_SOMBRAT_May21_1 : FILE
 		date = "2021-05-01"
 		modified = "2023-01-07"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unc2447_sombrat.yar#L2-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unc2447_sombrat.yar#L2-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6f2572745cbd68c5f2be5c64b160d2513938daba6da57523012491acc63cfee4"
 		score = 75
 		quality = 85
@@ -362687,8 +363240,8 @@ rule SIGNATURE_BASE_APT_UNC2447_MAL_RANSOM_Hellokitty_May21_1 : FILE
 		date = "2021-05-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unc2447_sombrat.yar#L38-L72"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unc2447_sombrat.yar#L38-L72"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "acc0ab5502d53c6e22c8650c29c5459a6106f33c398e4efcd963f54971a0c870"
 		score = 75
 		quality = 85
@@ -362728,8 +363281,8 @@ rule SIGNATURE_BASE_APT_UNC2447_MAL_RANSOM_Hellokitty_May21_2 : FILE
 		date = "2021-05-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unc2447_sombrat.yar#L74-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unc2447_sombrat.yar#L74-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1eee3a00ab3f70425d2b6bf5dc507155bf504b851ddb6515602d83d8b6a254b8"
 		score = 75
 		quality = 85
@@ -362760,8 +363313,8 @@ rule SIGNATURE_BASE_APT_UNC2447_PS1_WARPRISM_May21_1 : FILE
 		date = "2021-05-01"
 		modified = "2023-12-05"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unc2447_sombrat.yar#L101-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unc2447_sombrat.yar#L101-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "09abac2be0f12d31dabfdae9e8a148a28887a2a5df003c7bcb56ba45f1c6a62c"
 		score = 75
 		quality = 85
@@ -362788,8 +363341,8 @@ rule SIGNATURE_BASE_APT_UNC2447_BAT_Runner_May21_1 : FILE
 		date = "2021-05-01"
 		modified = "2023-01-07"
 		reference = "https://www.fireeye.com/blog/threat-research/2021/04/unc2447-sombrat-and-fivehands-ransomware-sophisticated-financial-threat.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unc2447_sombrat.yar#L121-L135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unc2447_sombrat.yar#L121-L135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f9872327f648e4421aa40ca3ce55df5d3eb5e8c5bc718ff62a3d4adac79217eb"
 		score = 75
 		quality = 85
@@ -362812,11 +363365,11 @@ rule SIGNATURE_BASE_Waterbug_Wipbot_2013_Core_PDF : FILE
 		date = "2015-01-22"
 		modified = "2023-12-05"
 		reference = "http://t.co/rF35OaAXrl"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbug.yar#L3-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbug.yar#L3-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a854926a4a98eb1d13a582b4ff4504b9740b8bbe7aa6b5192aeb4d2438a58926"
 		score = 75
-		quality = 35
+		quality = 60
 		tags = "FILE"
 
 	strings:
@@ -362835,8 +363388,8 @@ rule SIGNATURE_BASE_Waterbug_Wipbot_2013_Dll
 		date = "2015-01-22"
 		modified = "2023-12-05"
 		reference = "http://t.co/rF35OaAXrl"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbug.yar#L17-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbug.yar#L17-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f29ff81d62bd6bea776aeddc0725b034624f836c234441f63a8b697e959d3f8d"
 		score = 75
 		quality = 85
@@ -362860,8 +363413,8 @@ rule SIGNATURE_BASE_Waterbug_Wipbot_2013_Core : FILE
 		date = "2015-01-22"
 		modified = "2023-01-27"
 		reference = "http://t.co/rF35OaAXrl"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbug.yar#L34-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbug.yar#L34-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "59e1363225b1f7765e953e3d6803270b82f4268431d92ef00ed1010df0793e5f"
 		score = 75
 		quality = 85
@@ -362885,8 +363438,8 @@ rule SIGNATURE_BASE_Waterbug_Turla_Dropper
 		date = "2015-01-22"
 		modified = "2023-12-05"
 		reference = "http://t.co/rF35OaAXrl"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbug.yar#L50-L62"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbug.yar#L50-L62"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6836b8d28fb41d9459f24d22e3c428b022b26885b7dce1caa5b0d5a7a1b7f82b"
 		score = 75
 		quality = 85
@@ -362908,8 +363461,8 @@ rule SIGNATURE_BASE_Waterbug_Fa_Malware : FILE
 		date = "2015-01-22"
 		modified = "2023-01-27"
 		reference = "http://t.co/rF35OaAXrl"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbug.yar#L64-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbug.yar#L64-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b3ac0d69551f27c7f81e24eb00e110639d4b31c8581dfee82715d65528b09632"
 		score = 75
 		quality = 85
@@ -362935,8 +363488,8 @@ rule SIGNATURE_BASE_Waterbug_Sav : FILE
 		date = "2015-01-22"
 		modified = "2023-01-27"
 		reference = "http://t.co/rF35OaAXrl"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_waterbug.yar#L114-L129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_waterbug.yar#L114-L129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c8622ac6cb1f0b9965fe6ee1a4860f19d8b0dc1c586e2a3771420b8d78648066"
 		score = 75
 		quality = 85
@@ -362960,8 +363513,8 @@ rule SIGNATURE_BASE_Suckfly_Nidiran_Gen_1 : FILE
 		date = "2018-01-28"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_suckfly.yar#L14-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_suckfly.yar#L14-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bf617259df00b16272caffa8f1ffcf8d29cb98cb6ab85ca52e0bb0706f0cd5b0"
 		score = 75
 		quality = 85
@@ -362986,8 +363539,8 @@ rule SIGNATURE_BASE_Suckfly_Nidiran_Gen_2 : FILE
 		date = "2018-01-28"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_suckfly.yar#L31-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_suckfly.yar#L31-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2e4f6a920e063113a9ff252869e1c2ebdf5a2495b4adb1edaf9500904234f362"
 		score = 75
 		quality = 85
@@ -363022,8 +363575,8 @@ rule SIGNATURE_BASE_Suckfly_Nidiran_Gen_3 : FILE
 		date = "2018-01-28"
 		modified = "2023-12-05"
 		reference = "https://www.symantec.com/connect/blogs/suckfly-revealing-secret-life-your-code-signing-certificates"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_suckfly.yar#L61-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_suckfly.yar#L61-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4fddb55999bbbeecd92863219e878c840640e4d17008cb789a255528ef3fac9c"
 		score = 75
 		quality = 85
@@ -363055,8 +363608,8 @@ rule SIGNATURE_BASE_Quasar_RAT_1 : FILE
 		date = "2017-04-07"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_quasar_rat.yar#L10-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_quasar_rat.yar#L10-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7cceccb7c283774318f6285b482a422566f4f821eb51d564104205783401931a"
 		score = 75
 		quality = 85
@@ -363088,8 +363641,8 @@ rule SIGNATURE_BASE_Quasar_RAT_2 : FILE
 		date = "2017-04-07"
 		modified = "2023-12-05"
 		reference = "https://www.pwc.co.uk/cyber-security/pdf/cloud-hopper-annex-b-final.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_quasar_rat.yar#L35-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_quasar_rat.yar#L35-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b113cb63b0bb75766c905dd3b327b1b2df228733622df8f7517d3daed72432a3"
 		score = 75
 		quality = 85
@@ -363122,8 +363675,8 @@ rule SIGNATURE_BASE_MAL_Quasarrat_May19_1 : FILE
 		date = "2019-05-27"
 		modified = "2023-01-06"
 		reference = "https://blog.ensilo.com/uncovering-new-activity-by-apt10"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_quasar_rat.yar#L61-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_quasar_rat.yar#L61-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a189bce433c71d45fd7f5d7fc284fc5b35c88a7ec616dd392d0e931165263aca"
 		score = 75
 		quality = 85
@@ -363159,8 +363712,8 @@ rule SIGNATURE_BASE_APT_Crywiper_Dec22
 		date = "2022-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist-ru.translate.goog/novyj-troyanec-crywiper/106114/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ru_crywiper.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ru_crywiper.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7c22e02ed996cd820ed87a0c5d50e3264629cdd887aad4ea466cadeccaee2b2f"
 		score = 75
 		quality = 85
@@ -363185,8 +363738,8 @@ rule SIGNATURE_BASE_Hkdoor_Backdoor_Dll : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hkdoor.yar#L11-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hkdoor.yar#L11-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "77901d1f2d6c53161c79b50ef20eeb424bf1b8b32906302ca10f3c4b82a58e2a"
 		score = 75
 		quality = 85
@@ -363211,8 +363764,8 @@ rule SIGNATURE_BASE_Hkdoor_Backdoor : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hkdoor.yar#L32-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hkdoor.yar#L32-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3fc71c971bf0908e044e3e0ec3f266b8dfaae33bcfbf1b10619375fc7b5e7f5e"
 		score = 75
 		quality = 85
@@ -363241,8 +363794,8 @@ rule SIGNATURE_BASE_Hkdoor_Dropper : FILE
 		date = "2018-01-01"
 		modified = "2023-01-07"
 		reference = "https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hkdoor.yar#L53-L79"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hkdoor.yar#L53-L79"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "521836ff95142d276152687f7c36e8f503f168f101976022431efd13a6adf7e4"
 		score = 75
 		quality = 85
@@ -363270,8 +363823,8 @@ rule SIGNATURE_BASE_Hkdoor_Driver : FILE
 		date = "2018-01-01"
 		modified = "2023-01-07"
 		reference = "https://www.cylance.com/en_us/blog/threat-spotlight-opening-hackers-door.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hkdoor.yar#L81-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hkdoor.yar#L81-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "68ac505d67af5361f096529697e621c83a4628f21c213fcea6652905f87ebe00"
 		score = 75
 		quality = 83
@@ -363296,8 +363849,8 @@ rule SIGNATURE_BASE_CN_Disclosed_20180208_Lsls : FILE
 		date = "2018-02-08"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyberintproject/status/961714165550342146"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cn_campaign_njrat.yar#L13-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cn_campaign_njrat.yar#L13-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c6542391e8d1a4fe4d26fd8b2dfb1fcab7b39c67dcc6495f2e5f95c4d6f8d61c"
 		score = 75
 		quality = 85
@@ -363320,8 +363873,8 @@ rule SIGNATURE_BASE_CN_Disclosed_20180208_C : FILE
 		date = "2018-02-08"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyberintproject/status/961714165550342146"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cn_campaign_njrat.yar#L28-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cn_campaign_njrat.yar#L28-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cfdc7ce8b89a16d2ae604268a030bd41259fed87a7f37b0dca8f7c467703c7f2"
 		score = 75
 		quality = 85
@@ -363354,8 +363907,8 @@ rule SIGNATURE_BASE_CN_Disclosed_20180208_System3 : FILE
 		date = "2018-02-08"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/cyberintproject/status/961714165550342146"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cn_campaign_njrat.yar#L57-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cn_campaign_njrat.yar#L57-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8292ae1de39c57bc5ed6fa078570e92dbcd22cd13d5b5f22d158986708139fbe"
 		score = 75
 		quality = 85
@@ -363382,8 +363935,8 @@ rule SIGNATURE_BASE_CN_Disclosed_20180208_Mal1 : FILE
 		date = "2018-02-08"
 		modified = "2023-12-05"
 		reference = "https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cn_campaign_njrat.yar#L77-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cn_campaign_njrat.yar#L77-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cf532761d07ee3e84028a9071409f081a7a85728d55c215c912f0b70902f101f"
 		score = 75
 		quality = 85
@@ -363414,8 +363967,8 @@ rule SIGNATURE_BASE_CN_Disclosed_20180208_Keylogger_1 : FILE
 		date = "2018-02-08"
 		modified = "2023-12-05"
 		reference = "https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cn_campaign_njrat.yar#L105-L122"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cn_campaign_njrat.yar#L105-L122"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "efba7004614c690e469082255cf7b5cb62cac5da2bfcc26e036e2eafcb5728f9"
 		score = 75
 		quality = 85
@@ -363443,8 +363996,8 @@ rule SIGNATURE_BASE_CN_Disclosed_20180208_Mal4 : FILE
 		date = "2018-02-08"
 		modified = "2023-12-05"
 		reference = "https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cn_campaign_njrat.yar#L124-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cn_campaign_njrat.yar#L124-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "044901271adb06036e7d5aa8f2b6f893be10445bee95453c293d0025994e8d21"
 		score = 75
 		quality = 85
@@ -363468,8 +364021,8 @@ rule SIGNATURE_BASE_CN_Disclosed_20180208_Mal5 : FILE
 		date = "2018-02-08"
 		modified = "2023-12-05"
 		reference = "https://www.virustotal.com/graph/#/selected/n120z79z208z189/drawer/graph-details"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_cn_campaign_njrat.yar#L140-L160"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_cn_campaign_njrat.yar#L140-L160"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "971276d5033477a08a1ec037cff9735667c2b4f7d9d4a7bcd88f2b1d8c348d4f"
 		score = 75
 		quality = 85
@@ -363499,8 +364052,8 @@ rule SIGNATURE_BASE_APT_MAL_Falsefont_Backdoor_Jan24 : FILE
 		date = "2024-01-11"
 		modified = "2024-04-24"
 		reference = "https://twitter.com/MsftSecIntel/status/1737895710169628824"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_peach_sandstorm.yar#L1-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_peach_sandstorm.yar#L1-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "364275326bbfc4a3b89233dabdaf3230a3d149ab774678342a40644ad9f8d614"
 		logic_hash = "9a1b3779b63dd7fa8ddc84067dec09542518e9acebbf5d3b45cb75ec4add1158"
 		score = 80
@@ -363531,8 +364084,8 @@ rule SIGNATURE_BASE_APT_MAL_APT27_Rshell_Jul24 : MALWARE RSHELL___SYSUPDATE FILE
 		date = "2024-07-11"
 		modified = "2024-12-12"
 		reference = "https://x.com/bfv_bund/status/1811364839656185985?s=12&t=C0_T_re0wRP_NfKa27Xw9w"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt27_rshell.yar#L2-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt27_rshell.yar#L2-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "be5f6281d722bd07e53acd459c794fe3ae870a05ed8979de4c28d357110617bd"
 		score = 75
 		quality = 85
@@ -363570,8 +364123,8 @@ rule SIGNATURE_BASE_Cmstar_Malware_Sep17 : FILE
 		date = "2017-10-03"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/pTffPA"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cmstar.yar#L13-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cmstar.yar#L13-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "498b6a3e02cf4979babe6379c2d6b3529d2a28210d44a8ce05aef1acdd325953"
 		score = 75
 		quality = 85
@@ -363595,8 +364148,8 @@ rule SIGNATURE_BASE_Office_Autoopen_Macro : FILE
 		date = "2015-05-28"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/general_officemacros.yar#L2-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/general_officemacros.yar#L2-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "23c834828e7a9ea966e5d7247881bbbf9180b8f08297e36cd36d2ba5f621c70d"
 		score = 40
 		quality = 85
@@ -363626,8 +364179,8 @@ rule SIGNATURE_BASE_Office_As_MHTML : CVE_2012_0158 FILE
 		date = "2015-05-28"
 		modified = "2023-12-05"
 		reference = "https://www.trustwave.com/Resources/SpiderLabs-Blog/Malicious-Macros-Evades-Detection-by-Using-Unusual-File-Format/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/general_officemacros.yar#L28-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/general_officemacros.yar#L28-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d5836a9c627e2e6833ea9e27526c76c00fc1fcf1fca8ea10777aa6f4bcc25053"
 		score = 40
 		quality = 85
@@ -363656,11 +364209,11 @@ rule SIGNATURE_BASE_Docm_In_PDF : FILE
 		date = "2017-05-15"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/general_officemacros.yar#L52-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/general_officemacros.yar#L52-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "045cde0e8f9e0881c2caece7d5660e165aa67b43bed2ba6d4929951497d76494"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		license = "Detection Rule License 1.1 https://github.com/Neo23x0/signature-base/blob/master/LICENSE"
 
@@ -363681,8 +364234,8 @@ rule SIGNATURE_BASE_EXPL_Keepass_CVE_2023_24055_Jan23 : CVE_2023_24055 FILE
 		date = "2023-01-25"
 		modified = "2023-12-05"
 		reference = "https://github.com/alt3kx/CVE-2023-24055_PoC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_keepass_cve_2023_24055.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_keepass_cve_2023_24055.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3ca00f317838819bb7fb80c9d00d94db498e1d3ef146b9af2664dae09302a86d"
 		score = 75
 		quality = 81
@@ -363708,8 +364261,8 @@ rule SIGNATURE_BASE_SUSP_Keepass_CVE_2023_24055_Jan23 : CVE_2023_24055 FILE
 		date = "2023-01-25"
 		modified = "2023-12-05"
 		reference = "https://github.com/alt3kx/CVE-2023-24055_PoC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_keepass_cve_2023_24055.yar#L22-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_keepass_cve_2023_24055.yar#L22-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4ed3eee86baf3dddfe423795491a5a94c02df3f4a7525efa6f2436e19197e55b"
 		score = 60
 		quality = 85
@@ -363733,8 +364286,8 @@ rule SIGNATURE_BASE_MAL_Devilstongue_Hijackdll : FILE
 		date = "2021-07-15"
 		modified = "2023-12-05"
 		reference = "https://www.microsoft.com/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_candiru.yar#L3-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_candiru.yar#L3-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4ad58a77f9ab5fa078dc40f3ec1d0b0180f25ff3ea304a3c85889df29739e0f5"
 		score = 80
 		quality = 85
@@ -363763,8 +364316,8 @@ rule SIGNATURE_BASE_Blackenergy3_Installer
 		date = "2015-05-29"
 		modified = "2023-12-05"
 		reference = "https://www.f-secure.com/documents/996508/1030745/blackenergy_whitepaper.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_blackenergy_installer.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_blackenergy_installer.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "78387651dd9608fcdf6bfb9df8b84db4"
 		hash = "78636f7bbd52ea80d79b4e2a7882403092bbb02d"
 		logic_hash = "c4c562124427fd394b56e48f16f2d262c8a717fc750b955b2b2a35acb478d5e7"
@@ -363787,11 +364340,11 @@ rule SIGNATURE_BASE_EXPL_Log4J_Callbackdomain_Iocs_Dec21_1 : CVE_2021_44228
 		date = "2021-12-12"
 		modified = "2025-03-29"
 		reference = "https://gist.github.com/superducktoes/9b742f7b44c71b4a0d19790228ce85d8"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_log4j_cve_2021_44228.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_log4j_cve_2021_44228.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8d5e60f91b715242c6f8ee806ab81d3e296ce1467cf2d065b053f33e3ae00f14"
 		score = 60
-		quality = 35
+		quality = 85
 		tags = "CVE-2021-44228"
 
 	strings:
@@ -363809,8 +364362,8 @@ rule SIGNATURE_BASE_EXPL_JNDI_Exploit_Patterns_Dec21_1
 		date = "2021-12-12"
 		modified = "2025-03-29"
 		reference = "https://github.com/pimps/JNDI-Exploit-Kit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_log4j_cve_2021_44228.yar#L16-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_log4j_cve_2021_44228.yar#L16-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9442c8c4eee76539892752361657c86e80acc7990876e787317b042a4637f669"
 		score = 60
 		quality = 85
@@ -363851,8 +364404,8 @@ rule SIGNATURE_BASE_EXPL_Log4J_CVE_2021_44228_JAVA_Exception_Dec21_1 : CVE_2021_
 		date = "2021-12-12"
 		modified = "2025-03-29"
 		reference = "https://gist.github.com/Neo23x0/e4c8b03ff8cdf1fa63b7d15db6e3860b"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_log4j_cve_2021_44228.yar#L51-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_log4j_cve_2021_44228.yar#L51-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "98eabec4ad2f5c4d22db9c3bebdc82c8dc6723599748360875fc7b613b1019ab"
 		score = 60
 		quality = 85
@@ -363875,8 +364428,8 @@ rule SIGNATURE_BASE_EXPL_Log4J_CVE_2021_44228_Dec21_Soft : FILE CVE_2021_44228
 		date = "2021-12-10"
 		modified = "2025-03-24"
 		reference = "https://twitter.com/h113sdx/status/1469010902183661568?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_log4j_cve_2021_44228.yar#L68-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_log4j_cve_2021_44228.yar#L68-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "61a005060e2041afa5a9aa0b2a5e26cfc9a53cbafa78b15e4dd2c3b38127373a"
 		score = 50
 		quality = 85
@@ -363907,8 +364460,8 @@ rule SIGNATURE_BASE_EXPL_Log4J_CVE_2021_44228_Dec21_OBFUSC : CVE_2021_44228
 		date = "2021-12-12"
 		modified = "2021-12-13"
 		reference = "https://twitter.com/h113sdx/status/1469010902183661568?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_log4j_cve_2021_44228.yar#L94-L116"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_log4j_cve_2021_44228.yar#L94-L116"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "00231db2ae83a89c187dbde1f2bc67fdaedcf1cbdf872afdcc374d2d0abee515"
 		score = 60
 		quality = 85
@@ -363937,11 +364490,11 @@ rule SIGNATURE_BASE_EXPL_Log4J_CVE_2021_44228_Dec21_Hard : FILE CVE_2021_44228
 		date = "2021-12-10"
 		modified = "2025-03-20"
 		reference = "https://twitter.com/h113sdx/status/1469010902183661568?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_log4j_cve_2021_44228.yar#L118-L140"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_log4j_cve_2021_44228.yar#L118-L140"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9a4fc285dd1680ebc8a1042eeb5fbba73b9e2df70678adf3163122d84405325e"
 		score = 65
-		quality = 60
+		quality = 85
 		tags = "FILE, CVE-2021-44228"
 
 	strings:
@@ -363966,8 +364519,8 @@ rule SIGNATURE_BASE_SUSP_Base64_Encoded_Exploit_Indicators_Dec21 : CVE_2021_4422
 		date = "2021-12-10"
 		modified = "2021-12-13"
 		reference = "https://twitter.com/Reelix/status/1469327487243071493"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_log4j_cve_2021_44228.yar#L142-L165"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_log4j_cve_2021_44228.yar#L142-L165"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "703a83916c7279bcdc3cd61602472c2a3815140235be169f5b2063a547438c61"
 		score = 70
 		quality = 85
@@ -363994,11 +364547,11 @@ rule SIGNATURE_BASE_SUSP_Jdniexploit_Indicators_Dec21 : FILE
 		date = "2021-12-10"
 		modified = "2021-12-12"
 		reference = "https://github.com/flypig5211/JNDIExploit"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_log4j_cve_2021_44228.yar#L167-L180"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_log4j_cve_2021_44228.yar#L167-L180"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7886a67672001f0db72575d96d3a12341bfcdc49a9951e3d5e2a88ab46bf5a5d"
 		score = 70
-		quality = 60
+		quality = 85
 		tags = "FILE"
 
 	strings:
@@ -364016,8 +364569,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_OBFUSC_Dec21_1 : CVE_2021_44228 FILE
 		date = "2021-12-11"
 		modified = "2022-11-08"
 		reference = "https://twitter.com/testanull/status/1469549425521348609"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_log4j_cve_2021_44228.yar#L182-L211"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_log4j_cve_2021_44228.yar#L182-L211"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d6ffb70da82fe16e7a76feb31c01aa3e0cfc5625cc0e2b237ec851c646550839"
 		score = 60
 		quality = 85
@@ -364046,8 +364599,8 @@ rule SIGNATURE_BASE_SUSP_Jdniexploit_Error_Indicators_Dec21_1
 		date = "2021-12-10"
 		modified = "2023-06-23"
 		reference = "https://twitter.com/marcioalm/status/1470361495405875200?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_log4j_cve_2021_44228.yar#L213-L226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_log4j_cve_2021_44228.yar#L213-L226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2ab98814b2ed66b0bda875fecc0b09db82035d7edcdb0af65f815817ec8c6cc8"
 		score = 70
 		quality = 85
@@ -364068,8 +364621,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Kobalos : FILE
 		date = "2020-11-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lnx_kobalos.yar#L32-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lnx_kobalos.yar#L32-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "48aec47b70633d4c8cb55d90a2e168f3c2027ef27cfe1cd5d30dcdc08a2ff717"
 		score = 75
 		quality = 85
@@ -364100,8 +364653,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Kobalos_SSH_Credential_Stealer : FILE
 		date = "2020-11-02"
 		modified = "2023-12-05"
 		reference = "https://github.com/eset/malware-ioc/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lnx_kobalos.yar#L59-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lnx_kobalos.yar#L59-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fdabaea0c838e43b8716bcd102bdeebf2f08fc041b0b909333e3d9d6f94391fc"
 		score = 75
 		quality = 85
@@ -364124,8 +364677,8 @@ rule SIGNATURE_BASE_Turla_Png_Dropper : FILE
 		date = "2018-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_png_dropper_nov18.yar#L3-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_png_dropper_nov18.yar#L3-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c859310660603d0748cf17daea0799af7684f2a9f77f729871eb57338fbfcca6"
 		score = 75
 		quality = 85
@@ -364179,8 +364732,8 @@ rule SIGNATURE_BASE_Turla_Png_Reg_Enum_Payload : FILE
 		date = "2018-11-23"
 		modified = "2023-12-05"
 		reference = "https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/november/turla-png-dropper-is-back/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_png_dropper_nov18.yar#L51-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_png_dropper_nov18.yar#L51-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b01d0c3a26ce955570ed5607514906bd8860f36637957e39a15f74a7dbb1a1e6"
 		score = 75
 		quality = 85
@@ -364203,8 +364756,8 @@ rule SIGNATURE_BASE_Apt_Win32_Dll_Rat_Hizorrat : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.fidelissecurity.com/sites/default/files/FTA_1020_Fidelis_Inocnation_FINAL.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_hizor_rat.yar#L1-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_hizor_rat.yar#L1-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4e3224d34db788d2cba9da74690bf75429d6e8a516d7666d0331e465d08640cb"
 		score = 75
 		quality = 85
@@ -364235,8 +364788,8 @@ rule SIGNATURE_BASE_ATM_Malware_Xfscashncr_1 : FILE
 		date = "2019-08-28"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/r3c0nst/status/1166773324548063232"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_atm_xfscashncr.yar#L2-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_atm_xfscashncr.yar#L2-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "014d07115543c6e041649a1c57206a75fd555bf0458c7578a33c81b473c72751"
 		score = 75
 		quality = 85
@@ -364265,8 +364818,8 @@ rule SIGNATURE_BASE_Apt_Equation_Exploitlib_Mutexes : FILE
 		date = "2016-02-15"
 		modified = "2023-01-27"
 		reference = "http://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L3-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L3-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4414dd4ca16d08b8edad26842640960ace434cdde769766fb1c38a1a249565fd"
 		score = 75
 		quality = 85
@@ -364292,8 +364845,8 @@ rule SIGNATURE_BASE_Apt_Equation_Equationlaser_Runtimeclasses
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L40-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L40-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "663ea56f869f7099a92658df5bddd76d4e5ba8ac5dfc693733579682b9eee860"
 		score = 75
 		quality = 85
@@ -364320,8 +364873,8 @@ rule SIGNATURE_BASE_Apt_Equation_Cryptotable
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "https://securelist.com/blog/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L59-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L59-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e660fe423330334a1e3167d6a45e5ce2469fec276838618a7cb0340ec8172275"
 		score = 75
 		quality = 85
@@ -364343,8 +364896,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Triplefantasy_1 : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L75-L107"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L75-L107"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b2b2cd9ca6f5864ef2ac6382b7b6374a9fb2cbe9"
 		logic_hash = "cfa3c1756c8dfb04e0a1590f76cad6d5b3878000d220c263d199322cf6a4f58a"
 		score = 75
@@ -364380,8 +364933,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Doublefantasy_1 : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L109-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L109-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d09b4b6d3244ac382049736ca98d7de0c6787fa2"
 		logic_hash = "4471601300616b5442de95a3eb23c28563206f3423b57fe81007d005203a439f"
 		score = 75
@@ -364414,8 +364967,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_GROK_Keylogger : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L140-L172"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L140-L172"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "50b8f125ed33233a545a1aac3c9d4bb6aa34b48f"
 		logic_hash = "502afd23b92e948a8fba33ccc4da2f4b1ec91bce5a24d153ffc545129fd8c9fa"
 		score = 75
@@ -364450,8 +365003,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Greyfishinstaller
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L174-L189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L174-L189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "58d15d1581f32f36542f3e9fb4b1fc84d2a6ba35"
 		logic_hash = "dae6963f3210503c6c86c818a9cd6f309ba7876f14ca42966097023d474a2366"
 		score = 75
@@ -364476,8 +365029,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Equationdruginstaller : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L191-L213"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L191-L213"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "61fab1b8451275c7fd580895d9c68e152ff46417"
 		logic_hash = "815ed47a53bbc5f6c3fec3464336863028e804bde4681526ecac5de0cfff21b4"
 		score = 75
@@ -364508,8 +365061,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Equationlaserinstaller : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L215-L236"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L215-L236"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5e1f56c1e57fbff96d4999db1fd6dd0f7d8221df"
 		logic_hash = "6f8ba26f5efaa7ec422171862e1b645472387395f0be3a4625d58de5f0584c0b"
 		score = 80
@@ -364538,8 +365091,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Fannyworm : FILE
 		date = "2015-02-16"
 		modified = "2023-01-06"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L238-L277"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L238-L277"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1f0ae54ac3f10d533013f74f48849de4e65817a7"
 		logic_hash = "57e938ba1e53eeb99491547f53086eae3fc4d50bc5612e1b5ae6da6b029ac49e"
 		score = 80
@@ -364579,8 +365132,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_HDD_Reprogramming_Module : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L279-L297"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L279-L297"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ff2b50f371eb26f22eb8a2118e9ab0e015081500"
 		logic_hash = "65800e5f122dce1dd4473bc8cebce0f9258b38d570118b154dbaf6939b68f925"
 		score = 75
@@ -364607,8 +365160,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_EOP_Package : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L299-L318"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L299-L318"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2bd1b1f5b4384ce802d5d32d8c8fd3d1dc04b962"
 		logic_hash = "abbc562b8e822422ae1852a5675a680e797a6af0be5581a8482785bd0c1ad1bf"
 		score = 75
@@ -364637,8 +365190,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Triplefantasy_Loader : FILE
 		date = "2015-02-16"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L320-L342"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L320-L342"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4ce6e77a11b443cc7cbe439b71bf39a39d3d7fa3"
 		logic_hash = "f49735a587085e95f1a8e405e42e5ff3eb4beda1f26c7b4c3c0a33bec21f48c7"
 		score = 75
@@ -364669,8 +365222,8 @@ rule SIGNATURE_BASE_Equation_Kaspersky_Suspiciousstring : FILE
 		date = "2015-02-17"
 		modified = "2025-03-29"
 		reference = "http://goo.gl/ivt8EW"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L346-L364"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L346-L364"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dd7f72c2263a3af9b8c9072b415a3b066e821e000b52ddd684ecb6b80a99067a"
 		score = 60
 		quality = 85
@@ -364697,8 +365250,8 @@ rule SIGNATURE_BASE_Equationdrug_Networksniffer1
 		date = "2015-03-11"
 		modified = "2023-01-06"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L368-L388"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L368-L388"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "26e787997a338d8111d96c9a4c103cf8ff0201ce"
 		logic_hash = "ec90cba3b790c52f475a08b586f5af5a88ec46cfcf8abd74435981a34dfdb3f7"
 		score = 75
@@ -364727,8 +365280,8 @@ rule SIGNATURE_BASE_Equationdrug_Compatlayer_Unilaydll : FILE
 		date = "2015-03-11"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L390-L402"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L390-L402"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a3a31937956f161beba8acac35b96cb74241cd0f"
 		logic_hash = "86434bd0456ea0c9ac9ed74dc3cf63520eb6b880dd4ea7920d0e82873dfec21e"
 		score = 75
@@ -364750,8 +365303,8 @@ rule SIGNATURE_BASE_Equationdrug_Networksniffer2
 		date = "2015-03-11"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L419-L438"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L419-L438"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7e3cd36875c0e5ccb076eb74855d627ae8d4627f"
 		logic_hash = "d29744a801194e5488795a8167965b94290be477efe478ee3e71c4bc98733967"
 		score = 75
@@ -364780,8 +365333,8 @@ rule SIGNATURE_BASE_Equationdrug_Networksniffer3
 		date = "2015-03-11"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L440-L455"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L440-L455"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "14599516381a9646cd978cf962c4f92386371040"
 		logic_hash = "18c516fe0cd74e7a02ee15260abf3d27bba992492e6042a148abdee3086a9a00"
 		score = 75
@@ -364806,8 +365359,8 @@ rule SIGNATURE_BASE_Equationdrug_Volrec_Driver
 		date = "2015-03-11"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L457-L471"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L457-L471"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ee2b504ad502dc3fed62d6483d93d9b1221cdd6c"
 		logic_hash = "24b8202a8590ddb1dd76e01499d02282ad40a6fd6f6b9020040381a370e91f40"
 		score = 75
@@ -364831,8 +365384,8 @@ rule SIGNATURE_BASE_Equationdrug_Kernelrootkit
 		date = "2015-03-11"
 		modified = "2023-01-06"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L473-L493"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L473-L493"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "597715224249e9fb77dc733b2e4d507f0cc41af6"
 		logic_hash = "4b41af8656ada1b4db7ec11f65aeb2d335f424d8557cfa74a064b40c65627012"
 		score = 75
@@ -364861,8 +365414,8 @@ rule SIGNATURE_BASE_Equationdrug_Keylogger
 		date = "2015-03-11"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L495-L510"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L495-L510"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b93aa17b19575a6e4962d224c5801fb78e9a7bb5"
 		logic_hash = "b5db0e6e24979b07cd180fed11545daef281e7b0858a7de001a83c2cbc186557"
 		score = 75
@@ -364887,8 +365440,8 @@ rule SIGNATURE_BASE_Equationdrug_Platformorchestrator
 		date = "2015-03-11"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L538-L555"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L538-L555"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "febc4f30786db7804008dc9bc1cebdc26993e240"
 		logic_hash = "26c3b84a00702f155daa50c8f17e5f37e1aac46adde8a06a711e732a4cd806e9"
 		score = 75
@@ -364915,8 +365468,8 @@ rule SIGNATURE_BASE_Equationdrug_Networksniffer5
 		date = "2015-03-11"
 		modified = "2023-01-06"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L557-L575"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L557-L575"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "09399b9bd600d4516db37307a457bc55eedcbd17"
 		logic_hash = "84f009e2ef639e5270273a7d9dd2542fdf1386c4c8363071d711e2333a112cd1"
 		score = 75
@@ -364943,8 +365496,8 @@ rule SIGNATURE_BASE_Equationdrug_Filesystem_Filter
 		date = "2015-03-11"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L577-L591"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L577-L591"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "57fa4a1abbf39f4899ea76543ebd3688dcc11e13"
 		logic_hash = "5da0c279da1b84a41e7d15df3c19cd50af1872156f133de0a367b9140425aa11"
 		score = 75
@@ -364968,8 +365521,8 @@ rule SIGNATURE_BASE_Apt_Equation_Keyword : FILE
 		date = "2015-09-26"
 		modified = "2025-03-29"
 		reference = "http://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/spy_equation_fiveeyes.yar#L593-L604"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/spy_equation_fiveeyes.yar#L593-L604"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d9a2b31d078eabbc930e9ec06e5ead5a6cda4eebf1c0ebe8164caf75a9d3cba6"
 		score = 75
 		quality = 85
@@ -364991,8 +365544,8 @@ rule SIGNATURE_BASE_Duqu2_Sample1 : FILE
 		date = "2016-07-02"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_duqu2.yar#L10-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_duqu2.yar#L10-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bf6b60bcae2b41487ede11581c82b32e6bc912445008b1655e4f75be65cf6596"
 		score = 80
 		quality = 85
@@ -365019,8 +365572,8 @@ rule SIGNATURE_BASE_Duqu2_Sample2 : FILE
 		date = "2016-07-02"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_duqu2.yar#L30-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_duqu2.yar#L30-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6afd87d472929f56272eb6f28970f2c8be5eb08e6126287391aee1269de1100d"
 		score = 80
 		quality = 85
@@ -365049,8 +365602,8 @@ rule SIGNATURE_BASE_Duqu2_Sample3 : FILE
 		date = "2016-07-02"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_duqu2.yar#L52-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_duqu2.yar#L52-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4adaf71a4acd8ce122af0b6f1267dc34c5190efcb4a6fa3322c1e6cf67a546a5"
 		score = 80
 		quality = 85
@@ -365073,8 +365626,8 @@ rule SIGNATURE_BASE_Duqu2_Sample4 : FILE
 		date = "2016-07-02"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_duqu2.yar#L68-L85"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_duqu2.yar#L68-L85"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ddecd1d7fa007b83fe6e29ac8983d02511a89a16ab2365f8086ec92a52d4bf33"
 		score = 80
 		quality = 85
@@ -365100,8 +365653,8 @@ rule SIGNATURE_BASE_Duqu2_Uas : FILE
 		date = "2016-07-02"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_duqu2.yar#L86-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_duqu2.yar#L86-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8bf27ca851c580080514dfa886c0d7c69ac114efb5dbc35ccd1e7686c3dd44b1"
 		score = 80
 		quality = 85
@@ -365128,8 +365681,8 @@ rule SIGNATURE_BASE_Xrat_1 : FILE
 		date = "2017-12-11"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/Pg3P4W"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_xrat.yar#L12-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_xrat.yar#L12-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "032c5af4f34959783102977543d2caf6199b8d1880a64797882f591e36c64d69"
 		score = 75
 		quality = 85
@@ -365165,8 +365718,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_1 : FILE
 		date = "2018-02-22"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_mosquito.yar#L13-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_mosquito.yar#L13-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "22d799531986c30da19943f1dda305e61a305083478549e93c0ecddeade77b39"
 		score = 75
 		quality = 85
@@ -365191,8 +365744,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_2 : FILE
 		date = "2018-02-22"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_mosquito.yar#L32-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_mosquito.yar#L32-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f1f93d3bc1c4bd55fc7558716a0a1eb7a6c4c2381a4532d37f4e3559f7c809ea"
 		score = 75
 		quality = 85
@@ -365220,8 +365773,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_3 : FILE
 		date = "2018-02-22"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_mosquito.yar#L54-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_mosquito.yar#L54-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0f59c130b500625466da0c8b5bfd84051ee59a3b6261ee3d990d4c355b10672b"
 		score = 75
 		quality = 85
@@ -365249,8 +365802,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_4 : FILE
 		date = "2018-02-22"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_mosquito.yar#L79-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_mosquito.yar#L79-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4765b912258491f38c03513204d9af8bc62c37df2fe583e371cbbeff6fc12298"
 		score = 75
 		quality = 85
@@ -365271,8 +365824,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_5 : FILE
 		date = "2018-02-22"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_mosquito.yar#L92-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_mosquito.yar#L92-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5b0366194410f36c47dd41f6a36c45edbce75e3ddad19520b17bed59513e1dbc"
 		score = 75
 		quality = 85
@@ -365292,8 +365845,8 @@ rule SIGNATURE_BASE_Turlamosquito_Mal_6 : FILE
 		date = "2018-02-22"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_mosquito.yar#L105-L127"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_mosquito.yar#L105-L127"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9ca6ae4313ad8f009b17188aa7184ff01a4b7e35926f3f68dc3aea12bffb9bb1"
 		score = 75
 		quality = 85
@@ -365322,8 +365875,8 @@ rule SIGNATURE_BASE_APT_Turlamosquito_MAL_Oct22_1 : FILE
 		date = "2022-10-25"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/wp-content/uploads/2018/01/ESET_Turla_Mosquito.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_mosquito.yar#L129-L156"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_mosquito.yar#L129-L156"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fbaca774d6398aac7c171a5d87aa456a1921c1b80449d06f392b088db33ee845"
 		score = 80
 		quality = 85
@@ -365353,8 +365906,8 @@ rule SIGNATURE_BASE_Worddoc_Powershell_Urldownloadtofile : FILE
 		date = "2017-02-23"
 		modified = "2024-04-03"
 		reference = "https://www.arbornetworks.com/blog/asert/additional-insights-shamoon2/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_susp.yar#L10-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_susp.yar#L10-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e4ea4e6092011bccfc5132186b910075361f4f77f01ae00c51c486d77a996775"
 		score = 75
 		quality = 85
@@ -365383,8 +365936,8 @@ rule SIGNATURE_BASE_Suspicious_Powershell_Code_1 : FILE
 		date = "2017-02-22"
 		modified = "2024-04-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_susp.yar#L32-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_susp.yar#L32-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0a254e0e4f0fdaa5907f5fe0b0c3d5226e2fdac4072349019abc2b2b11cbde30"
 		score = 60
 		quality = 83
@@ -365411,8 +365964,8 @@ rule SIGNATURE_BASE_Suspicious_Powershell_Webdownload_1 : HIGHVOL FILE
 		date = "2017-02-22"
 		modified = "2024-04-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_susp.yar#L52-L91"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_susp.yar#L52-L91"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "56ad9c71c34956e94325452d829627a30b1499552725232a07100f05a050ef1b"
 		score = 60
 		quality = 85
@@ -365457,8 +366010,8 @@ rule SIGNATURE_BASE_Powershell_In_Word_Doc : FILE
 		date = "2017-06-27"
 		modified = "2024-04-03"
 		reference = "Internal Research - ME"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_susp.yar#L104-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_susp.yar#L104-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6a9b295f1c430c285aedc5e6df268ea2023c8bdaccd04cf8a5d021419cd6bd64"
 		score = 50
 		quality = 83
@@ -365482,8 +366035,8 @@ rule SIGNATURE_BASE_Susp_Powershell_Sep17_1 : FILE
 		date = "2017-09-30"
 		modified = "2024-04-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_susp.yar#L131-L148"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_susp.yar#L131-L148"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6c8a1e72b2c4685a5a5749d86901b123976092aee373412bf04c62aa32145be8"
 		score = 60
 		quality = 85
@@ -365508,8 +366061,8 @@ rule SIGNATURE_BASE_Susp_Powershell_Sep17_2 : FILE
 		date = "2017-09-30"
 		modified = "2024-04-03"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_susp.yar#L150-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_susp.yar#L150-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0819f57afb6d1d878e4db4079bfd43ccac520829c877de04d16d8bd048a35ab5"
 		score = 65
 		quality = 85
@@ -365535,8 +366088,8 @@ rule SIGNATURE_BASE_Wscript_Shell_Powershell_Combo : FILE
 		date = "2018-02-07"
 		modified = "2024-04-03"
 		reference = "http://blog.talosintelligence.com/2018/02/targeted-attacks-in-middle-east.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_susp.yar#L172-L193"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_susp.yar#L172-L193"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0ab5808593c999c1ce342051a8e292153aa20516cf48071565d677399adfb160"
 		score = 50
 		quality = 85
@@ -365563,8 +366116,8 @@ rule SIGNATURE_BASE_SUSP_Powershell_String_K32_Remprocess : FILE
 		date = "2018-03-31"
 		modified = "2024-04-03"
 		reference = "https://github.com/nccgroup/redsnarf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_susp.yar#L195-L215"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_susp.yar#L195-L215"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "03c80de8e59e640709c4ee1912dc47c398e265f9b88845a6de88031e2eb46ba3"
 		score = 65
 		quality = 85
@@ -365594,8 +366147,8 @@ rule SIGNATURE_BASE_Powershell_JAB_B64 : FILE
 		date = "2018-04-02"
 		modified = "2024-04-03"
 		reference = "https://twitter.com/ItsReallyNick/status/980915287922040832"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_susp.yar#L217-L231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_susp.yar#L217-L231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4746a73774f945e63455ca7dd58ef67290f7c66d2dca80d06d52d2545c69a190"
 		score = 60
 		quality = 83
@@ -365618,8 +366171,8 @@ rule SIGNATURE_BASE_SUSP_PS1_Frombase64String_Content_Indicator : FILE
 		date = "2020-01-25"
 		modified = "2024-04-03"
 		reference = "https://gist.github.com/Neo23x0/6af876ee72b51676c82a2db8d2cd3639"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershell_susp.yar#L233-L284"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershell_susp.yar#L233-L284"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a9ec7a00e9faee5cc081a2bc86abf8027fcd3cfe590cdd4f2f99425b6723f23f"
 		score = 65
 		quality = 83
@@ -365679,8 +366232,8 @@ rule SIGNATURE_BASE_Lightftp_Fftp_X86_64 : FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/hfiref0x/LightFTP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/pup_lightftp.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/pup_lightftp.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f29a98a4014fc6c026aef4054bc2bee7bde2e9ad7f26f2368fdf0949f50847bb"
 		score = 50
 		quality = 85
@@ -365708,8 +366261,8 @@ rule SIGNATURE_BASE_Lightftp_Config : FILE
 		date = "2015-05-14"
 		modified = "2023-12-05"
 		reference = "https://github.com/hfiref0x/LightFTP"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/pup_lightftp.yar#L23-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/pup_lightftp.yar#L23-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ce9821213538d39775af4a48550eefa3908323c5"
 		logic_hash = "1e8c06dac9a5910816703ed15bef83116d9e2d9e612fda69697170ed98ee5f60"
 		score = 75
@@ -365737,8 +366290,8 @@ rule SIGNATURE_BASE_Ysoserial_Payload_Mozillarhino1 : FILE
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/frohoff/ysoserial"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_ysoserial_payloads.yar#L10-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_ysoserial_payloads.yar#L10-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ca8cdd2781812ed373ca558b3a5a2fac5d236e16e6dbb8d66caa45081aef968b"
 		score = 75
 		quality = 85
@@ -365761,8 +366314,8 @@ rule SIGNATURE_BASE_Ysoserial_Payload_C3P0 : FILE
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/frohoff/ysoserial"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_ysoserial_payloads.yar#L25-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_ysoserial_payloads.yar#L25-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "53188caff69e1dbf655f4df7cda1406dd357af14a92ca4e686f514299b0adafc"
 		score = 75
 		quality = 85
@@ -365785,8 +366338,8 @@ rule SIGNATURE_BASE_Ysoserial_Payload_Spring1
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/frohoff/ysoserial"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_ysoserial_payloads.yar#L40-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_ysoserial_payloads.yar#L40-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "852390d242c5cac243b54c31234c0ef3e25cede376eea23c73f03d79c548be8a"
 		score = 75
 		quality = 85
@@ -365815,8 +366368,8 @@ rule SIGNATURE_BASE_Ysoserial_Payload : FILE
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/frohoff/ysoserial"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_ysoserial_payloads.yar#L61-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_ysoserial_payloads.yar#L61-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eec48af8bd3b377c8dd5af71027f67b36e1bd4d4ccfbd8134a26783517b5585a"
 		score = 75
 		quality = 85
@@ -365854,8 +366407,8 @@ rule SIGNATURE_BASE_Ysoserial_Payload_3 : FILE
 		date = "2017-02-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/frohoff/ysoserial"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_ysoserial_payloads.yar#L92-L113"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_ysoserial_payloads.yar#L92-L113"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "49491d1c15af8c271fbbb7dedc678a91df74dcb093abe3f056b1ffc2fced99fe"
 		score = 75
 		quality = 85
@@ -365886,8 +366439,8 @@ rule SIGNATURE_BASE_Monsoon_APT_Malware_1 : FILE
 		date = "2017-09-08"
 		modified = "2023-01-06"
 		reference = "http://blog.fortinet.com/2017/04/05/in-depth-look-at-new-variant-of-monsoon-apt-backdoor-part-2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_monsoon.yar#L14-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_monsoon.yar#L14-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "76580f999d445f4baace5287a3038e294f8be3783289d6c7c5b2c0c92c39db86"
 		score = 75
 		quality = 85
@@ -365911,8 +366464,8 @@ rule SIGNATURE_BASE_Monsoon_APT_Malware_2 : FILE
 		date = "2017-09-08"
 		modified = "2023-12-05"
 		reference = "http://blog.fortinet.com/2017/04/05/in-depth-look-at-new-variant-of-monsoon-apt-backdoor-part-2"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_monsoon.yar#L37-L64"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_monsoon.yar#L37-L64"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "20552573102dd981c81ffa6a8c7bbdfafc9bbb7da1fbc12f273bca7d6a0c9d05"
 		score = 75
 		quality = 85
@@ -365946,8 +366499,8 @@ rule SIGNATURE_BASE_MAL_Shellcode_Loader_Apr23
 		date = "2023-04-03"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_mal_gopuram_apr23.yar#L3-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_mal_gopuram_apr23.yar#L3-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e4e423158757c80b5e4e77f6a343323a87798c6697cf6a832aa01a146712b250"
 		score = 80
 		quality = 85
@@ -365972,8 +366525,8 @@ rule SIGNATURE_BASE_APT_MAL_Gopuram_Backdoor_Apr23 : FILE
 		date = "2023-02-24"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_mal_gopuram_apr23.yar#L20-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_mal_gopuram_apr23.yar#L20-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aa3dd1f35d27d23eb775410cceae81d5b767dc0f1636aac67f2d2e988a3ed995"
 		score = 80
 		quality = 85
@@ -365999,8 +366552,8 @@ rule SIGNATURE_BASE_APT_NK_MAL_DLL_Apr23_1 : FILE
 		date = "2023-04-03"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_mal_gopuram_apr23.yar#L43-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_mal_gopuram_apr23.yar#L43-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e0a8f3896c0119ce399e83fe3e565c66144693e84996aa3d01ca1b6315521782"
 		score = 75
 		quality = 85
@@ -366031,8 +366584,8 @@ rule SIGNATURE_BASE_APT_UNC4736_NK_MAL_TAXHAUL_3CX_Apr23_1 : FILE
 		date = "2023-03-04"
 		modified = "2023-12-05"
 		reference = "https://www.3cx.com/blog/news/mandiant-initial-results/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_mal_gopuram_apr23.yar#L77-L90"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_mal_gopuram_apr23.yar#L77-L90"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f67af611d0b3d96e4aaf7b3b5e49c1fb536e61a430b79ac0a0560ef3773ba140"
 		score = 80
 		quality = 85
@@ -366054,8 +366607,8 @@ rule SIGNATURE_BASE_SUSP_CMD_Var_Expansion : FILE
 		date = "2018-09-26"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/asfakian/status/1044859525675843585"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_susp_cmd_var_expansion.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_susp_cmd_var_expansion.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "68ce14cac07494645f3b5f1d61012e4fe21cfa9fa7ad4019add2368b568fe043"
 		score = 60
 		quality = 85
@@ -366077,8 +366630,8 @@ rule SIGNATURE_BASE_APT_TA18_149A_Joanap_Sample1 : FILE
 		date = "2018-05-30"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA18-149A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta18_149A.yar#L13-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta18_149A.yar#L13-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "746c74713ac52f62d5a5c41d2c9321e00481a45aa2c23f1695fab0f5b6d5dfb4"
 		score = 75
 		quality = 85
@@ -366106,8 +366659,8 @@ rule SIGNATURE_BASE_APT_TA18_149A_Joanap_Sample2 : FILE
 		date = "2018-05-30"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA18-149A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta18_149A.yar#L36-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta18_149A.yar#L36-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "046135e4a1161841835cd9d10e13224b440e914ce3f409bad84a1df2638a7d5f"
 		score = 75
 		quality = 85
@@ -366134,8 +366687,8 @@ rule SIGNATURE_BASE_APT_TA18_149A_Joanap_Sample3 : FILE
 		date = "2018-05-30"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA18-149A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta18_149A.yar#L57-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta18_149A.yar#L57-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a3da6c70d2ab94820324a55f1bcdcf5507a8ddf26efc80904daf0d9b27ac9312"
 		score = 75
 		quality = 85
@@ -366163,8 +366716,8 @@ rule SIGNATURE_BASE_SUSP_RANSOMWARE_Indicator_Jul20 : FILE
 		date = "2020-07-28"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ransom_generic.yar#L2-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ransom_generic.yar#L2-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3dd1b29f45afba16d58619416e0d420acd38fb8ae1fc846035229a27b9e5c9d9"
 		score = 60
 		quality = 85
@@ -366204,8 +366757,8 @@ rule SIGNATURE_BASE_HKTL_Solarwinds_Credential_Stealer : FILE
 		date = "2021-01-20"
 		modified = "2023-12-05"
 		reference = "https://github.com/mubix/solarflare"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_solarwinds_credential_stealer.yar#L2-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_solarwinds_credential_stealer.yar#L2-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1b2e5186464ed0bdd38fcd9f4ab294a7ba28bd829bf296584cbc32e2889037e4"
 		hash = "4adb69d4222c80d97f8d64e4d48b574908a518f8d504f24ce93a18b90bd506dc"
 		logic_hash = "ccf55ba7b66ff8d0f926999f3d68dc3b2fdc1c9ce15e1f08b75d003c62393312"
@@ -366239,8 +366792,8 @@ rule SIGNATURE_BASE_Tools_Cmd : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L10-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L10-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "02e37b95ef670336dc95331ec73dbb5a86f3ba2b"
 		logic_hash = "fe1a157d53bd9a48848f2711844c5e12356652ca01c84c19429c55bbb12ea488"
 		score = 75
@@ -366272,8 +366825,8 @@ rule SIGNATURE_BASE_Trigger_Drop : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L35-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L35-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "165dd2d82bf87285c8a53ad1ede6d61a90837ba4"
 		logic_hash = "fc998ea5c2a446278823e4336ddc6a22741f82c43fbdcd95b3d12ee6a27b1dd7"
 		score = 75
@@ -366299,8 +366852,8 @@ rule SIGNATURE_BASE_Injectionparameters : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L53-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L53-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4f11aa5b3660c45e527606ee33de001f4994e1ea"
 		logic_hash = "6bb786256f7154013408323eeb597f91c609a2a26f5ae9e6d61e16bd9c16a577"
 		score = 75
@@ -366324,8 +366877,8 @@ rule SIGNATURE_BASE_Users_List : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L69-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L69-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6fba1a1a607198ed232405ccbebf9543037a63ef"
 		logic_hash = "debd8e1d882cbbe6e720b86bec3ff3c78393cb225b3f0f9c7725cfced6582e71"
 		score = 75
@@ -366350,8 +366903,8 @@ rule SIGNATURE_BASE_Trigger_Modify : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L86-L103"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L86-L103"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c93cd7a6c3f962381e9bf2b511db9b1639a22de0"
 		logic_hash = "6ea0221af9e9a29d3280a01eec69e31e79c358e664d286f8c80259f5e826876c"
 		score = 75
@@ -366378,8 +366931,8 @@ rule SIGNATURE_BASE_Customize : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L105-L121"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L105-L121"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "db556879dff9a0101a7a26260a5d0dc471242af2"
 		logic_hash = "f4e0a7342a01411ae060c9d995072518f2e3299af1b0d396bb319eeec42c1519"
 		score = 75
@@ -366405,8 +366958,8 @@ rule SIGNATURE_BASE_Oracle_Data
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L123-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L123-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6cf070017be117eace4752650ba6cf96d67d2106"
 		logic_hash = "1ab9b6c4349dd891103a24a77c93c2abb784d3ed616523f3aaec68b05082983e"
 		score = 75
@@ -366431,8 +366984,8 @@ rule SIGNATURE_BASE_Reduhservers_Reduh : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L140-L155"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L140-L155"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "377886490a86290de53d696864e41d6a547223b0"
 		logic_hash = "dcb1515da696566d01ec64029a34438a56d2df480b9cd2ea586f71ffe3324c1a"
 		score = 75
@@ -366458,8 +367011,8 @@ rule SIGNATURE_BASE_Item_Old : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L157-L172"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L157-L172"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "daae358bde97e534bc7f2b0134775b47ef57e1da"
 		logic_hash = "181e46408050490dccc4f321bd1072da0436d920e16cc4711b16425eb5bd73ed"
 		score = 75
@@ -366484,8 +367037,8 @@ rule SIGNATURE_BASE_Tools_2014 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L174-L189"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L174-L189"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "74518faf08637c53095697071db09d34dbe8d676"
 		logic_hash = "caa365cc1a641b7dcd5d2082240d981e66caf6da1379ee109a0bb1f651d1f00f"
 		score = 75
@@ -366510,8 +367063,8 @@ rule SIGNATURE_BASE_Reduhservers_Reduh_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L191-L206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L191-L206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "512d0a3e7bb7056338ad0167f485a8a6fa1532a3"
 		logic_hash = "954115da374b6d72c35244673799be6e8bae5288f53509dea04e3ae3c489af12"
 		score = 75
@@ -366536,8 +367089,8 @@ rule SIGNATURE_BASE_Customize_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L208-L222"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L208-L222"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "37cd17543e14109d3785093e150652032a85d734"
 		logic_hash = "aa0940a21eea6ba50a93dd36a8f914f636fdba0685048fc67e16dd68c1c2794e"
 		score = 75
@@ -366561,8 +367114,8 @@ rule SIGNATURE_BASE_Chinachopper_One : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L224-L237"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L224-L237"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "6cd28163be831a58223820e7abe43d5eacb14109"
 		logic_hash = "f9a6e4b8556eb3f1e1cbe0bc4eb225b9564ac59aae4a97f184806c6bec95578d"
 		score = 75
@@ -366585,8 +367138,8 @@ rule SIGNATURE_BASE_CN_Tools_Old : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L239-L255"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L239-L255"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f8a007758fda8aa1c0af3c43f3d7e3186a9ff307"
 		logic_hash = "3f0ac357e9a9fb4ee937b53145b33ba1041310d979cbc3feb0a4caf026b9b730"
 		score = 75
@@ -366612,8 +367165,8 @@ rule SIGNATURE_BASE_Item_301 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L257-L273"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L257-L273"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "15636f0e7dc062437608c1f22b1d39fa15ab2136"
 		logic_hash = "623e235ff3eb0922fe8aee732144a15bcc0c580229654ae988353176f488b085"
 		score = 75
@@ -366639,8 +367192,8 @@ rule SIGNATURE_BASE_CN_Tools_Item : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L275-L291"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L275-L291"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a584db17ad93f88e56fd14090fae388558be08e4"
 		logic_hash = "1e927fd093aa11ad525f3f64d657f314520669b4237eac8f87d0be53cd848044"
 		score = 75
@@ -366666,8 +367219,8 @@ rule SIGNATURE_BASE_F3_Diy : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L293-L307"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L293-L307"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f39c2f64abe5e86d8d36dbb7b1921c7eab63bec9"
 		logic_hash = "37d6bc61d790ff30c98ded08ff875431fda525cd3ac10b4b1ba3f8f42167ed8c"
 		score = 75
@@ -366691,8 +367244,8 @@ rule SIGNATURE_BASE_Chinachopper_Temp : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L309-L325"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L309-L325"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b0561ea52331c794977d69704345717b4eb0a2a7"
 		logic_hash = "3669dfa10867970456f6638035a87d448e2b728387fbd07b59ffd981a1ab6200"
 		score = 75
@@ -366718,8 +367271,8 @@ rule SIGNATURE_BASE_Tools_2015 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L327-L344"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L327-L344"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8fc67359567b78cadf5d5c91a623de1c1d2ab689"
 		logic_hash = "2b93ef42c277fd8415cf89bf1bef3e841c56a2b4aa1507d99b84cd8adc9a0644"
 		score = 75
@@ -366746,8 +367299,8 @@ rule SIGNATURE_BASE_Chinachopper_Temp_2 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L346-L359"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L346-L359"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "604a4c07161ce1cd54aed5566e5720161b59deee"
 		logic_hash = "1b6d840797afcdbf7c72836557dbd486780c760471e79133810346c301cca80b"
 		score = 75
@@ -366770,8 +367323,8 @@ rule SIGNATURE_BASE_Templatr : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L361-L374"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L361-L374"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "759df470103d36a12c7d8cf4883b0c58fe98156b"
 		logic_hash = "80d207ee47c0c602ddd281e0e187b83cdb4f1385f4b46ad2a4f5630b8f9e96a1"
 		score = 75
@@ -366794,8 +367347,8 @@ rule SIGNATURE_BASE_Reduhservers_Reduh_3 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L376-L392"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L376-L392"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0744f64c24bf4c0bef54651f7c88a63e452b3b2d"
 		logic_hash = "5a3bc023e0e8a5ccc8ee8e1b5e7ee0fca64e3f92b72d0aad15b25c82a23da487"
 		score = 75
@@ -366821,8 +367374,8 @@ rule SIGNATURE_BASE_Chinachopper_Temp_3 : FILE
 		date = "2015-06-13"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L394-L408"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L394-L408"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c5ecb8bc1d7f0e716b06107b5bd275008acaf7b7"
 		logic_hash = "6a0d7817607362f325957e30cace24d32635b7e0411e161588ee573118f91b6a"
 		score = 75
@@ -366846,8 +367399,8 @@ rule SIGNATURE_BASE_Shell_Asp : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L410-L425"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L410-L425"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5e0bc914ac287aa1418f6554ddbe0ce25f2b5f20"
 		logic_hash = "47c5c242713446471d5da4d9245b99561c26ad7fa016059076a6f0acab542c3c"
 		score = 75
@@ -366872,8 +367425,8 @@ rule SIGNATURE_BASE_Txt_Aspxtag : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L428-L443"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L428-L443"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "42cb272c02dbd49856816d903833d423d3759948"
 		logic_hash = "6ffeee18945cab96673e4b9efc143017d168be12b794fa26aa4a304f15ae8e13"
 		score = 75
@@ -366898,8 +367451,8 @@ rule SIGNATURE_BASE_Txt_Php : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L445-L461"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L445-L461"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "eaa1af4b898f44fc954b485d33ce1d92790858d0"
 		logic_hash = "ace26e7c0dca285febf6b9192cbe59cc7e55e80f2f4e1a99aba25afcbeadeec1"
 		score = 75
@@ -366925,8 +367478,8 @@ rule SIGNATURE_BASE_Txt_Aspx1 : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L463-L477"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L463-L477"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c5ecb8bc1d7f0e716b06107b5bd275008acaf7b7"
 		logic_hash = "20bdadd6c8b61ab14f6280f55a90f541bf65c33675f979ebe489cc3967438e15"
 		score = 75
@@ -366950,8 +367503,8 @@ rule SIGNATURE_BASE_Txt_Shell : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L479-L496"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L479-L496"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "8342b634636ef8b3235db0600a63cc0ce1c06b62"
 		logic_hash = "020e9e6ef776a9d69939fa3dec771dc516b0184086738bab439063acca89bd76"
 		score = 75
@@ -366978,8 +367531,8 @@ rule SIGNATURE_BASE_Txt_Asp : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L498-L512"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L498-L512"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a63549f749f4d9d0861825764e042e299e06a705"
 		logic_hash = "9eab239310fbebe8c88cbf8d0ee4123b8f3e2ebe601949e1e984e9cfde9869e7"
 		score = 75
@@ -367003,8 +367556,8 @@ rule SIGNATURE_BASE_Txt_Asp1 : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L514-L530"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L514-L530"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "95934d05f0884e09911ea9905c74690ace1ef653"
 		logic_hash = "77a4409b852d24228b0e1701f1ccc2abe3930c2c7240a43796b23042e706d9bf"
 		score = 75
@@ -367030,8 +367583,8 @@ rule SIGNATURE_BASE_Txt_Php_2 : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L532-L552"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L532-L552"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "a7d5fcbd39071e0915c4ad914d31e00c7127bcfc"
 		logic_hash = "c08f62c3d468c2ebacd10fff6aa0c63bd303d627d487c070a9d22419bf6906cd"
 		score = 75
@@ -367061,8 +367614,8 @@ rule SIGNATURE_BASE_Txt_Ftp : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L554-L573"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L554-L573"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3495e6bcb5484e678ce4bae0bd1a420b7eb6ad1d"
 		logic_hash = "02eae9b19274ab7b816d7c336017af8f0fdd5273664eb37be92be12661f3ef1f"
 		score = 75
@@ -367091,8 +367644,8 @@ rule SIGNATURE_BASE_Txt_Lcx : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L575-L592"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L575-L592"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ddb3b6a5c5c22692de539ccb796ede214862befe"
 		logic_hash = "48121824d3173b77b54b52dc60d3422a904ada46a6ebb20bb585086911cd8360"
 		score = 75
@@ -367119,8 +367672,8 @@ rule SIGNATURE_BASE_Txt_Jspcmd : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L594-L608"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L594-L608"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1d4e789031b15adde89a4628afc759859e53e353"
 		logic_hash = "d2cbf753fbd9e261234e6beb6f79aecb407a368704ae09d907d128d04c242053"
 		score = 75
@@ -367144,8 +367697,8 @@ rule SIGNATURE_BASE_Txt_Jsp : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L610-L626"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L610-L626"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "74518faf08637c53095697071db09d34dbe8d676"
 		logic_hash = "039b145031cf1127cb1b2aeda063d578d9eb151559232d7e6049965111df1e28"
 		score = 75
@@ -367171,8 +367724,8 @@ rule SIGNATURE_BASE_Txt_Aspxlcx : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L628-L644"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L628-L644"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "453dd3160db17d0d762e032818a5a10baf234e03"
 		logic_hash = "a6e41e6882e74b0dd55ec4afbf6f8708e28267657e304c97d1304266fe1fbc93"
 		score = 75
@@ -367198,8 +367751,8 @@ rule SIGNATURE_BASE_Txt_Xiao : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L646-L663"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L646-L663"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b3b98fb57f5f5ccdc42e746e32950834807903b7"
 		logic_hash = "e99c307482148e4d0eb660281fa70f2dcece200ac8aed032bbef41e421d2a155"
 		score = 75
@@ -367226,8 +367779,8 @@ rule SIGNATURE_BASE_Txt_Aspx : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L665-L681"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L665-L681"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "ce24e277746c317d887139a0d71dd250bfb0ed58"
 		logic_hash = "43c386bfa88db77801b0494d6a5e4406688f957ffedeb4d2ecdd244549dec708"
 		score = 75
@@ -367253,8 +367806,8 @@ rule SIGNATURE_BASE_Txt_Sql : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L683-L699"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L683-L699"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "f7813f1dfa4eec9a90886c80b88aa38e2adc25d5"
 		logic_hash = "0712b6736d8bdc1f19b3494dc3aab9e9a04dde167b5f843e319755cd311e29bd"
 		score = 75
@@ -367280,8 +367833,8 @@ rule SIGNATURE_BASE_Txt_Hello : FILE
 		date = "2015-06-14"
 		modified = "2023-12-05"
 		reference = "http://tools.zjqhr.com/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_cn_webshells.yar#L701-L717"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_cn_webshells.yar#L701-L717"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "697a9ebcea6a22a16ce1a51437fcb4e1a1d7f079"
 		logic_hash = "823a0a74b07c8f4821247b3cf0450069a9888d44ccd87144330da88594f260c0"
 		score = 75
@@ -367307,8 +367860,8 @@ rule SIGNATURE_BASE_EXPL_RAR_Archive_With_Path_Traversal_Aug25 : CVE_2025_8088 C
 		date = "2025-08-11"
 		modified = "2025-08-11"
 		reference = "https://www.welivesecurity.com/en/eset-research/update-winrar-tools-now-romcom-and-others-exploiting-zero-day-vulnerability/#the-discovery-of-cve-2025-8088"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_rar_archive_with_path_traversal_aug25.yar#L1-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_rar_archive_with_path_traversal_aug25.yar#L1-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2a8fafa01f6d3863c87f20905736ebab28d6a5753ab708760c0b6cf3970828c3"
 		hash = "dfab2f25c9d870f30bbc4abb873d155cf4904ece536714fb9cd32b2e0126dfab"
 		hash = "107f3d1fe28b67397d21a6acca5b6b35def1aeb62a67bc10109bd73d567f9806"
@@ -367334,8 +367887,8 @@ rule SIGNATURE_BASE_Xdedic_Sysscan_Unpacked : CRIMEWARE FILE
 		date = "2016-03-14"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/75027/xdedic-the-shady-world-of-hacked-servers-for-sale/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sysscan.yar#L1-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sysscan.yar#L1-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "df0834e89c512721547001c910c1461f028a46e954dd51017d4e8bde7893d04a"
 		score = 75
 		quality = 85
@@ -367370,8 +367923,8 @@ rule SIGNATURE_BASE_Xdedic_Packed_Syscan : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sysscan.yar#L29-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sysscan.yar#L29-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "04eb5b056e892b2c2cf87e3770847226cccaceb1c743f3b9f8ac548026747ccf"
 		score = 75
 		quality = 83
@@ -367394,8 +367947,8 @@ rule SIGNATURE_BASE_EXPL_CVE_2021_40444_Document_Rels_XML : CVE_2021_40444 FILE
 		date = "2021-09-10"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/AlteredBytes/status/1435811407249952772"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cve_2021_40444.yar#L6-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cve_2021_40444.yar#L6-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b05c3b33c3cab2c9109d808ed197758bc987f07beee77e1f61094715e0c1a1e7"
 		score = 75
 		quality = 85
@@ -367420,8 +367973,8 @@ rule SIGNATURE_BASE_EXPL_MAL_Maldoc_OBFUSCT_MHTML_Sep21_1 : CVE_2021_40444 FILE
 		date = "2021-09-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/decalage2/status/1438946225190014984?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cve_2021_40444.yar#L27-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cve_2021_40444.yar#L27-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "84674acffba5101c8ac518019a9afe2a78a675ef3525a44dceddeed8a0092c69"
 		logic_hash = "11a73572970d2d85d308330119a2c5243f2848ae78a861decdb0cdbde0d9d1c2"
 		score = 90
@@ -367444,13 +367997,13 @@ rule SIGNATURE_BASE_EXPL_XML_Encoded_CVE_2021_40444 : CVE_2021_40444 FILE
 		date = "2021-09-18"
 		modified = "2021-09-19"
 		reference = "https://twitter.com/sudosev/status/1439205606129377282"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cve_2021_40444.yar#L44-L61"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cve_2021_40444.yar#L44-L61"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "13de9f39b1ad232e704b5e0b5051800fcd844e9f661185ace8287a23e9b3868e"
 		hash = "84674acffba5101c8ac518019a9afe2a78a675ef3525a44dceddeed8a0092c69"
 		logic_hash = "feaeadd8e7e262f191ea0c2f85377531208262e5ac19d6706703e62cf8b4ec90"
 		score = 70
-		quality = 60
+		quality = 85
 		tags = "CVE-2021-40444, FILE"
 
 	strings:
@@ -367470,8 +368023,8 @@ rule SIGNATURE_BASE_SUSP_OBFUSC_Indiators_XML_Officedoc_Sep21_1 : WINDOWS CVE FI
 		date = "2021-09-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/sudosev/status/1439205606129377282"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cve_2021_40444.yar#L64-L81"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cve_2021_40444.yar#L64-L81"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "13de9f39b1ad232e704b5e0b5051800fcd844e9f661185ace8287a23e9b3868e"
 		hash = "84674acffba5101c8ac518019a9afe2a78a675ef3525a44dceddeed8a0092c69"
 		logic_hash = "fc8f0dd02460ab8f8cc6717c66eba51e6ed74881a48e92fd0bf978467dfb40e3"
@@ -367496,8 +368049,8 @@ rule SIGNATURE_BASE_SUSP_OBFUSC_Indiators_XML_Officedoc_Sep21_2 : WINDOWS CVE FI
 		date = "2021-09-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/sudosev/status/1439205606129377282"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cve_2021_40444.yar#L83-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cve_2021_40444.yar#L83-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "82c70e0f0b72a57302e5853cc53ae18dbb0bc8dabdfd27b473a7664b2fc5e874"
 		score = 65
 		quality = 85
@@ -367521,8 +368074,8 @@ rule SIGNATURE_BASE_MAL_ELF_Vpnfilter_1 : FILE
 		date = "2018-05-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_vpnfilter.yar#L11-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_vpnfilter.yar#L11-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aff7b1f3d4afaf883c2702287ef7d6e13e01e80222ba336978d13deb21a93614"
 		score = 75
 		quality = 85
@@ -367552,8 +368105,8 @@ rule SIGNATURE_BASE_MAL_ELF_Vpnfilter_2 : FILE
 		date = "2018-05-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_vpnfilter.yar#L33-L48"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_vpnfilter.yar#L33-L48"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "238ec4575fd8adbfa592e07b601313c71a08be8c776e78469aef8ad02e411798"
 		score = 75
 		quality = 85
@@ -367578,8 +368131,8 @@ rule SIGNATURE_BASE_MAL_ELF_Vpnfilter_3 : FILE
 		date = "2018-05-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_vpnfilter.yar#L50-L78"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_vpnfilter.yar#L50-L78"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "71152b57f2d6040608febf32441e1899fdf2479335c26c1143ea58759e6d9094"
 		score = 75
 		quality = 85
@@ -367615,8 +368168,8 @@ rule SIGNATURE_BASE_SUSP_ELF_Tor_Client : FILE
 		date = "2018-05-24"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_vpnfilter.yar#L80-L95"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_vpnfilter.yar#L80-L95"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2b67b32c5b8441c9b38e3bfeefa7f59c2767e29985adcba7d52e858847d37e47"
 		score = 65
 		quality = 85
@@ -367641,8 +368194,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Turla_Apr202004_1 : FILE
 		date = "2020-04-24"
 		modified = "2023-12-05"
 		reference = "https://www.leonardocompany.com/en/news-and-stories-detail/-/detail/knowledge-the-basis-of-protection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_penquin.yar#L2-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_penquin.yar#L2-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1e07963c492f1e6264f01ee292e40b188ca325b76005d9d48e6dc198cb9bdcf4"
 		score = 75
 		quality = 85
@@ -367681,8 +368234,8 @@ rule SIGNATURE_BASE_APT_MAL_LNX_Turla_Apr202004_1_Opcode : FILE
 		date = "2020-04-24"
 		modified = "2023-12-05"
 		reference = "https://www.leonardocompany.com/en/news-and-stories-detail/-/detail/knowledge-the-basis-of-protection"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_turla_penquin.yar#L35-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_turla_penquin.yar#L35-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "19524e6ec3b0d49ff9c85ce361ef1922b92e4f7876ddb7d6c9b209b5357080e3"
 		score = 75
 		quality = 85
@@ -367719,8 +368272,8 @@ rule SIGNATURE_BASE_Ghostdragon_Gh0Strat : FILE
 		date = "2016-04-23"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/the-ghost-dragon"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ghostdragon_gh0st_rat.yar#L8-L52"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ghostdragon_gh0st_rat.yar#L8-L52"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b67c7ff76c14e771c4e952a408c2c006c9ae88fda97b775747a95322aff355e7"
 		score = 75
 		quality = 83
@@ -367768,8 +368321,8 @@ rule SIGNATURE_BASE_Ghostdragon_Gh0Strat_Sample2 : FILE
 		date = "2016-04-23"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/the-ghost-dragon"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ghostdragon_gh0st_rat.yar#L54-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ghostdragon_gh0st_rat.yar#L54-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f41776a033be766844c9867902d2ef9b79bf59bdf212f0158eccf79db0810460"
 		score = 75
 		quality = 85
@@ -367795,8 +368348,8 @@ rule SIGNATURE_BASE_Ghostdragon_Gh0Strat_Sample3
 		date = "2016-04-23"
 		modified = "2023-12-05"
 		reference = "https://blog.cylance.com/the-ghost-dragon"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ghostdragon_gh0st_rat.yar#L77-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ghostdragon_gh0st_rat.yar#L77-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "39ddb94ac14032f88e54e413ed650277e95f6dcf66219fcf43a01aff1f10a058"
 		score = 75
 		quality = 85
@@ -367821,8 +368374,8 @@ rule SIGNATURE_BASE_MAL_Gozicrypter_Dec20_1 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "YaraExchange"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_gozi_crypter.yar#L2-L13"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_gozi_crypter.yar#L2-L13"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "51fdfbb59b8f52cc2ff89d994c0f89d2c2895c346b098879c68b4ccb880783c1"
 		score = 70
 		quality = 85
@@ -367843,8 +368396,8 @@ rule SIGNATURE_BASE_TA17_318A_Rc4_Stack_Key_Fallchill : FILE
 		date = "2017-11-15"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-318B"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_318A.yar#L10-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_318A.yar#L10-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f284cb492ff5242d7bf577580fd95723ef7d3f109c7217a26bbefbbff7150255"
 		score = 75
 		quality = 85
@@ -367865,8 +368418,8 @@ rule SIGNATURE_BASE_TA17_318A_Success_Fail_Codes_Fallchill : FILE
 		date = "2017-11-15"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-318B"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_318A.yar#L23-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_318A.yar#L23-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "73f6b36554d83f7708e9468602e529c4865269d362ebeebf6b355ccf7c2a8686"
 		score = 75
 		quality = 85
@@ -367891,8 +368444,8 @@ rule SIGNATURE_BASE_Hiddencobra_Fallchill_1 : FILE
 		date = "2017-11-15"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-318A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_318A.yar#L51-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_318A.yar#L51-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8e6215a81272ea457318dd83eff9e1902c5e1d1a124ff674b145f2dc5e4a3711"
 		score = 75
 		quality = 85
@@ -367924,8 +368477,8 @@ rule SIGNATURE_BASE_Hiddencobra_Fallchill_2 : FILE
 		date = "2017-11-15"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-318A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ta17_318A.yar#L79-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ta17_318A.yar#L79-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ab421bea251ed3fda4304cd180e5c31f7ae55d3d8b26d6cf5f1cf11bacee9b8d"
 		score = 75
 		quality = 85
@@ -367950,8 +368503,8 @@ rule SIGNATURE_BASE_Sedll_Javascript_Decryptor : FILE
 		date = "2017-10-18"
 		modified = "2023-01-07"
 		reference = "https://goo.gl/MZ7dRg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_leviathan.yar#L11-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_leviathan.yar#L11-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "26ef61d8bb1764dddd951526902fb510fbacc8b808fe99ddee1956dc8b59bd1d"
 		score = 75
 		quality = 85
@@ -367979,8 +368532,8 @@ rule SIGNATURE_BASE_Leviathan_Cobaltstrike_Sample_1 : FILE
 		date = "2017-10-18"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/MZ7dRg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_leviathan.yar#L33-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_leviathan.yar#L33-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9ebc8c2f8ddba302e0fbde69e27986236053a3d31c50cf3a2f979a9ebb90907f"
 		score = 75
 		quality = 85
@@ -368011,8 +368564,8 @@ rule SIGNATURE_BASE_Mockdll_Gen : FILE
 		date = "2017-10-18"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/MZ7dRg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_leviathan.yar#L57-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_leviathan.yar#L57-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cbe7b816199d251bfdc751f46bd95da6f0447ebd56f564619d24eb08bbd4a2c7"
 		score = 75
 		quality = 85
@@ -368039,8 +368592,8 @@ rule SIGNATURE_BASE_Vbscript_Favicon_File : FILE
 		date = "2017-10-18"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/MZ7dRg"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_leviathan.yar#L77-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_leviathan.yar#L77-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5b89ea916adf6864c8b1cb7cd7ee6d74ea47bf17a0b03cc513046f8d260ae376"
 		score = 75
 		quality = 85
@@ -368067,8 +368620,8 @@ rule SIGNATURE_BASE_APT_Greyenergy_Malware_Oct18_1 : FILE
 		date = "2018-10-17"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_greyenergy.yar#L12-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_greyenergy.yar#L12-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0cbdc156b7080608c1071feeb4826a70bb259c55139d74d019465c4bb5244260"
 		score = 75
 		quality = 85
@@ -368093,8 +368646,8 @@ rule SIGNATURE_BASE_APT_Greyenergy_Malware_Oct18_2 : FILE
 		date = "2018-10-17"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_greyenergy.yar#L31-L44"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_greyenergy.yar#L31-L44"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "600bc5b423ef3281bfc7ad7ab479aa1208b0144b0f4afd8c2d14f17b5e2c600b"
 		score = 75
 		quality = 85
@@ -368117,8 +368670,8 @@ rule SIGNATURE_BASE_APT_Greyenergy_Malware_Oct18_3 : FILE
 		date = "2018-10-17"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_greyenergy.yar#L46-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_greyenergy.yar#L46-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f4851f5381a4d8dea488d50ff11048052826c51428f8610bc5d3480ed254d32f"
 		score = 75
 		quality = 85
@@ -368143,8 +368696,8 @@ rule SIGNATURE_BASE_APT_Greyenergy_Malware_Oct18_4 : FILE
 		date = "2018-10-17"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_greyenergy.yar#L62-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_greyenergy.yar#L62-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c845be8b56dc9aa9f0eaec2a67c4baef9c9b4fd1789e96cd781e3876721b1297"
 		score = 75
 		quality = 85
@@ -368171,8 +368724,8 @@ rule SIGNATURE_BASE_APT_Greyenergy_Malware_Oct18_5 : FILE
 		date = "2018-10-17"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2018/10/17/greyenergy-updated-arsenal-dangerous-threat-actors/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_greyenergy.yar#L84-L97"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_greyenergy.yar#L84-L97"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3ced67c514d54324b41a4a4a92c1d3138e75380f3129b39ae92c1895c267acb2"
 		score = 75
 		quality = 85
@@ -368195,8 +368748,8 @@ rule SIGNATURE_BASE_Unspecified_Malware_Jul17_2C : FILE
 		date = "2017-07-18"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/CX3KaY"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_unspecified_malware.yar#L3-L26"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_unspecified_malware.yar#L3-L26"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a078b96ea15b287c8aed960741865aeac356ec8650eac71b8e28f2f1924ec956"
 		score = 75
 		quality = 85
@@ -368227,8 +368780,8 @@ rule SIGNATURE_BASE_APT_MAL_Maldoc_Cloudatlas_Oct20_1 : FILE
 		date = "2020-10-13"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/jfslowik/status/1316050637092651009"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cloudatlas.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cloudatlas.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "772bdd8ec89edf2054e675e9ecb321a7bfe0307a7086a4e5b65f8d8b8cf80ecc"
 		score = 75
 		quality = 85
@@ -368250,8 +368803,8 @@ rule SIGNATURE_BASE_APT_MAL_URL_Cloudatlas_Oct20_2 : FILE
 		date = "2020-10-13"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/jfslowik/status/1316050637092651009"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_cloudatlas.yar#L18-L37"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_cloudatlas.yar#L18-L37"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8bb60c262a34babbe8839f5d39d1c972eeb41ea77eaae02cc877d908c7033f13"
 		score = 75
 		quality = 85
@@ -368276,8 +368829,8 @@ rule SIGNATURE_BASE_BKDR_Xzutil_Script_CVE_2024_3094_Mar24_1 : CVE_2024_3094
 		date = "2024-03-30"
 		modified = "2024-04-24"
 		reference = "https://www.openwall.com/lists/oss-security/2024/03/29/4"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/bkdr_xz_util_cve_2024_3094.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/bkdr_xz_util_cve_2024_3094.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d44d0425769fa2e0b6875e5ca25d45b251bbe98870c6b9bef34f7cea9f84c9c3"
 		logic_hash = "8d3f5f078a5c827208e04acb7ac1496f473e1236f92561f94d2a3c8156c68ea6"
 		score = 80
@@ -368301,8 +368854,8 @@ rule SIGNATURE_BASE_BKDR_Xzutil_Binary_CVE_2024_3094_Mar24_1 : CVE_2024_3094 FIL
 		date = "2024-03-30"
 		modified = "2024-04-24"
 		reference = "https://www.openwall.com/lists/oss-security/2024/03/29/4"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/bkdr_xz_util_cve_2024_3094.yar#L19-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/bkdr_xz_util_cve_2024_3094.yar#L19-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ed364484ff598b0818f9b3249673e684b52394c25b14e47fbca25a5f96ecc970"
 		score = 75
 		quality = 85
@@ -368332,8 +368885,8 @@ rule SIGNATURE_BASE_BKDR_Xzutil_Killswitch_CVE_2024_3094_Mar24_1 : CVE_2024_3094
 		date = "2024-03-30"
 		modified = "2024-04-24"
 		reference = "https://gist.github.com/q3k/af3d93b6a1f399de28fe194add452d01?permalink_comment_id=5006558#gistcomment-5006558"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/bkdr_xz_util_cve_2024_3094.yar#L48-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/bkdr_xz_util_cve_2024_3094.yar#L48-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b2024d4b8346c4f74524bb7f3c6b2850684c19471a00e6fa60fff1c41e4a86b6"
 		score = 85
 		quality = 85
@@ -368354,8 +368907,8 @@ rule SIGNATURE_BASE_SUSP_OBFUSC_SH_Indicators_Mar24_1 : FILE
 		date = "2024-04-06"
 		modified = "2024-04-24"
 		reference = "https://www.openwall.com/lists/oss-security/2024/03/29/4/1"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/bkdr_xz_util_cve_2024_3094.yar#L62-L75"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/bkdr_xz_util_cve_2024_3094.yar#L62-L75"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b5abf8184e0b1b18ccc513e00e9db241b4983923ae97f495396d73f0fb162192"
 		score = 60
 		quality = 85
@@ -368376,8 +368929,8 @@ rule SIGNATURE_BASE_Scarcruft_Malware_Feb18_1 : FILE
 		date = "2018-02-03"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/craiu/status/959477129795731458"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_scarcruft.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_scarcruft.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa1ed130518a2096bd731dce917512d560160e271ad8f0ccd57fbedd478a5502"
 		score = 90
 		quality = 85
@@ -368399,8 +368952,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_LIBCUE_CVE_2023_43641_Oct23_1 : CVE_2023_43641 FIL
 		date = "2023-10-27"
 		modified = "2023-12-05"
 		reference = "https://github.com/github/securitylab/blob/main/SecurityExploits/libcue/track_set_index_CVE-2023-43641/README.md"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_libcue_cve_2023_43641.yar#L2-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_libcue_cve_2023_43641.yar#L2-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a2cd3c1b0b3551ffb24bf7704c37c1be6c1a9655c74447d2f7f94540dd0ab188"
 		score = 70
 		quality = 85
@@ -368423,8 +368976,8 @@ rule SIGNATURE_BASE_Crime_Win64_Backdoor_Bazarbackdoor1 : FILE
 		date = "2020-04-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/pancak3lullz/status/1252303608747565057"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_bazarbackdoor.yar#L1-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_bazarbackdoor.yar#L1-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "becb6ebc3a1be061b4f602cc188b172f59bfb6342605af68d8b38009d589f57e"
 		score = 75
 		quality = 85
@@ -368448,8 +369001,8 @@ rule SIGNATURE_BASE_Crime_Win32_Ransom_Maze_Dll_1 : FILE
 		date = "2020-04-18"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/VK_Intel/status/1251388507219726338"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_maze_ransomware.yar#L1-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_maze_ransomware.yar#L1-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5b76636c05141687fa5cc507ac67d6a5d1f6c89166fd302e94fe61b412451159"
 		score = 75
 		quality = 85
@@ -368474,8 +369027,8 @@ rule SIGNATURE_BASE_Wannacry_Ransomware : FILE
 		date = "2017-05-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HG2j5T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_wannacry.yar#L12-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_wannacry.yar#L12-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a652444d7946dbbc4fae76cd01f2e20993999fd1e6fc48a9ac0da57aab87a2da"
 		score = 75
 		quality = 83
@@ -368517,8 +369070,8 @@ rule SIGNATURE_BASE_Wannacry_Ransomware_Gen : FILE
 		date = "2017-05-12"
 		modified = "2023-12-05"
 		reference = "https://www.us-cert.gov/ncas/alerts/TA17-132A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_wannacry.yar#L48-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_wannacry.yar#L48-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8f81c918dc1e2c8ef2e334ae504f88b10aef9e54a64486061d45296d2d738aab"
 		score = 75
 		quality = 85
@@ -368546,8 +369099,8 @@ rule SIGNATURE_BASE_Wanncry_M_Vbs : FILE
 		date = "2017-05-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HG2j5T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_wannacry.yar#L68-L83"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_wannacry.yar#L68-L83"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e4606834535b4cad2e0d4a9bf6519fc4d749422fa4920f91fed9147ccfdff090"
 		score = 75
 		quality = 85
@@ -368572,8 +369125,8 @@ rule SIGNATURE_BASE_Wanncry_BAT : FILE
 		date = "2017-05-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HG2j5T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_wannacry.yar#L85-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_wannacry.yar#L85-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "472c6aa0f1b5229d639ef347ea39947d3fd292cda3c4086e29a19b64daad4f3f"
 		score = 75
 		quality = 85
@@ -368599,8 +369152,8 @@ rule SIGNATURE_BASE_Wannacry_Ransomnote : FILE
 		date = "2017-05-12"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/HG2j5T"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_wannacry.yar#L103-L117"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_wannacry.yar#L103-L117"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "da814848f4616166bd7b92fa1d55a54b565fa8e6036cb895e5795448e989a99d"
 		score = 75
 		quality = 85
@@ -368624,8 +369177,8 @@ rule SIGNATURE_BASE_APT_Lazaruswannacry : FILE
 		date = "2017-05-15"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/neelmehta/status/864164081116225536"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_wannacry.yar#L121-L147"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_wannacry.yar#L121-L147"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "9c7c7149387a1c79679a87dd1ba755bc"
 		hash = "ac21c8ad899727137c4b94458d7aa8d8"
 		logic_hash = "8b32f1ea45a346088a18761540df3387997b53ea853f7a53cd292c9224f11209"
@@ -368661,8 +369214,8 @@ rule SIGNATURE_BASE_SUSP_Nullsoftinst_Combo_Oct20_1 : FILE
 		date = "2020-10-06"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/malwrhunterteam/status/1313023627177193472"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_anomalies_keyword_combos.yar#L2-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_anomalies_keyword_combos.yar#L2-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8aef24295281da5ffa1c6f865eaa6cc8d60ea1df670058220bdb97651b6114cd"
 		score = 65
 		quality = 85
@@ -368698,8 +369251,8 @@ rule SIGNATURE_BASE_MAL_Ransomware_Wadhrama : FILE
 		date = "2019-04-07"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_mal_ransom_wadharma.yar#L3-L13"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_mal_ransom_wadharma.yar#L3-L13"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5d78837ed7cb8914be0990859751cf64603ee5a5ad135541c60c6ae145046412"
 		score = 75
 		quality = 85
@@ -368718,8 +369271,8 @@ rule SIGNATURE_BASE_PUP_Installrex_Antifwb : FILE
 		date = "2015-05-13"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_antifw_installrex.yar#L2-L19"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_antifw_installrex.yar#L2-L19"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bb5607cd2ee51f039f60e32cf7edc4e21a2d95cd"
 		logic_hash = "04f25497ee9a9af20179b81679d993315d6bb3d7bf7d8e9cbb01374395019610"
 		score = 55
@@ -368747,8 +369300,8 @@ rule SIGNATURE_BASE_MAL_WIPER_Isaacwiper_Mar22_1 : FILE
 		date = "2022-03-03"
 		modified = "2023-12-05"
 		reference = "https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ua_isaacwiper.yar#L3-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ua_isaacwiper.yar#L3-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6fe7d1536db5fc30c9b4a171be66993fc69e6a1d96dae00be4170bdb4a53afb8"
 		score = 85
 		quality = 85
@@ -368778,8 +369331,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_1 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L13-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L13-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d8ed432fea930eb9b4d695a4a68b833f4324fe0bbea3f0ccac2fe5934bfa1c22"
 		score = 75
 		quality = 85
@@ -368803,8 +369356,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_2 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L33-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L33-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0c298176e5849b2b202089f27cffb7646243d19a90898bbf079a97d2f624a27e"
 		score = 75
 		quality = 85
@@ -368829,8 +369382,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_3 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L53-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L53-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ad39864eec58b1c655bd3d510faa314702d118cee845da55d189e7252174eafb"
 		score = 75
 		quality = 85
@@ -368854,8 +369407,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_4 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L68-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L68-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1889ce1101ebb352c33279d40641f1f2312c45c6f7e267f4912a9faf320e5971"
 		score = 75
 		quality = 85
@@ -368891,8 +369444,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_6 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L101-L115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L101-L115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ee671bc09cc0c84c9817ed800f1416a75f18a70fd2cf6a7e9f063fffa01fa003"
 		score = 75
 		quality = 85
@@ -368917,8 +369470,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_7 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L117-L130"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L117-L130"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "115774c17003408a04e4b2678f32392b5439b55f3d4688476f6f877520acf75d"
 		score = 75
 		quality = 85
@@ -368940,8 +369493,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_8 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L132-L145"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L132-L145"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1a42667463ff006b155c93b8986ab75441ba00d0c3c146c2d4c6929250627d8d"
 		score = 75
 		quality = 85
@@ -368964,8 +369517,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_10 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L147-L163"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L147-L163"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "14d0ab1114c168d7222a49e68ba12718b6285969e667b95be665d59b1fc98358"
 		score = 75
 		quality = 85
@@ -368990,8 +369543,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_11 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L165-L178"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L165-L178"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "847681b3e9d4fc38c483663f5a7e16e7f8f95cfa77728d7316edbe6fbf5fe2c1"
 		score = 75
 		quality = 85
@@ -369015,8 +369568,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_12 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L180-L201"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L180-L201"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "31798a39d10bfa4520d91e1f555302e9ac4e38d90f8bc27376a5e7e1ccfcc5e1"
 		score = 75
 		quality = 85
@@ -369045,8 +369598,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_13 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L203-L215"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L203-L215"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8cc611685a822e0484146a08f4ebc2fa8dd260dc8627929333060696d8dc35ce"
 		score = 75
 		quality = 85
@@ -369067,8 +369620,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_14 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L217-L231"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L217-L231"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "37515683804e9aa076a588048713b420501b2aaf6b8617501ef550484abd1c03"
 		score = 75
 		quality = 85
@@ -369092,8 +369645,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_15 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L233-L248"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L233-L248"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8541231fe1e48d7130aed64eee964f8eda6792b5dd3e708b98e9cc6f1f620cd0"
 		score = 75
 		quality = 85
@@ -369117,8 +369670,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_16 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L250-L263"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L250-L263"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2d0ee163e7f6f04bfe6941575d0916e18ce2e5c2426e0af326c9567560df3122"
 		score = 75
 		quality = 85
@@ -369141,8 +369694,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_17 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L265-L284"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L265-L284"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ca1dc3a03926af15527d2cb95c87457c285891d42a0aa642f49414153bcfc39e"
 		score = 75
 		quality = 85
@@ -369172,8 +369725,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_18 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L286-L313"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L286-L313"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8ec1a1262874f636906186b569d231d6e3dd97ed6ef5cbddcbaf9f80cee301a0"
 		score = 75
 		quality = 85
@@ -369205,8 +369758,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_19 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L315-L332"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L315-L332"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "218c16d1b67e3e80dc7fdaf67a869e92b39744cb336e70761ac960da36c00372"
 		score = 75
 		quality = 85
@@ -369234,8 +369787,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_20 : FILE
 		date = "2018-05-04"
 		modified = "2023-01-06"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L334-L355"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L334-L355"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e2739a89451a4eba0bae345203dd4c0e26f715bb079830e36c772861fdd0f4de"
 		score = 75
 		quality = 85
@@ -369262,8 +369815,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_21 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L357-L376"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L357-L376"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4fdb162575bd108bb35e5c8ed10f7cac7539a15349218222dbb82d8eae8ad4bb"
 		score = 75
 		quality = 85
@@ -369291,8 +369844,8 @@ rule SIGNATURE_BASE_MAL_Burningumbrella_Sample_22 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L378-L395"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L378-L395"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "af2d7917f54ca365465383484b6d19a941d4801898d162a6d3afa7b7c8491a0f"
 		score = 75
 		quality = 85
@@ -369319,8 +369872,8 @@ rule SIGNATURE_BASE_MAL_Airdviper_Sample_Apr18_1 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L398-L422"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L398-L422"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cbe1f36320eb9640ffbb6495faf7e5a062c5929d022bb56cbf0ebee810ef4e94"
 		score = 75
 		quality = 85
@@ -369350,8 +369903,8 @@ rule SIGNATURE_BASE_MAL_Winnti_Sample_May18_1 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L426-L440"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L426-L440"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e235396de278120cbc4700f239c41e7f21e97ba111c07022ae505de540dda2bc"
 		score = 75
 		quality = 85
@@ -369376,8 +369929,8 @@ rule SIGNATURE_BASE_MAL_Visel_Sample_May18_1 : FILE
 		date = "2018-05-04"
 		modified = "2023-12-05"
 		reference = "https://401trg.pw/burning-umbrella/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_winnti_burning_umbrella.yar#L442-L460"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_winnti_burning_umbrella.yar#L442-L460"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3200e3224e037a116451b09ce265c1794a05406876376531ac81eb720fcb6945"
 		score = 75
 		quality = 85
@@ -369403,8 +369956,8 @@ rule SIGNATURE_BASE_APT_Donotteam_Ytyframework : APT DONOTTEAM WINDOWS FILE
 		date = "2018-08-03"
 		modified = "2023-12-05"
 		reference = "https://labs.bitdefender.com/2017/09/ehdevel-the-story-of-a-continuously-improving-advanced-threat-creation-toolkit/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_donotteam_ytyframework.yar#L3-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_donotteam_ytyframework.yar#L3-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "1e0c1b97925e1ed90562d2c68971e038d8506b354dd6c1d2bcc252d2a48bc31c"
 		logic_hash = "8e2841fd4550f12d88fb451a893f1ba41f0d3c123d9c195fe97366202376ef61"
 		score = 75
@@ -369447,8 +370000,8 @@ rule SIGNATURE_BASE_Minidionis_Readerview : FILE
 		date = "2015-07-20"
 		modified = "2023-12-05"
 		reference = "http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3950"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_minidionis.yar#L10-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_minidionis.yar#L10-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "45ae1be675f2b7b3d89aea2bde66f9f96b55b6fbf81e3783c209c7d6d4355026"
 		score = 75
 		quality = 85
@@ -369480,8 +370033,8 @@ rule SIGNATURE_BASE_Malicious_SFX1 : FILE
 		date = "2015-07-20"
 		modified = "2023-12-05"
 		reference = "http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3950"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_minidionis.yar#L39-L53"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_minidionis.yar#L39-L53"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c0675b84f5960e95962d299d4c41511bbf6f8f5f5585bdacd1ae567e904cb92f"
 		logic_hash = "fd7b4c504a52e68fe87eeb9f7066c61ddc47257ac9324a60d219c022d3affbbf"
 		score = 75
@@ -369505,8 +370058,8 @@ rule SIGNATURE_BASE_Malicious_SFX2 : FILE
 		date = "2015-07-20"
 		modified = "2023-12-05"
 		reference = "http://www.kernelmode.info/forum/viewtopic.php?f=16&t=3950"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_minidionis.yar#L55-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_minidionis.yar#L55-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "502e42dc99873c52c3ca11dd3df25aad40d2b083069e8c22dd45da887f81d14d"
 		logic_hash = "a2ed7660604ff3c9f2d0dbb454f5d168cd61d1d5e647b5c74fe24f25ebb3dbfd"
 		score = 75
@@ -369531,8 +370084,8 @@ rule SIGNATURE_BASE_Minidionis_VBS_Dropped : FILE
 		date = "2015-07-21"
 		modified = "2023-12-05"
 		reference = "https://malwr.com/analysis/ZDc4ZmIyZDI4MTVjNGY5NWI0YzE3YjIzNGFjZTcyYTY/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_minidionis.yar#L72-L89"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_minidionis.yar#L72-L89"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "97dd1ee3aca815eb655a5de9e9e8945e7ba57f458019be6e1b9acb5731fa6646"
 		logic_hash = "a24fe4cdff6dd7951af10710eb63ab1fd90ab0e43bbce4388d6687abac206da5"
 		score = 75
@@ -369559,8 +370112,8 @@ rule SIGNATURE_BASE_SUSP_LNK_Suspicious_Folders_Jan25 : FILE
 		date = "2025-01-24"
 		modified = "2025-03-20"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mixed_open_source_export.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mixed_open_source_export.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "776adb706e165389d0abdf8d6f719f6db1ec6d2f3d9d96e1c4a5f2b55e482c31"
 		score = 65
 		quality = 85
@@ -369582,8 +370135,8 @@ rule SIGNATURE_BASE_SUSP_Scheduled_Task_Java_JAR_Aug25 : FILE
 		date = "2025-08-07"
 		modified = "2025-08-08"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_soupdealer_java_aug25.yar#L1-L23"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_soupdealer_java_aug25.yar#L1-L23"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "7c5999082d9c5f3dd342ca05191311ddd1e24ba7675d1e9763fb4d962be3a933"
 		logic_hash = "fc8e72dbc6133ca27cfd35bb952c32be3a75d0485558915f9ea49fc8fd8c5719"
 		score = 60
@@ -369609,8 +370162,8 @@ rule SIGNATURE_BASE_SUSP_JAVA_Loader_Indicators_Aug25 : FILE
 		date = "2025-08-07"
 		modified = "2025-08-08"
 		reference = "https://www.malwation.com/blog/technical-analysis-of-a-stealth-java-loader-used-in-phishing-campaigns-targeting-turkiye"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_soupdealer_java_aug25.yar#L25-L43"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_soupdealer_java_aug25.yar#L25-L43"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ac610cd6d3030f49058d5e6f059b746cf3da05ca3cdc8f2be2f5f1cfec2ff665"
 		score = 70
 		quality = 85
@@ -369634,8 +370187,8 @@ rule SIGNATURE_BASE_MAL_JAVA_Loader_Final_Jar_Aug25
 		date = "2025-08-07"
 		modified = "2025-08-08"
 		reference = "https://www.malwation.com/blog/technical-analysis-of-a-stealth-java-loader-used-in-phishing-campaigns-targeting-turkiye"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_soupdealer_java_aug25.yar#L45-L60"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_soupdealer_java_aug25.yar#L45-L60"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "743e7e12afd949aacbbfcfc62b13d4e65b7011ca4301b37b71bc8032f96aff20"
 		score = 85
 		quality = 85
@@ -369660,8 +370213,8 @@ rule SIGNATURE_BASE_SUSP_JAVA_Class_Allatori_Obfuscator_Aug25 : FILE
 		date = "2025-08-07"
 		modified = "2025-08-08"
 		reference = "https://www.malwation.com/blog/technical-analysis-of-a-stealth-java-loader-used-in-phishing-campaigns-targeting-turkiye"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_soupdealer_java_aug25.yar#L62-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_soupdealer_java_aug25.yar#L62-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "981ae619526e3f90618884d133d565630320419ad4b9c75737708c864fac8365"
 		score = 50
 		quality = 85
@@ -369684,8 +370237,8 @@ rule SIGNATURE_BASE_Susp_File_Enumerator_With_Encrypted_Resource_101 : FILE
 		date = "2025-01-04"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stonedrill.yar#L12-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stonedrill.yar#L12-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "2cd0a5f1e9bcce6807e57ec8477d222a"
 		hash = "c843046e54b755ec63ccb09d0a689674"
 		logic_hash = "0a207038b3cbba88d05cd6a053fd14337ac1fbb08b2a532b542ee2bb6b881a5a"
@@ -369712,8 +370265,8 @@ rule SIGNATURE_BASE_Stonedrill_Main_Sub : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stonedrill.yar#L43-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stonedrill.yar#L43-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "794094c0cbb81f6f971e16de36d444351b17cf38a91d8210f914b80da7d9ed26"
 		score = 75
 		quality = 85
@@ -369737,8 +370290,8 @@ rule SIGNATURE_BASE_Stonedrill_BAT_1 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stonedrill.yar#L65-L80"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stonedrill.yar#L65-L80"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d7263a527cae45072082c0f2fd0abc33acb2a25b34c06becf36fbd36f0697d5c"
 		score = 75
 		quality = 85
@@ -369764,8 +370317,8 @@ rule SIGNATURE_BASE_Stonedrill_Service_Install : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stonedrill.yar#L82-L96"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stonedrill.yar#L82-L96"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "52abe90c7f87ffeace4b58f9959e5a21c475bfa7ae2c5bc2744fe5fe43ffdda8"
 		score = 75
 		quality = 85
@@ -369790,8 +370343,8 @@ rule SIGNATURE_BASE_Stonedrill_Ntssrvr32 : FILE
 		date = "2017-03-07"
 		modified = "2023-01-27"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stonedrill.yar#L98-L118"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stonedrill.yar#L98-L118"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f1122aba53f32b10bd5f43cb619aa5d668b1457f3a5ea2a68c97254ab8631faa"
 		score = 75
 		quality = 85
@@ -369819,8 +370372,8 @@ rule SIGNATURE_BASE_Stonedrill_Malware_2 : FILE
 		date = "2017-03-07"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stonedrill.yar#L120-L145"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stonedrill.yar#L120-L145"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cb1f8b24465ad8ca19dd540b1f8b63a73bc2624958bf45547b15c10583d07281"
 		score = 75
 		quality = 60
@@ -369854,8 +370407,8 @@ rule SIGNATURE_BASE_Stonedrill : FILE
 		date = "2017-03-07"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stonedrill.yar#L147-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stonedrill.yar#L147-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ef7173e259f985083d5451a2d464047b40112a084a05d471797d5dbf2d0fb21d"
 		score = 75
 		quality = 85
@@ -369886,8 +370439,8 @@ rule SIGNATURE_BASE_Stonedrill_VBS_1 : FILE
 		date = "2017-03-07"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stonedrill.yar#L172-L192"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stonedrill.yar#L172-L192"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "79416d27a6a09d544becd84f8e551c09b94c97181f8fddc481f47e42763d47ac"
 		score = 75
 		quality = 85
@@ -369916,8 +370469,8 @@ rule SIGNATURE_BASE_MAL_ELF_Xlogin_Nov24_1 : FILE
 		date = "2024-11-11"
 		modified = "2024-12-12"
 		reference = "https://blog.sekoia.io/solving-the-7777-botnet-enigma-a-cybersecurity-quest/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_xlogin_nov24.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_xlogin_nov24.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "42fe8a32022592ff976d6d2839d949e28f60c8958f64a20c1c3c9091fb64d31e"
 		score = 80
 		quality = 85
@@ -369944,8 +370497,8 @@ rule SIGNATURE_BASE_APT_MAL_Win_Bluelight_B : INKYSQUID
 		date = "2021-06-21"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt37_bluelight.yar#L12-L112"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt37_bluelight.yar#L12-L112"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a6e83ca2ae15f1a7819f065449f84166da401739d091565605d62ebba3d47a50"
 		score = 75
 		quality = 60
@@ -370042,8 +370595,8 @@ rule SIGNATURE_BASE_APT_MAL_Win_Bluelight : INKYSQUID
 		date = "2021-04-23"
 		modified = "2023-12-05"
 		reference = "https://www.volexity.com/blog/2021/08/17/north-korean-apt-inkysquid-infects-victims-using-browser-exploits/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt37_bluelight.yar#L114-L144"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt37_bluelight.yar#L114-L144"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "52589348f42aadbe453ad8a40ac36b58fcc9e07cd298486f09b6f793823d8cc7"
 		score = 75
 		quality = 85
@@ -370080,11 +370633,11 @@ rule SIGNATURE_BASE_Trojan_ISMRAT_Gen : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2017/february/ism-rat/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_ism_rat.yar#L9-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_ism_rat.yar#L9-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c4d26f79b8110e92a5e427de303eca6eaf79765a4c9cc437864dc5160ef2e343"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "FILE"
 		hash1 = "146a112cb01cd4b8e06d36304f6bdf7b"
 		hash2 = "fa3dbe37108b752c38bf5870b5862ce5"
@@ -370108,8 +370661,8 @@ rule SIGNATURE_BASE_EXPL_CVE_2021_1647_Apr21_1 : CVE_2021_1647 FILE
 		date = "2021-05-04"
 		modified = "2023-12-05"
 		reference = "https://attackerkb.com/topics/DzXZpEuBeP/cve-2021-1647-microsoft-windows-defender-zero-day-vulnerability"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_cve_2021_1647.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_cve_2021_1647.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b0e1809ba10e5ea624e1c4d2e948c928c590b40e6315def8cb1216930ead8579"
 		score = 75
 		quality = 85
@@ -370135,8 +370688,8 @@ rule SIGNATURE_BASE_Explosive_EXE : APT FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_volatile_cedar.yar#L1-L12"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_volatile_cedar.yar#L1-L12"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "77eb74586f5ef2878c0d283b925e6e066f704d00525303990cf5ea7988a6637d"
 		score = 75
 		quality = 85
@@ -370158,8 +370711,8 @@ rule SIGNATURE_BASE_Explosion_Sample_1 : FILE
 		date = "2015-04-03"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/5vYaNb"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_volatile_cedar.yar#L14-L38"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_volatile_cedar.yar#L14-L38"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c97693ecb36247bdb44ab3f12dfeae8be4d299bb"
 		logic_hash = "f559880c182cf8061d640f60f18fe607d88a1f22216d93ff1d0ece720bcc94a7"
 		score = 70
@@ -370191,8 +370744,8 @@ rule SIGNATURE_BASE_Explosion_Sample_2 : FILE
 		date = "2015-04-03"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/5vYaNb"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_volatile_cedar.yar#L40-L57"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_volatile_cedar.yar#L40-L57"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "62fe6e9e395f70dd632c70d5d154a16ff38dcd29"
 		logic_hash = "db7ead96e0a9b4cf5c5cc885eac421cc11988f60d03f94de5fe828899d115bf0"
 		score = 70
@@ -370217,8 +370770,8 @@ rule SIGNATURE_BASE_Explosion_Generic_1 : FILE
 		date = "2015-04-03"
 		modified = "2023-12-05"
 		reference = "not set"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_volatile_cedar.yar#L59-L88"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_volatile_cedar.yar#L59-L88"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8b6e1e6aa838036989040dfbf4f6f3e347a717967deef740b35d1752b5c91da5"
 		score = 70
 		quality = 85
@@ -370255,8 +370808,8 @@ rule SIGNATURE_BASE_Explosive_UA : FILE
 		date = "2015-04-03"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/HQRCdw"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_volatile_cedar.yar#L90-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_volatile_cedar.yar#L90-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9ed7fedcf9cda868803c8ace393e08709a747b909178e19cdbb1b116edbb82f9"
 		score = 60
 		quality = 85
@@ -370278,8 +370831,8 @@ rule SIGNATURE_BASE_Webshell_Caterpillar_ASPX
 		date = "2015-04-03"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/emons5"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_volatile_cedar.yar#L106-L126"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_volatile_cedar.yar#L106-L126"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9df2e4a25052136d6e622273f917bd15df410869a8cf3075c773a14ea62a2a55"
 		score = 75
 		quality = 85
@@ -370309,8 +370862,8 @@ rule SIGNATURE_BASE_Venom_Rootkit : FILE
 		date = "2017-01-12"
 		modified = "2023-12-05"
 		reference = "https://security.web.cern.ch/security/venom.shtml"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_venom_linux_rootkit.yar#L10-L32"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_venom_linux_rootkit.yar#L10-L32"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0b2211edc6737e9da3e43bec9ef823e80c6bd6463adbb10d6839e9914aed22ac"
 		score = 75
 		quality = 85
@@ -370342,8 +370895,8 @@ rule SIGNATURE_BASE_SUSP_BAT_OBFUSC_Jul24_1 : FILE
 		date = "2024-07-12"
 		modified = "2024-12-12"
 		reference = "https://x.com/0xToxin/status/1811656147943752045"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/susp_bat_obfusc_jul24.yar#L2-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/susp_bat_obfusc_jul24.yar#L2-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "683f4651eb8c5b74eca16e7f97c5c44f0d70f045ea49f1f3726cb6975aba2ab9"
 		score = 70
 		quality = 85
@@ -370364,8 +370917,8 @@ rule SIGNATURE_BASE_SUSP_BAT_OBFUSC_Jul24_2 : FILE
 		date = "2024-07-12"
 		modified = "2024-12-12"
 		reference = "https://x.com/0xToxin/status/1811656147943752045"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/susp_bat_obfusc_jul24.yar#L18-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/susp_bat_obfusc_jul24.yar#L18-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "729ec93d180bf39c146c3fd847655340428abc3231b556ca51d3ca68825e7c3e"
 		score = 70
 		quality = 85
@@ -370386,8 +370939,8 @@ rule SIGNATURE_BASE_SUSP_BAT_OBFUSC_Jul24_3 : FILE
 		date = "2024-07-12"
 		modified = "2024-12-12"
 		reference = "https://x.com/0xToxin/status/1811656147943752045"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/susp_bat_obfusc_jul24.yar#L37-L54"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/susp_bat_obfusc_jul24.yar#L37-L54"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ecbe7850349f0368620ff4294e5d0ca277983799eed510f8bf8abe4d4c192197"
 		score = 70
 		quality = 85
@@ -370409,8 +370962,8 @@ rule SIGNATURE_BASE_Upatre_Hazgurut : FILE
 		date = "2015-10-13"
 		modified = "2023-12-05"
 		reference = "https://weankor.vxstream-sandbox.com/sample/6b857ef314938d37997c178ea50687a281d8ff9925f0c4e70940754643e2c0e3?environmentId=7"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_upatre_oct15.yar#L8-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_upatre_oct15.yar#L8-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "41dd2f615d1c75ef81073d26bfbdb4f5c6735d9a3ff6d543ca77d6e16fe7eb5b"
 		score = 70
 		quality = 85
@@ -370453,8 +371006,8 @@ rule SIGNATURE_BASE_Irontiger_Aspxspy : HIGHVOL
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L1-L13"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L1-L13"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6b5830d3fd6aa346b27788cd4abd581b4724fecc4e880b14dd7b1dd27ef1eea3"
 		score = 75
 		quality = 85
@@ -370476,8 +371029,8 @@ rule SIGNATURE_BASE_Irontiger_Changeport_Toolkit_Driversinstall : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L15-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L15-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2ae32596da4f98a0ec2556c2cd87fc7a0f85c37ce96c7163664f2e8cc3ec498d"
 		score = 75
 		quality = 85
@@ -370501,8 +371054,8 @@ rule SIGNATURE_BASE_Irontiger_Changeport_Toolkit_Changeportexe : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L31-L46"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L31-L46"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b5a5a1cff372d97bfa281d297b6230279cd1526c5df636efe4dec3aa3d923edf"
 		score = 75
 		quality = 85
@@ -370527,8 +371080,8 @@ rule SIGNATURE_BASE_Irontiger_Dllshellexc2010 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L48-L63"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L48-L63"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b75477f01627ac05013c5e4ccb1d58a6bb25bfbe83ad0cec392140d44637a028"
 		score = 75
 		quality = 85
@@ -370553,8 +371106,8 @@ rule SIGNATURE_BASE_Irontiger_Dnstunnel : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L65-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L65-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "84b7dec3a89fe309149c7a3141279755adafbf793521c7b9b4031827f1020d7d"
 		score = 75
 		quality = 85
@@ -370583,8 +371136,8 @@ rule SIGNATURE_BASE_Irontiger_EFH3_Encoder : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L86-L99"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L86-L99"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e620222f815a6c915e372c11d28c480179fd2abdb139ed6984ca5a7a61b8088c"
 		score = 75
 		quality = 85
@@ -370607,8 +371160,8 @@ rule SIGNATURE_BASE_Irontiger_Getpassword_X64 : FILE
 		date = "2023-01-06"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L101-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L101-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2adabc629fcd4bc89a015874376daf51b2a367bb13ec25e917e5d899080d8a74"
 		score = 75
 		quality = 85
@@ -370635,8 +371188,8 @@ rule SIGNATURE_BASE_Irontiger_Gtalk_Trojan : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L121-L135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L121-L135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9b6139d34ad91db2e418668be9ca947442ff614a241f0c1aa61f8334af5421c0"
 		score = 75
 		quality = 85
@@ -370660,8 +371213,8 @@ rule SIGNATURE_BASE_Irontiger_HTTP_SOCKS_Proxy_Soexe : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L137-L152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L137-L152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f262751727de3d47a8d7cdc1f8ba8d92f4f60e22bc4e897bd5e53a8f2c118c95"
 		score = 75
 		quality = 85
@@ -370686,8 +371239,8 @@ rule SIGNATURE_BASE_Irontiger_Nbddos_Gh0Stvariant_Dropper : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L154-L169"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L154-L169"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e877c52d5cb0067388e9a138f48dcf7d3bd6d7d491eea6acffb2527ba0a906c7"
 		score = 75
 		quality = 85
@@ -370712,8 +371265,8 @@ rule SIGNATURE_BASE_Irontiger_Plugx_Dosemulator : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L171-L185"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L171-L185"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "502adc142b0f7a2980b4b851f2360086cec855b5e9851a6e9afbaba1846d11ed"
 		score = 75
 		quality = 85
@@ -370737,8 +371290,8 @@ rule SIGNATURE_BASE_Irontiger_Plugx_Fastproxy : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L187-L203"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L187-L203"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6659595f65b445d2bd69b13b8d01c2dd78b5c055fa39f810a61646d9408df2ff"
 		score = 75
 		quality = 85
@@ -370764,8 +371317,8 @@ rule SIGNATURE_BASE_Irontiger_Plugx_Server : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L205-L225"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L205-L225"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "14b3f3b75cf6d042934e6916c99fe41d54065d59be6eb30b3cecc799997ac9d4"
 		score = 75
 		quality = 85
@@ -370795,8 +371348,8 @@ rule SIGNATURE_BASE_Irontiger_Readpwd86 : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L227-L240"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L227-L240"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c188b033aee6b7e811c125af545aa7851cd45ba02e057ee93967fa98d1c13947"
 		score = 75
 		quality = 85
@@ -370819,8 +371372,8 @@ rule SIGNATURE_BASE_Irontiger_Ring_Gh0Stvariant : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L242-L257"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L242-L257"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6df729e3b472d3930f5bc4a1b5b8736567df43b78bec3401f5d41bf7ba30d93b"
 		score = 75
 		quality = 85
@@ -370845,8 +371398,8 @@ rule SIGNATURE_BASE_Irontiger_Wmiexec
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/T5fSJC"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_irontiger_trendmicro.yar#L259-L276"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_irontiger_trendmicro.yar#L259-L276"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7988b993345e13b64e5f02ecd2679fc484b063a4cd2f18b52d00d2dfa34d82cb"
 		score = 75
 		quality = 85
@@ -370873,8 +371426,8 @@ rule SIGNATURE_BASE_EQGRP_Noclient_3_0_5 : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L12-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L12-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "51a6bf03c8d034942bf02fae2bea52436f53b4d437006b1dbe9c0c67387fe17a"
 		score = 75
 		quality = 85
@@ -370900,8 +371453,8 @@ rule SIGNATURE_BASE_EQGRP_Installdate : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L31-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L31-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "363a9c92c4d2560ba6dd0ec41acf136dff4346f20d54f971d319ed2aa531fe31"
 		score = 75
 		quality = 85
@@ -370928,8 +371481,8 @@ rule SIGNATURE_BASE_EQGRP_Teflondoor : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L52-L73"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L52-L73"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "38be3cfa638509d539bf4ada3b5c7e44e01ee4cfb74a53a76cd2f4287c5a56f5"
 		score = 75
 		quality = 85
@@ -370958,8 +371511,8 @@ rule SIGNATURE_BASE_EQGRP_Durablenapkin_Solaris_2_0_1 : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L75-L92"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L75-L92"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "113f9451d6792511baa168957c643de02f37826b32944ef882f49b68496ec596"
 		score = 75
 		quality = 85
@@ -370985,8 +371538,8 @@ rule SIGNATURE_BASE_EQGRP_Teflonhandle : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L94-L111"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L94-L111"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7dfa713b763c983219f008405e1ebf3dfe386672f2d4e5fb54b2b362023ae08a"
 		score = 75
 		quality = 85
@@ -371012,8 +371565,8 @@ rule SIGNATURE_BASE_EQGRP_False : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L113-L134"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L113-L134"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a1938bc7a5a7a1bb382c2bab976013a1adedc045e0312daabe1bdcdd65d0c606"
 		score = 75
 		quality = 85
@@ -371043,8 +371596,8 @@ rule SIGNATURE_BASE_EQGRP_Dn_1_0_2_1 : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L136-L152"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L136-L152"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9b6420401419b280f01f7fc73412386a19e94a57e589a043b231b6a721585c99"
 		score = 75
 		quality = 85
@@ -371069,8 +371622,8 @@ rule SIGNATURE_BASE_EQGRP_Morel : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L154-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L154-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "463d628bb19e27e94dcccc4c7d435d86111d51aa9f77c5ca1a199d9aaa9017ba"
 		score = 75
 		quality = 85
@@ -371095,8 +371648,8 @@ rule SIGNATURE_BASE_EQGRP_Bc_Parser : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L172-L187"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L172-L187"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e8911acc1173e1149fd11dd795b72ba26bc654cbc7f9d95053ce420663fcafe9"
 		score = 75
 		quality = 85
@@ -371120,8 +371673,8 @@ rule SIGNATURE_BASE_EQGRP_1212 : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L189-L207"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L189-L207"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1be7ed8fdfaecc6e55c4d1e75cf841f4620df3d2abe6aed2761aed20c42f70bd"
 		score = 75
 		quality = 85
@@ -371148,8 +371701,8 @@ rule SIGNATURE_BASE_EQGRP_1212_Dehex : FILE
 		date = "2016-08-15"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L209-L226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L209-L226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "74d1b0e820696cd5507996996bead50d283e83095bc7288a6e8e484738b6348b"
 		score = 75
 		quality = 85
@@ -371175,8 +371728,8 @@ rule SIGNATURE_BASE_Install_Get_Persistent_Filenames : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L237-L250"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L237-L250"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "be07e3e3e96dd4676a76b32eb8fc47b2ab1f66ebbd6c2a3f1c88fc224f9f39ef"
 		score = 75
 		quality = 85
@@ -371199,8 +371752,8 @@ rule SIGNATURE_BASE_EQGRP_Create_Dns_Injection
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L252-L266"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L252-L266"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a07cb33c459208410b326fc260e96e617385ee4eac905a92d9542cb5ec73713e"
 		score = 75
 		quality = 85
@@ -371224,8 +371777,8 @@ rule SIGNATURE_BASE_EQGRP_Screamingplow
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L268-L282"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L268-L282"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "429ff81b6079785cc45d81b5ebf8bccd49f30484ca692017b0b66484463606d4"
 		score = 75
 		quality = 85
@@ -371249,8 +371802,8 @@ rule SIGNATURE_BASE_EQGRP_Mixtext
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L284-L297"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L284-L297"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cae2437124ad6e69b04a1338b651e33c7358b7fedd0613f3fa1025cf980e14ab"
 		score = 75
 		quality = 85
@@ -371273,8 +371826,8 @@ rule SIGNATURE_BASE_EQGRP_Tunnel_State_Reader
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L299-L313"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L299-L313"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d0653650aad10e7ff69b7ef1e61fac64310c63cc68c6d924655f082925e4fd04"
 		score = 75
 		quality = 85
@@ -371298,8 +371851,8 @@ rule SIGNATURE_BASE_EQGRP_Payload
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L315-L329"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L315-L329"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "22e2a4809f6646437ab0824238fec791f3760ac305f9c818089797b011425b3d"
 		score = 75
 		quality = 85
@@ -371323,8 +371876,8 @@ rule SIGNATURE_BASE_EQGRP_Eligiblecandidate
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L331-L348"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L331-L348"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e7e1b206f9c51ffe0ab016a93d551a9ede8f87adfc38fe70278be8c2f0fe0696"
 		score = 75
 		quality = 85
@@ -371350,8 +371903,8 @@ rule SIGNATURE_BASE_EQGRP_BUSURPER_2211_724
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L350-L367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L350-L367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "834180ef512882cc3b22e79a6bda349678eb5042a3356a50c47eeb36ae453427"
 		score = 75
 		quality = 83
@@ -371378,8 +371931,8 @@ rule SIGNATURE_BASE_EQGRP_Networkprofiler_Orderscans
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L369-L383"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L369-L383"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0cdf4f3d8f668ce5d5aab652c83cb4d2a9acc3471ff720448d021707b34402ef"
 		score = 75
 		quality = 85
@@ -371403,8 +371956,8 @@ rule SIGNATURE_BASE_EQGRP_Epicbanana_2_1_0_1
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L385-L399"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L385-L399"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "be0b180e0dfdda35725ac6d9c35752a0b56bdbdaf985b6932c7d2ff342d4cde3"
 		score = 75
 		quality = 85
@@ -371428,8 +371981,8 @@ rule SIGNATURE_BASE_EQGRP_Sniffer_Xml2Pcap
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L401-L415"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L401-L415"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3c3aa9f42edbca32725f8c02023e3b9644162a001ded099513d12f94d70dd4c8"
 		score = 75
 		quality = 85
@@ -371453,8 +372006,8 @@ rule SIGNATURE_BASE_EQGRP_Bananaaid
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L417-L433"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L417-L433"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "2ae52529547866dcfe66fffb3f5b37eba89844b7675129c66636ebef01b0f49a"
 		score = 75
 		quality = 85
@@ -371480,8 +372033,8 @@ rule SIGNATURE_BASE_EQGRP_Bo : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L435-L452"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L435-L452"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "48c2d3f13283d2a1b7e1010c724f1e68e6002dd9a9779025dfc3a4952bec95bc"
 		score = 75
 		quality = 85
@@ -371508,8 +372061,8 @@ rule SIGNATURE_BASE_EQGRP_Seconddate_2211 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L454-L470"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L454-L470"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f51f4cfb3b1c77f03a3627cccfee72e57731b26b01907cc837f246a8f7677580"
 		score = 75
 		quality = 83
@@ -371535,8 +372088,8 @@ rule SIGNATURE_BASE_EQGRP_Config_Jp1_UA
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L472-L488"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L472-L488"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8dd504bd00f72b1500375fbe451f5abb055cb2ff440f6ae4314b1e3d64097b83"
 		score = 75
 		quality = 85
@@ -371562,8 +372115,8 @@ rule SIGNATURE_BASE_EQGRP_Userscript
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L490-L503"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L490-L503"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "718ee434c8ae61e2709df6dd431dbb0a2230085f0132ae82c7ceda4de75248cf"
 		score = 75
 		quality = 85
@@ -371586,8 +372139,8 @@ rule SIGNATURE_BASE_EQGRP_BBALL_M50FW08_2201 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L505-L523"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L505-L523"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dd180203ec4c4ddfa2c46cba672eb94179553637a9f7548b25dee7b88c3d3294"
 		score = 75
 		quality = 83
@@ -371615,8 +372168,8 @@ rule SIGNATURE_BASE_EQGRP_BUSURPER_3001_724 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L525-L540"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L525-L540"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "531f7039290b386f070378cb4ba49a57b5031fb16b3972b61f4fb904770fc4ac"
 		score = 75
 		quality = 85
@@ -371641,8 +372194,8 @@ rule SIGNATURE_BASE_EQGRP_Workit
 		date = "2016-08-16"
 		modified = "2023-01-27"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L542-L566"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L542-L566"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1fa61e8c2012e664fee97ff608bcd8845bbd9701fa02d39d49379f7f83a5636d"
 		score = 75
 		quality = 35
@@ -371675,8 +372228,8 @@ rule SIGNATURE_BASE_EQGRP_Tinyhttp_Setup : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L568-L584"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L568-L584"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0d560206e634f3bfeffe5b7de3edf02f6c76443ffb5c0de37180e63276a19457"
 		score = 75
 		quality = 85
@@ -371702,8 +372255,8 @@ rule SIGNATURE_BASE_EQGRP_Shellcode
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L586-L605"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L586-L605"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "69a04db721a0d17720f9db9386d47309f01d1fc31bd5e833cedb9e1c2eb573ae"
 		score = 75
 		quality = 85
@@ -371730,8 +372283,8 @@ rule SIGNATURE_BASE_EQGRP_EPBA : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L607-L626"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L607-L626"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c483efdcfbb0dd8602a552b519d3aa52fca12549c0ec1660d813a2a1da66c3a6"
 		score = 75
 		quality = 85
@@ -371760,8 +372313,8 @@ rule SIGNATURE_BASE_EQGRP_BPIE : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L628-L648"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L628-L648"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ab13dde40015fba80f55bc9d1b82c94ec2421e9ea263b70ad8ec0a7a74c43c9a"
 		score = 75
 		quality = 83
@@ -371791,8 +372344,8 @@ rule SIGNATURE_BASE_EQGRP_Jetplow_SH
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L650-L666"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L650-L666"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8ae203527c4e41ae169c63521bb08d5199c43dfd1028574a1791ab1f8f198105"
 		score = 75
 		quality = 85
@@ -371818,8 +372371,8 @@ rule SIGNATURE_BASE_EQGRP_BBANJO : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L668-L687"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L668-L687"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8ee2e817732674bf7ff5f396271a2a90da8f401d7ea0f0a3f51c21712adb3ea4"
 		score = 75
 		quality = 83
@@ -371848,8 +372401,8 @@ rule SIGNATURE_BASE_EQGRP_BPATROL_2201 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L689-L706"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L689-L706"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a2e9aa4627924c99dd3a342174855df3f0d545a67fd2293ca5601eeae70ae010"
 		score = 75
 		quality = 83
@@ -371876,8 +372429,8 @@ rule SIGNATURE_BASE_EQGRP_Extrabacon
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L708-L725"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L708-L725"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1a010d5e6324715f8e1bf29e957c365fabd2986fece53aaea23bba8ee59bd808"
 		score = 75
 		quality = 85
@@ -371904,8 +372457,8 @@ rule SIGNATURE_BASE_EQGRP_Sploit_Py
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L727-L742"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L727-L742"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "874eaffcbc191951db39ba6c85e8c80b83b0df8d33136b6cdcdefcb28e596474"
 		score = 75
 		quality = 85
@@ -371930,8 +372483,8 @@ rule SIGNATURE_BASE_EQGRP_Uninstallpbd
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L744-L759"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L744-L759"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "51be8a491a1e228dfc6156a86e9f2ffc923c39d0649bbc031ea1bafe1af22a45"
 		score = 75
 		quality = 85
@@ -371956,8 +372509,8 @@ rule SIGNATURE_BASE_EQGRP_BICECREAM : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L761-L782"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L761-L782"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "adaa6b7d4bf9e6f95fbae781382e72afc07993582473cbee7139a93df0fe3283"
 		score = 75
 		quality = 85
@@ -371988,8 +372541,8 @@ rule SIGNATURE_BASE_EQGRP_Create_Http_Injection : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L784-L802"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L784-L802"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3a2ee46c6fec1b7a501e8c0e2963d4873ede89d192d0f4701d051f782e8ece99"
 		score = 75
 		quality = 85
@@ -372016,8 +372569,8 @@ rule SIGNATURE_BASE_EQGRP_BFLEA_2201 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L804-L823"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L804-L823"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d0fd4d0ffe98856abed685c4b9ff770daba22aa16bd860440874fd94df2d54ea"
 		score = 75
 		quality = 83
@@ -372046,8 +372599,8 @@ rule SIGNATURE_BASE_EQGRP_Bpfcreator_RHEL4 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L825-L842"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L825-L842"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8586425b13355170137d66fe8d52ed98982d7c5699b26a8c0132f107b4af43d8"
 		score = 75
 		quality = 85
@@ -372074,8 +372627,8 @@ rule SIGNATURE_BASE_EQGRP_Storefc
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L844-L859"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L844-L859"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f07c3ef83808852f70fb5cbc4436d531675344ab74f83888cd70d987c3544cce"
 		score = 75
 		quality = 85
@@ -372100,8 +372653,8 @@ rule SIGNATURE_BASE_EQGRP_Hexdump : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L861-L877"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L861-L877"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ed36aa5a69296088bdd1db42e6561377294b7bd99c30104b9d4a618d899d7e9a"
 		score = 75
 		quality = 85
@@ -372127,8 +372680,8 @@ rule SIGNATURE_BASE_EQGRP_BBALL : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L879-L898"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L879-L898"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b02d17a13725b5215c89590abf77f960e79f9fd155c9ea4e9eb903710a7a375e"
 		score = 75
 		quality = 83
@@ -372157,8 +372710,8 @@ rule SIGNATURE_BASE_EQGRP_BARPUNCH_BPICKER : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L902-L921"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L902-L921"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f5d0cc881bedad736a90109933da8dbd32c4435aa255676c68ae3541bbb61e74"
 		score = 75
 		quality = 85
@@ -372187,8 +372740,8 @@ rule SIGNATURE_BASE_EQGRP_Implants_Gen6 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L923-L951"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L923-L951"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9f0aa1994199c8cef543b7602b574726171dd96df159a0c496db0c60c339c4d0"
 		score = 75
 		quality = 85
@@ -372226,8 +372779,8 @@ rule SIGNATURE_BASE_EQGRP_Implants_Gen5 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L953-L978"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L953-L978"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d4bbd9dbde4ca1da80d49157363ade3ec47d55828529ec7e1a46b64d07c991f0"
 		score = 75
 		quality = 85
@@ -372261,8 +372814,8 @@ rule SIGNATURE_BASE_EQGRP_Pandarock : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L980-L1007"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L980-L1007"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d0a61410d7c5f309489ef4553f41a3a6fb7d0f24bcdb1f0d88e896265513add2"
 		score = 75
 		quality = 85
@@ -372297,8 +372850,8 @@ rule SIGNATURE_BASE_EQGRP_Bananausurper_Writejetplow : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1009-L1028"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1009-L1028"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "101e75800291a7603e03145bff298d7587c9b5f19102e7ba9ed3bf2b544fa5cf"
 		score = 75
 		quality = 85
@@ -372326,8 +372879,8 @@ rule SIGNATURE_BASE_EQGRP_Implants_Gen4 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1030-L1051"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1030-L1051"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3bfcef33e9a0a1753fd21458ee3173284f98942d30a496c5183c79a7df960208"
 		score = 75
 		quality = 85
@@ -372358,8 +372911,8 @@ rule SIGNATURE_BASE_EQGRP_Implants_Gen3 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1053-L1076"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1053-L1076"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "32d4dd0e35ea480199f5b2032145326c3eef73243783c580605a4de6877df982"
 		score = 75
 		quality = 85
@@ -372391,8 +372944,8 @@ rule SIGNATURE_BASE_EQGRP_BLIAR_BLIQUER : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1078-L1111"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1078-L1111"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "59b7303dba0a79919d79627697a8724337145cd6d7b5c53cda970bf437162865"
 		score = 75
 		quality = 85
@@ -372433,8 +372986,8 @@ rule SIGNATURE_BASE_EQGRP_Sploit : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1113-L1135"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1113-L1135"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "083f103dee6b209626c4d790dff0e53af757945ded63409b26bbe143c78e30eb"
 		score = 75
 		quality = 85
@@ -372466,8 +373019,8 @@ rule SIGNATURE_BASE_EQGRP_Implants_Gen2 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1137-L1168"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1137-L1168"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c3cbe11ae38f5affffab247cdc618d0afb5a0feda6ea4b2f43dd8edb2fbf2b11"
 		score = 75
 		quality = 85
@@ -372507,8 +373060,8 @@ rule SIGNATURE_BASE_EQGRP_Implants_Gen1 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1170-L1199"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1170-L1199"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1493f78e74503c367e3c5d8eac32167a7ad34d2435eba00e1f7bf864682e10a5"
 		score = 75
 		quality = 85
@@ -372547,8 +373100,8 @@ rule SIGNATURE_BASE_EQGRP_Eligiblebombshell_Generic : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1201-L1218"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1201-L1218"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a2e13300736f99aff30c7b4f7f0b148d62ecb1e72435a3e15e4f85b30d904ffd"
 		score = 75
 		quality = 85
@@ -372575,8 +373128,8 @@ rule SIGNATURE_BASE_EQGRP_Ssh_Telnet_29 : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1220-L1241"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1220-L1241"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e93a54f4de089d460bfb966feacc377c0467863f481a210c81970f4909fb3bd8"
 		score = 75
 		quality = 85
@@ -372607,8 +373160,8 @@ rule SIGNATURE_BASE_EQGRP_Tinyexec : FILE
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1245-L1258"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1245-L1258"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "19b8d7e946d72424f81cd48ad4bf8791bf50a4cc146866e55ad501443a8d1e45"
 		score = 75
 		quality = 85
@@ -372631,8 +373184,8 @@ rule SIGNATURE_BASE_EQGRP_Callbacks
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1260-L1272"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1260-L1272"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "34881cf8f9f29482a1e129f0f61470d4cc3fa6b78b9f6dda25862371896deca7"
 		score = 75
 		quality = 85
@@ -372654,8 +373207,8 @@ rule SIGNATURE_BASE_EQGRP_Extrabacon_Output
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1274-L1290"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1274-L1290"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5e71a4380dd30e68d89add1718976d3207a161d2d61fd4c3250fc4b10a0f53a0"
 		score = 75
 		quality = 85
@@ -372681,8 +373234,8 @@ rule SIGNATURE_BASE_EQGRP_Unique_Strings
 		date = "2016-08-16"
 		modified = "2023-12-05"
 		reference = "Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1292-L1305"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1292-L1305"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "070358ec9cccb5d9daa4e5a016d4f9a988b600d675484f06dc9a897cadf7af0c"
 		score = 75
 		quality = 85
@@ -372705,8 +373258,8 @@ rule SIGNATURE_BASE_EQGRP_RC5_RC6_Opcode
 		date = "2016-08-17"
 		modified = "2023-12-05"
 		reference = "https://securelist.com/blog/incidents/75812/the-equation-giveaway/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1307-L1326"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1307-L1326"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a79208c5924e1d5cc9db922f80403514e516eadb725393c1ebc9a6236ca90b98"
 		score = 75
 		quality = 85
@@ -372728,8 +373281,8 @@ rule SIGNATURE_BASE_Equationgroup_Modifyaudit_Implant : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1337-L1353"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1337-L1353"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ec8b54f3489b1eeef491b03641805e0e4db0b5cbbb67a3ae3d37dad184f54b01"
 		score = 75
 		quality = 85
@@ -372755,8 +373308,8 @@ rule SIGNATURE_BASE_Equationgroup_Modifyaudit_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1355-L1372"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1355-L1372"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a908d44b831a27bb584c5da936346f77f0e205658ec2ebe0e600004645894593"
 		score = 75
 		quality = 85
@@ -372783,8 +373336,8 @@ rule SIGNATURE_BASE_Equationgroup_Processhide_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1374-L1393"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1374-L1393"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "407045f5ac8eeec4403560de406e5d382d38ae2f34d0e4c7d3cc9b94debdfad8"
 		score = 75
 		quality = 85
@@ -372813,8 +373366,8 @@ rule SIGNATURE_BASE_Equationgroup_Pwdump_Implant : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1395-L1410"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1395-L1410"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "20df7ef04154e317ee844545e541d62b3b8db4ac4800ba45a26b1092499c6e69"
 		score = 75
 		quality = 85
@@ -372839,8 +373392,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Gen_5 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1412-L1428"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1412-L1428"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "834a7175a23c30301fce01482a2768d453368c7ca5c72ae52b2d266b31005991"
 		score = 75
 		quality = 85
@@ -372866,8 +373419,8 @@ rule SIGNATURE_BASE_Equationgroup_PC_Level3_Http_Flav_Dll : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1430-L1447"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1430-L1447"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "579539961e29c4da60dc632b1afd348e0d799e266f175a3bae7206b615d90f5b"
 		score = 75
 		quality = 85
@@ -372894,8 +373447,8 @@ rule SIGNATURE_BASE_Equationgroup_LSADUMP_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1449-L1462"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1449-L1462"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f67a64ae7fece949d37367d85a28a879e90844e5cc56e88a85a1cce890990f55"
 		score = 75
 		quality = 85
@@ -372918,8 +373471,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Mstcp32 : FILE
 		date = "2017-01-13"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1464-L1485"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1464-L1485"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aff97f8360a0c24bfde6a1b2616749d6cad3b19993716231d32b8bb59579c638"
 		score = 75
 		quality = 85
@@ -372949,8 +373502,8 @@ rule SIGNATURE_BASE_Equationgroup_Nethide_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1487-L1504"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1487-L1504"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "70e96a8ef5f75e05b3f6d32b9b8392316c3a70cb479549a3700134435b690473"
 		score = 75
 		quality = 85
@@ -372977,8 +373530,8 @@ rule SIGNATURE_BASE_Equationgroup_PC_Level4_Flav_Dll_X64 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1506-L1521"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1506-L1521"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9c874581567909055deeae4f992bd99c1e08d5f62655d1cc9a7316beb8513d8f"
 		score = 75
 		quality = 85
@@ -373003,8 +373556,8 @@ rule SIGNATURE_BASE_Equationgroup_PC_Level4_Flav_Exe : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1523-L1541"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1523-L1541"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "975d327d5922e4b179a677501c2613186ea85299958a996dcdeb503b02495ff7"
 		score = 75
 		quality = 85
@@ -373032,8 +373585,8 @@ rule SIGNATURE_BASE_Equationgroup_Processinfo_Implant : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1543-L1558"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1543-L1558"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b0aace3c6fa20c5bb238264b2aa484d548945a4c2ccb65482cce71427f061604"
 		score = 75
 		quality = 85
@@ -373058,8 +373611,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Gen_2 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1560-L1574"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1560-L1574"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fcbc518d23dc21d482abcac29505c5404fc9e309554ca7dc9f1014adbff83e1a"
 		score = 75
 		quality = 85
@@ -373083,8 +373636,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Ntevt : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1577-L1591"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1577-L1591"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c5259c89dfedc34ca032775bda4ead04985da6b3d042b8a6635f5f848570d8c6"
 		score = 75
 		quality = 85
@@ -373108,8 +373661,8 @@ rule SIGNATURE_BASE_Equationgroup_Nethide_Implant : FILE
 		date = "2017-01-13"
 		modified = "2023-01-27"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1593-L1608"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1593-L1608"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bd25d05b001ac7d41e60270b62aeecd520a570e76557c68d78d9680c7beb90ab"
 		score = 75
 		quality = 85
@@ -373133,8 +373686,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Gen_4 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1610-L1624"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1610-L1624"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3046cbfa4b4f5eb5d0efc1b2b658567391b0c219650437088a0d6c179e9235fb"
 		score = 75
 		quality = 85
@@ -373158,8 +373711,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Tdi6 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1626-L1642"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1626-L1642"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ba7e14a3bf158795ecee498976847fbbcc80635799be4574f05aa80d1a85a4ef"
 		score = 75
 		quality = 85
@@ -373185,8 +373738,8 @@ rule SIGNATURE_BASE_Equationgroup_Modifyauthentication_Implant : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1644-L1661"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1644-L1661"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8bdc4c9e9a3e327bb55781670d8f373d5a8904ccd47cc4b67673c47a76c54927"
 		score = 75
 		quality = 85
@@ -373213,8 +373766,8 @@ rule SIGNATURE_BASE_Equationgroup_Ntfltmgr : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1663-L1679"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1663-L1679"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3e931088f363c7dfb6057019faf9e5c674c90f6bdae6211dcc871464b410efd3"
 		score = 75
 		quality = 85
@@ -373240,8 +373793,8 @@ rule SIGNATURE_BASE_Equationgroup_DXGHLP16 : FILE
 		date = "2017-01-13"
 		modified = "2023-01-06"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1681-L1702"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1681-L1702"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5244cef876af4c0c02109599e6250254c854ed5c9bd2d0ccc44676dca21a1650"
 		score = 75
 		quality = 85
@@ -373271,8 +373824,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Msgkd : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1704-L1718"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1704-L1718"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "60336294ef5fa0221fc6a0e8b05bb279ac0e167024568cd9efa78e678e763704"
 		score = 75
 		quality = 85
@@ -373296,8 +373849,8 @@ rule SIGNATURE_BASE_Equationgroup_Runaschild_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1720-L1735"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1720-L1735"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "77bea554ead64f85f4efdc49f91ea3b24d1759ae9d91718d443938ab862b0191"
 		score = 75
 		quality = 85
@@ -373322,8 +373875,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Gen_6 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1737-L1752"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1737-L1752"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5a14bd8efe2cf68beec207e5deec28fd5b9d89c506593214eccbceae3cb862a7"
 		score = 75
 		quality = 85
@@ -373348,8 +373901,8 @@ rule SIGNATURE_BASE_Equationgroup_PC_Level3_Http_Flav_Dll_X64 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1754-L1771"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1754-L1771"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b304cb747e609ad5de46624e2d0d005d5f8521e16f0b36cab31535709d7ab72f"
 		score = 75
 		quality = 85
@@ -373376,8 +373929,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Gen_3 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1773-L1787"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1773-L1787"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6b43280a94f1f5c62185f6b879126bcd258e9875beeb0f7ec1e3569494a60669"
 		score = 75
 		quality = 85
@@ -373401,8 +373954,8 @@ rule SIGNATURE_BASE_Equationgroup_Getadmin_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1789-L1802"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1789-L1802"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5bff3858c59b1bb44c5e24ca5f77d8e1e582224cc1caad3955d1adb0efea318a"
 		score = 75
 		quality = 85
@@ -373425,8 +373978,8 @@ rule SIGNATURE_BASE_Equationgroup_Modifygroup_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1805-L1819"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1805-L1819"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8fe5102cacd9149a0ed60440c563953d487aa2b28a3b947d821d0cc3f3396a4a"
 		score = 75
 		quality = 85
@@ -373450,8 +374003,8 @@ rule SIGNATURE_BASE_Equationgroup_Pwdump_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1821-L1834"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1821-L1834"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7381ffd9b2b720fa99d52bc5805fea942e5a966bf3fd611f1a80a875edd06dad"
 		score = 75
 		quality = 85
@@ -373474,8 +374027,8 @@ rule SIGNATURE_BASE_Equationgroup_Eventlogedit_Implant : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1836-L1851"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1836-L1851"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1d391eaed77150ab2a26dfed60ebd82aa2c6802b6b604791fb78d08db7fe5ec9"
 		score = 75
 		quality = 85
@@ -373500,8 +374053,8 @@ rule SIGNATURE_BASE_Equationgroup_Portmap_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1853-L1868"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1853-L1868"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9666e64b40dc01c5b3756b1334519730765f7075ba9a124a79f5b7ea4bc91e03"
 		score = 75
 		quality = 85
@@ -373526,8 +374079,8 @@ rule SIGNATURE_BASE_Equationgroup_Processoptions_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1870-L1883"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1870-L1883"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cc9cd566f57d28ccea6d53d2eba71187f01cdf6e140771cace33349f6439461d"
 		score = 75
 		quality = 85
@@ -373550,8 +374103,8 @@ rule SIGNATURE_BASE_Equationgroup_Passfreely_Lp : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1885-L1900"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1885-L1900"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c3ceb04b42b6e741b1578ec9ecb83b72c599d9af457d6d4e8de572e481d3aa5c"
 		score = 75
 		quality = 85
@@ -373576,8 +374129,8 @@ rule SIGNATURE_BASE_Equationgroup_Equationdrug_Gen_1 : FILE
 		date = "2017-01-13"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/tcSoiJ"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1904-L1933"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1904-L1933"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "97fe69f0c8f2fc44fdcd796c9390c3912f31c56540af1ca8f2baab16d1e91add"
 		score = 75
 		quality = 85
@@ -373617,8 +374170,8 @@ rule SIGNATURE_BASE_Equationdrug_MS_Identifier
 		date = "2015-03-11"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp.yar#L1937-L1948"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp.yar#L1937-L1948"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7b919c82b6e765be5adb927bf79d13f9b37a214a6f8a1f7b237a88ba46ae958c"
 		score = 75
 		quality = 85
@@ -373640,8 +374193,8 @@ rule SIGNATURE_BASE_PUA_Anydesk_Compromised_Certificate_Revoked_Jan24 : FILE
 		date = "2024-02-05"
 		modified = "2024-04-24"
 		reference = "https://anydesk.com/en/public-statement"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_anydesk_compromised_cert_feb23.yar#L3-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_anydesk_compromised_cert_feb23.yar#L3-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a1f148dbf15579bd6a65e7c93fa64f00ea481d6b314a444fa924a4604adb9a6d"
 		score = 50
 		quality = 85
@@ -373660,8 +374213,8 @@ rule SIGNATURE_BASE_SUSP_Anydesk_Compromised_Certificate_Jan24_1 : FILE
 		date = "2024-02-02"
 		modified = "2024-04-24"
 		reference = "https://anydesk.com/en/public-statement"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_anydesk_compromised_cert_feb23.yar#L19-L36"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_anydesk_compromised_cert_feb23.yar#L19-L36"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1b2268b1efa09ee8578f4c1ae07617ac6bebeacd3ed50598a2fc2ec4d709baa7"
 		score = 75
 		quality = 85
@@ -373682,8 +374235,8 @@ rule SIGNATURE_BASE_SUSP_Anydesk_Compromised_Certificate_Jan24_2 : FILE
 		date = "2024-02-02"
 		modified = "2024-04-24"
 		reference = "https://anydesk.com/en/public-statement"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_anydesk_compromised_cert_feb23.yar#L38-L56"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_anydesk_compromised_cert_feb23.yar#L38-L56"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "86f708233d5a6a46d367430dcc65b128e8dc7ec24eda774ff3860101cc16c9fc"
 		score = 65
 		quality = 85
@@ -373707,8 +374260,8 @@ rule SIGNATURE_BASE_SUSP_Anydesk_Compromised_Certificate_Jan24_3 : FILE
 		date = "2024-02-02"
 		modified = "2024-04-24"
 		reference = "https://anydesk.com/en/public-statement"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_anydesk_compromised_cert_feb23.yar#L58-L77"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_anydesk_compromised_cert_feb23.yar#L58-L77"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fdd1068abfba52c9a40fd2b6628a5c67775eb31815e6d53bfc4655080d9b240e"
 		score = 75
 		quality = 85
@@ -373726,8 +374279,8 @@ rule SIGNATURE_BASE_Blackenergy_BE_2 : FILE
 		date = "2015-02-19"
 		modified = "2023-12-05"
 		reference = "http://goo.gl/DThzLz"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_blackenergy.yar#L8-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_blackenergy.yar#L8-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "983cfcf3aaaeff1ad82eb70f77088ad6ccedee77"
 		logic_hash = "77ecab353063bf8be5ec70294f8497234af8ddd944e0b207d8d633f59f76dbb6"
 		score = 75
@@ -373754,8 +374307,8 @@ rule SIGNATURE_BASE_Blackenergy_VBS_Agent : FILE
 		date = "2016-01-03"
 		modified = "2023-12-05"
 		reference = "http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_blackenergy.yar#L34-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_blackenergy.yar#L34-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b90f268b5e7f70af1687d9825c09df15908ad3a6978b328dc88f96143a64af0f"
 		logic_hash = "2a0037a76f1031117fe41b2e41691511eb626ffc0c738547eda24f771505bc67"
 		score = 75
@@ -373780,8 +374333,8 @@ rule SIGNATURE_BASE_Dropbear_SSH_Server : FILE
 		date = "2016-01-03"
 		modified = "2023-12-05"
 		reference = "http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_blackenergy.yar#L51-L69"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_blackenergy.yar#L51-L69"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0969daac4adc84ab7b50d4f9ffb16c4e1a07c6dbfc968bd6649497c794a161cd"
 		logic_hash = "6b8acaaa64329d09d3d22d74f4f40288fba3f5faaff63e1ee6b2e6153f14d730"
 		score = 50
@@ -373808,8 +374361,8 @@ rule SIGNATURE_BASE_Blackenergy_Backdoorpass_Dropbear_SSH : FILE
 		date = "2016-01-03"
 		modified = "2023-12-05"
 		reference = "http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_blackenergy.yar#L71-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_blackenergy.yar#L71-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "0969daac4adc84ab7b50d4f9ffb16c4e1a07c6dbfc968bd6649497c794a161cd"
 		logic_hash = "3af58d155691d9323458280ad1b933e8e784acafb0974f5f267b93d9b02e825e"
 		score = 75
@@ -373832,8 +374385,8 @@ rule SIGNATURE_BASE_Blackenergy_Killdisk_1 : FILE
 		date = "2016-01-03"
 		modified = "2023-12-05"
 		reference = "http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_blackenergy.yar#L88-L115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_blackenergy.yar#L88-L115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fa64434422a16166938b9eede9c50b79bae90632f1500e6529dcf26dbebe50f1"
 		score = 80
 		quality = 85
@@ -373869,8 +374422,8 @@ rule SIGNATURE_BASE_Blackenergy_Killdisk_2 : FILE
 		date = "2016-01-03"
 		modified = "2023-01-06"
 		reference = "http://feedproxy.google.com/~r/eset/blog/~3/BXJbnGSvEFc/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_blackenergy.yar#L117-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_blackenergy.yar#L117-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "38ce9ab347690914f27e7ae89cc6fb2af02ee223e21822eb3b75fde772d3eaff"
 		score = 80
 		quality = 85
@@ -373899,8 +374452,8 @@ rule SIGNATURE_BASE_Blackenergy_Driver_USBMDM : FILE
 		date = "2016-01-04"
 		modified = "2023-12-05"
 		reference = "http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_blackenergy.yar#L140-L163"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_blackenergy.yar#L140-L163"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "273a00de7af1b7490bff2eae545b358a5483bae0d55a560bef7bd9fa24b0f1d9"
 		score = 75
 		quality = 85
@@ -373933,8 +374486,8 @@ rule SIGNATURE_BASE_Blackenergy_Driver_AMDIDE : FILE
 		date = "2016-01-04"
 		modified = "2023-12-05"
 		reference = "http://www.welivesecurity.com/2016/01/03/blackenergy-sshbeardoor-details-2015-attacks-ukrainian-news-media-electric-industry/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_blackenergy.yar#L165-L188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_blackenergy.yar#L165-L188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cb6017327be464bcc2d9efca676c58a9ede45d122460bc167f87e78880c4ace5"
 		score = 75
 		quality = 85
@@ -373967,8 +374520,8 @@ rule SIGNATURE_BASE_LOG_F5_BIGIP_Exploitation_Artefacts_CVE_2021_22986_Mar21_1 :
 		date = "2021-03-20"
 		modified = "2023-12-05"
 		reference = "https://research.nccgroup.com/2021/03/18/rift-detection-capabilities-for-recent-f5-big-ip-big-iq-icontrol-rest-api-vulnerabilities-cve-2021-22986/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_f5_bigip_cve_2021_22986_log.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_f5_bigip_cve_2021_22986_log.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "748bb429d4a086e2890773558ea502ef06f507aed5f0f70470e2cd97a3fd5007"
 		score = 80
 		quality = 85
@@ -373990,8 +374543,8 @@ rule SIGNATURE_BASE_SUSP_ELF_SPARC_Hunting_SBZ_Obfuscation : FILE
 		date = "2023-04-02"
 		modified = "2023-05-08"
 		reference = "https://netadr.github.io/blog/a-quick-glimpse-sbz/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_sparc_sbz_apr23.yar#L2-L24"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_sparc_sbz_apr23.yar#L2-L24"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3d45dc8d8dbc62cee6b7ec4aa842eaa88bd23aea17e995eef4850fd91e7069a3"
 		score = 60
 		quality = 85
@@ -374013,8 +374566,8 @@ rule SIGNATURE_BASE_SUSP_ELF_SPARC_Hunting_SBZ_Uniquestrings
 		date = "2023-04-02"
 		modified = "2023-05-08"
 		reference = "https://netadr.github.io/blog/a-quick-glimpse-sbz/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_sparc_sbz_apr23.yar#L26-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_sparc_sbz_apr23.yar#L26-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bb95fc6bda0a0ed8ffc6db9734c725c487b0e70909d60119bf58d60987daaaeb"
 		score = 60
 		quality = 85
@@ -374038,8 +374591,8 @@ rule SIGNATURE_BASE_SUSP_ELF_SPARC_Hunting_SBZ_Modulestruct : FILE
 		date = "2023-04-02"
 		modified = "2023-05-08"
 		reference = "https://netadr.github.io/blog/a-quick-glimpse-sbz/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_eqgrp_sparc_sbz_apr23.yar#L49-L65"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_eqgrp_sparc_sbz_apr23.yar#L49-L65"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dc9608c769dcb14ba01559bfe2e8ed03eebf5695b867b53742f26e3fcce389ca"
 		score = 60
 		quality = 85
@@ -374062,8 +374615,8 @@ rule SIGNATURE_BASE_Reflectiveloader : FILE
 		date = "2017-07-17"
 		modified = "2021-03-15"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_loaders.yar#L14-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_loaders.yar#L14-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4d839674f8d8181b11af964a7c84a9eb8f07623500dd2695fca9ca3b15c247e2"
 		score = 70
 		quality = 85
@@ -374092,8 +374645,8 @@ rule SIGNATURE_BASE_Reflective_DLL_Loader_Aug17_1 : FILE
 		date = "2017-08-20"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_loaders.yar#L53-L76"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_loaders.yar#L53-L76"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9ad012dda538d37242c92c6ed16a0fb1cd9252a2884387f8e7d9c80b041c8fea"
 		score = 75
 		quality = 85
@@ -374119,8 +374672,8 @@ rule SIGNATURE_BASE_DLL_Injector_Lynx : FILE
 		date = "2017-08-20"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_loaders.yar#L78-L100"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_loaders.yar#L78-L100"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1904b152c42126abd87671747dc2733e2a5e2a01ab55346c131fb430fe5ba58e"
 		score = 75
 		quality = 85
@@ -374150,8 +374703,8 @@ rule SIGNATURE_BASE_Reflective_DLL_Loader_Aug17_2 : FILE
 		date = "2017-08-20"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_loaders.yar#L102-L128"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_loaders.yar#L102-L128"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f01b2cf754c3527d0d7fd44c28d3cdb9327762572b43a7d6f7667e5c2a26ab17"
 		score = 60
 		quality = 85
@@ -374180,8 +374733,8 @@ rule SIGNATURE_BASE_Reflective_DLL_Loader_Aug17_3 : FILE
 		date = "2017-08-20"
 		modified = "2022-12-21"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_loaders.yar#L130-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_loaders.yar#L130-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "4fbba94e6d3dc7b4976c90c0f95683c548f3c444bf5eaf0a7c55d96150978a67"
 		score = 75
 		quality = 85
@@ -374208,8 +374761,8 @@ rule SIGNATURE_BASE_Reflective_DLL_Loader_Aug17_4 : FILE
 		date = "2017-08-20"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_loaders.yar#L156-L176"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_loaders.yar#L156-L176"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b988ea586589dced18f2165eff431be897b3e96fce2d124f5f41d52b520ccd76"
 		score = 75
 		quality = 85
@@ -374236,11 +374789,11 @@ rule SIGNATURE_BASE_EXPL_CVE_2024_21413_Microsoft_Outlook_RCE_Feb24 : CVE_2024_2
 		date = "2024-02-17"
 		modified = "2024-02-19"
 		reference = "https://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerability/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_outlook_cve_2024_21413.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_outlook_cve_2024_21413.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "06cfafe0b92949e493dca6d54f671d0607242d97341144b69f563a0cc24dc6a1"
 		score = 75
-		quality = 60
+		quality = 85
 		tags = "CVE-2024-21413, FILE"
 
 	strings:
@@ -374260,8 +374813,8 @@ rule SIGNATURE_BASE_APT_Sidewinder_NET_Loader_Aug_2020_1_1 : FILE
 		date = "2020-08-24"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/ShadowChasing1/status/1297902086747598852"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sidewinder.yar#L4-L22"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sidewinder.yar#L4-L22"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5ee7029143c589f26e6c325e163bfac85507c950f09778bd51ec2bdf4d4263fa"
 		score = 75
 		quality = 83
@@ -374288,8 +374841,8 @@ rule SIGNATURE_BASE_APT_MAL_Sidewinder_Implant : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://cybersecurity.att.com/blogs/labs-research/a-global-perspective-of-the-sidewinder-apt"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_sidewinder.yar#L24-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_sidewinder.yar#L24-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bfad86dbdc04463e7e4cc126fd05fc9107617a7ea1bd3f283c0e0170862bd59b"
 		score = 75
 		quality = 85
@@ -374325,8 +374878,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_LNX_Macos_Lockbit_Apr23_1 : FILE
 		date = "2023-04-15"
 		modified = "2023-12-05"
 		reference = "https://twitter.com/malwrhunterteam/status/1647384505550876675?s=20"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_lockbit_lnx_macos_apr23.yar#L2-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_lockbit_lnx_macos_apr23.yar#L2-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6d838e8b207b97d7c335dc4066de2c6dc87f7adc9cac31742677edbe85386cf7"
 		score = 85
 		quality = 85
@@ -374365,8 +374918,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Lockbit_Apr23_1
 		date = "2023-04-17"
 		modified = "2023-12-05"
 		reference = "https://objective-see.org/blog/blog_0x75.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_lockbit_lnx_macos_apr23.yar#L43-L67"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_lockbit_lnx_macos_apr23.yar#L43-L67"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "cd5bffa5571abfd1446b065d26c8c23f00fe1376d505af539c6f37356014a86f"
 		score = 75
 		quality = 85
@@ -374393,8 +374946,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Lockbit_Locker_LOG_Apr23_1
 		date = "2023-04-17"
 		modified = "2023-12-05"
 		reference = "https://objective-see.org/blog/blog_0x75.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_lockbit_lnx_macos_apr23.yar#L69-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_lockbit_lnx_macos_apr23.yar#L69-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d5f96e601150209382d3f6458863bc79768beb99b587aa8d9ba37cb2c11ef634"
 		score = 75
 		quality = 85
@@ -374418,8 +374971,8 @@ rule SIGNATURE_BASE_MAL_RANSOM_Lockbit_Forensicartifacts_Apr23_1
 		date = "2023-04-17"
 		modified = "2023-12-05"
 		reference = "https://objective-see.org/blog/blog_0x75.html"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/mal_lockbit_lnx_macos_apr23.yar#L86-L101"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/mal_lockbit_lnx_macos_apr23.yar#L86-L101"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "81021f8c9aed17c007d7329a598c644a706fa9750818c8974984eefcba8d06c2"
 		score = 75
 		quality = 85
@@ -374442,8 +374995,8 @@ rule SIGNATURE_BASE_HKTL_Koh_Tokenstealer : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/GhostPack/Koh"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_hktl_koh_tokenstealer.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_hktl_koh_tokenstealer.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e2c4d948e23f1a3a92689f35fedde6e041d09cd88deac9ff3249556be0b8f789"
 		score = 75
 		quality = 85
@@ -374468,8 +375021,8 @@ rule SIGNATURE_BASE_VULN_Dell_BIOS_Update_Driver_Dbutil_May21 : CVE_2021_21551 F
 		date = "2021-05-05"
 		modified = "2023-12-05"
 		reference = "https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/vul_dell_bios_upd_driver.yar#L2-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/vul_dell_bios_upd_driver.yar#L2-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9cefb9fe28e818a3b0bc1c9ac570ddf2fac7ebf23408963656b7ec86d5bf3224"
 		score = 60
 		quality = 85
@@ -374494,8 +375047,8 @@ rule SIGNATURE_BASE_ACE_Containing_EXE
 		date = "2015-09-09"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_ace_with_exe.yar#L2-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_ace_with_exe.yar#L2-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "27fba0db7a98fbaf4b3710a9e411ed74860099c133a2e83ddf368ae2fef3c288"
 		score = 50
 		quality = 83
@@ -374520,8 +375073,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Adselfservice_CVE_2021_40539_ADSLOG_Sep21 : LOG CVE
 		date = "2021-09-20"
 		modified = "2023-12-05"
 		reference = "https://us-cert.cisa.gov/ncas/alerts/aa21-259a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_adselfservice_cve_2021_40539.yar#L2-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_adselfservice_cve_2021_40539.yar#L2-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "49b7857187c15f48e928747266adca44c227964cef72914616ea269b0e88fe73"
 		score = 70
 		quality = 85
@@ -374542,8 +375095,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Adselfservice_CVE_2021_40539_Weblog_Sep21_1 : LOG C
 		date = "2021-09-20"
 		modified = "2023-12-05"
 		reference = "https://us-cert.cisa.gov/ncas/alerts/aa21-259a"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_adselfservice_cve_2021_40539.yar#L16-L29"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_adselfservice_cve_2021_40539.yar#L16-L29"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bc27afd63d32ac95711e5b4e70764fe0d1bcbb4b4b9b4e3f324e058bba2ef8f6"
 		score = 60
 		quality = 85
@@ -374565,8 +375118,8 @@ rule SIGNATURE_BASE_APT_UNC1151_Windowsinstaller_Silent_Installproduct_Macrometh
 		date = "2021-07-28"
 		modified = "2023-12-05"
 		reference = "Thttps://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_unc1151_ua.yar#L1-L16"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_unc1151_ua.yar#L1-L16"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "aec1bb992061fdf1abf5c1a61cf9ec9e54c1f13be36ceb84890b058ade273b70"
 		score = 75
 		quality = 85
@@ -374592,8 +375145,8 @@ rule SIGNATURE_BASE_XMRIG_Monero_Miner : HIGHVOL FILE
 		date = "2018-01-04"
 		modified = "2022-11-10"
 		reference = "https://github.com/xmrig/xmrig/releases"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/pua_xmrig_monero_miner.yar#L11-L33"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/pua_xmrig_monero_miner.yar#L11-L33"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "532e602dfc8e44326e381d0e2a189b60bc4d4f2b310169767b2326e01606a542"
 		score = 75
 		quality = 85
@@ -374623,8 +375176,8 @@ rule SIGNATURE_BASE_XMRIG_Monero_Miner_Config : FILE
 		date = "2018-01-04"
 		modified = "2023-12-05"
 		reference = "https://github.com/xmrig/xmrig/releases"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/pua_xmrig_monero_miner.yar#L35-L51"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/pua_xmrig_monero_miner.yar#L35-L51"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5df14af366cdb0a5bf6fd88b50876fd78abfe0b795cf10af8fab0d23a54f700f"
 		score = 75
 		quality = 85
@@ -374650,8 +375203,8 @@ rule SIGNATURE_BASE_PUA_LNX_XMRIG_Cryptominer : FILE
 		date = "2018-06-28"
 		modified = "2023-01-06"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/pua_xmrig_monero_miner.yar#L53-L70"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/pua_xmrig_monero_miner.yar#L53-L70"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "501bc5b2d38882f48d1ef972dbbd379afb89f2e7c9bf69192c7bee2e19384816"
 		score = 75
 		quality = 85
@@ -374677,8 +375230,8 @@ rule SIGNATURE_BASE_SUSP_XMRIG_String : FILE
 		date = "2018-12-28"
 		modified = "2023-12-05"
 		reference = "Internal Research"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/pua_xmrig_monero_miner.yar#L72-L84"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/pua_xmrig_monero_miner.yar#L72-L84"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d2c3145c50939e7f407125f7b9312161724b7b1a6fcbf7e27d049e49e982c7e9"
 		score = 65
 		quality = 85
@@ -374700,8 +375253,8 @@ rule SIGNATURE_BASE_APT_NK_Lazarus_RC4_Loop : FILE
 		date = "2020-06-10"
 		modified = "2023-12-05"
 		reference = "https://labs.f-secure.com/publications/ti-report-lazarus-group-cryptocurrency-vertical"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_aug20.yar#L2-L15"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_aug20.yar#L2-L15"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b0e96bfff924a0c9b39e1ab03097ae0790743417d9da70917d64bc238905971e"
 		score = 75
 		quality = 85
@@ -374724,8 +375277,8 @@ rule SIGNATURE_BASE_APT_NK_Lazarus_Network_Backdoor_Unpacked : FILE
 		date = "2020-06-10"
 		modified = "2023-12-05"
 		reference = "https://labs.f-secure.com/publications/ti-report-lazarus-group-cryptocurrency-vertical"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_lazarus_aug20.yar#L17-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_lazarus_aug20.yar#L17-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bfc3cf400eeea332e2e44b65f9728e94af0adde76b32ed4be527b25484f80745"
 		score = 75
 		quality = 75
@@ -374755,8 +375308,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Scripts
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron_extras.yar#L1-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron_extras.yar#L1-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "275ec8de40ae973b4ec4c891c56a70fc2fd05abff258b8015d986d0106506367"
 		score = 75
 		quality = 85
@@ -374790,8 +375343,8 @@ rule SIGNATURE_BASE_HKTL_Dsniff
 		date = "2019-02-19"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron_extras.yar#L27-L39"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron_extras.yar#L27-L39"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0edd3ba7e78ee2810aa3c7643a96382c1fe0b5e627913a5a9bac2e83c8d40274"
 		score = 55
 		quality = 85
@@ -374812,8 +375365,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Arping_Module
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron_extras.yar#L41-L55"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron_extras.yar#L41-L55"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d87e91441994c4ed863596d79c108c9f72adfb708f885cb63a881eb25aa089b7"
 		score = 75
 		quality = 85
@@ -374837,8 +375390,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Kblogi_Module
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron_extras.yar#L57-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron_extras.yar#L57-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bba87b17a62fc968e89d4f6d10de06875c6b7f47c8bb7ae3f7932804b23a8e87"
 		score = 75
 		quality = 85
@@ -374862,8 +375415,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Basex_Module
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron_extras.yar#L73-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron_extras.yar#L73-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "90cfb58017d62312c56908aca1a48bb7425f5cd51540298ecf65305b46ffb2c8"
 		score = 75
 		quality = 85
@@ -374887,8 +375440,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Dext_Module
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron_extras.yar#L89-L104"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron_extras.yar#L89-L104"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7dbfb3ddfffa6fa65800e07fdcc527650474740afa658567efe46830587cedae"
 		score = 75
 		quality = 85
@@ -374913,8 +375466,8 @@ rule SIGNATURE_BASE_Hacktool_This_Cruft : FILE
 		date = "2016-08-08"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron_extras.yar#L106-L119"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron_extras.yar#L106-L119"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "875c34e8048c3f98afc97683d0b3086c3396753cd9fb14bc68681c63ed77fd51"
 		score = 60
 		quality = 85
@@ -374936,8 +375489,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M1 : FILE
 		date = "2016-08-09"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron_extras.yar#L130-L148"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron_extras.yar#L130-L148"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c81c996e487bdd840111513724ccf1220ee3bd8280d776aa4c128ef5263ee136"
 		score = 75
 		quality = 85
@@ -374964,8 +375517,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M2 : FILE
 		date = "2016-08-09"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron_extras.yar#L150-L167"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron_extras.yar#L150-L167"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "57099a802ee62a5183156f0b30713553b6fd83bbb5e1b453e9b25da0109b8777"
 		score = 75
 		quality = 85
@@ -374991,8 +375544,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M3 : FILE
 		date = "2016-08-09"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron_extras.yar#L169-L186"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron_extras.yar#L169-L186"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "739414990d112dd16e01831408ba745b04fae7621eb9074f73babbc40b69e1ad"
 		score = 75
 		quality = 85
@@ -375018,8 +375571,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M4 : FILE
 		date = "2016-08-09"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron_extras.yar#L188-L206"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron_extras.yar#L188-L206"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "0735ba9591a9cf06cd13ba480b4559ef83105ab08ffcec21ebbbfdf3766edb93"
 		score = 75
 		quality = 85
@@ -375046,8 +375599,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M6 : FILE
 		date = "2016-08-09"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron_extras.yar#L208-L226"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron_extras.yar#L208-L226"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "95ca9a0b2e71e7152d20a01d238e7362024c6dac6fc95ed2ebfa96dcbc8dbd40"
 		score = 75
 		quality = 85
@@ -375074,8 +375627,8 @@ rule SIGNATURE_BASE_APT_Project_Sauron_Custom_M7 : FILE
 		date = "2016-08-09"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/eFoP4A"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_project_sauron_extras.yar#L228-L261"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_project_sauron_extras.yar#L228-L261"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d132ddeb1d26b035565d3707b73d401fb413315febe26ac291cb05bfeca7c41d"
 		score = 75
 		quality = 85
@@ -375112,8 +375665,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Backdoorlogger
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L3-L17"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L3-L17"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c7716b21e85d7e9fb1e1503071c6cd7dc2f4713051e0b03013e3d123a0d800a6"
 		score = 70
 		quality = 85
@@ -375135,8 +375688,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Jasus
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L19-L34"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L19-L34"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7d6cd7f0f264a0bfdc6af422baa1a0e257cb8f4c39a2cb27a1edaf70201e8564"
 		score = 70
 		quality = 85
@@ -375159,8 +375712,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Loggermodule
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L36-L50"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L36-L50"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "dd937bc3fc7054874a3c61bbef859dd8a8ec37872a30be6d3e1776957f98db80"
 		score = 70
 		quality = 85
@@ -375182,8 +375735,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Netc
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L52-L66"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L52-L66"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7da739c33da91f07e9e35ceab88a37477372998b4cf4b692b8d26cd1a4d936de"
 		score = 70
 		quality = 85
@@ -375205,8 +375758,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Shellcreator2
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L68-L82"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L68-L82"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5422cf4e4809c1183c3c9870d9a5ddcf806082d8cae81a014255f5f18576101d"
 		score = 70
 		quality = 85
@@ -375228,8 +375781,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Smartcopy2
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L84-L98"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L84-L98"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "5b83588fa80558cd387511d38e9d1c51c488216b9cd27e848d8bdc59cd8ce348"
 		score = 70
 		quality = 85
@@ -375251,8 +375804,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Synflooder
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L100-L115"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L100-L115"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b5349931c4eb5733f9bf05e7cfac6a434063a01d802665f70384cb29d9ae2a3d"
 		score = 70
 		quality = 85
@@ -375275,8 +375828,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Tinyzbot
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L117-L138"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L117-L138"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fdc41fbec71602e13105a03a4f44319a139018bda00e87e8f4d9b5e2f6269c14"
 		score = 70
 		quality = 85
@@ -375305,8 +375858,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Zhoupinexploitcrew
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L140-L154"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L140-L154"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1541f1ebc026d3eaf9b62150085415d12523ee1395fb8cf7ade8608a1b0a11b6"
 		score = 70
 		quality = 85
@@ -375328,8 +375881,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Antivirusdetector
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L156-L171"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L156-L171"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9a8c2bbd27efab4c5579ea143abbd2f71c477dfd0ddbfb1741359e4d34140d9b"
 		score = 70
 		quality = 85
@@ -375352,8 +375905,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Csext
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L173-L188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L173-L188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "b4d070b71b685608ab84e757d01293749f2c017a6cd5b6ade6591264adc9836b"
 		score = 70
 		quality = 85
@@ -375376,8 +375929,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Kagent
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L190-L204"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L190-L204"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "bd72ade7d40db830dc980def5107261f9cb41b713f9a0a1b2f41f7658b31653e"
 		score = 70
 		quality = 85
@@ -375399,8 +375952,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Mimikatzwrapper
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L206-L220"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L206-L220"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "c643e248a9d8dd653ec99f8b59cdc7af945857a6a0321f93cc6983e85f84baba"
 		score = 70
 		quality = 85
@@ -375422,8 +375975,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Pvz_In
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L222-L236"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L222-L236"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "eae778162be5dcfa0005bb237c5209e7103db3549e06706744f9ebdf04e192df"
 		score = 70
 		quality = 85
@@ -375445,8 +375998,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Pvz_Out
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L238-L252"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L238-L252"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "849300c32d2df42a011386903495d271810fd8a40c76d1a0c6295c059deb3a05"
 		score = 70
 		quality = 85
@@ -375468,8 +376021,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Wndtest
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L254-L269"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L254-L269"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3b29c2b92b816bd0559695cb6b0b6e050ca8c5e256ec92448535fe9edf20757f"
 		score = 70
 		quality = 85
@@ -375492,8 +376045,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Zhcat
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L271-L285"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L271-L285"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ef5112532ba62cb2cf6a1c62b344d9146c5b8e2da50990c8cfd60d91b99bcb5e"
 		score = 70
 		quality = 85
@@ -375515,8 +376068,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Zhlookup
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L287-L300"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L287-L300"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9cc476e016708fd1604a63e2391057dc9dd0865448b62742ec596d6de54bf8f6"
 		score = 70
 		quality = 85
@@ -375537,8 +376090,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Zhmimikatz
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L302-L316"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L302-L316"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "1d6ce5b3351d4b01abe0c2f614d002d4e96599b4bfa01138704a3fdf345d0786"
 		score = 70
 		quality = 85
@@ -375560,8 +376113,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Parviz_Developer
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L318-L332"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L318-L332"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6ae043ee5baa7361def79811350317baf54eb76cf15001a7785808dc7947fddc"
 		score = 70
 		quality = 85
@@ -375583,8 +376136,8 @@ rule SIGNATURE_BASE_OPCLEAVER_Ccproxy_Config
 		date = "2014-12-02"
 		modified = "2023-12-05"
 		reference = "http://cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_op_cleaver.yar#L334-L352"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_op_cleaver.yar#L334-L352"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6e5c1c75a499434ad6ddd2439d28ac91d500b18418e693761d0b236bf6d6ce42"
 		score = 70
 		quality = 85
@@ -375610,8 +376163,8 @@ rule SIGNATURE_BASE_LOG_EXPL_Proxytoken_Exploitation_Aug21_1 : CVE_2021_33766
 		date = "2021-08-30"
 		modified = "2023-12-05"
 		reference = "https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2021_33766_proxytoken.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2021_33766_proxytoken.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "ff0c3e4f7491f5faec3e2688819ea5ec636a7d4eb57941afff6f53f60b0c0293"
 		score = 75
 		quality = 85
@@ -375637,8 +376190,8 @@ rule SIGNATURE_BASE_APT_LNX_Academic_Camp_May20_Eraser_1 : FILE
 		date = "2020-05-16"
 		modified = "2023-12-05"
 		reference = "https://csirt.egi.eu/academic-data-centers-abused-for-crypto-currency-mining/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_academic_data_centers_camp_may20.yar#L1-L18"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_academic_data_centers_camp_may20.yar#L1-L18"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "9a0410e86fa8fb8b599e5b8a6508d6889eb6e26600f0ecf222561ac4a169676d"
 		score = 75
 		quality = 85
@@ -375663,8 +376216,8 @@ rule SIGNATURE_BASE_APT_LNX_Academic_Camp_May20_Loader_1 : FILE
 		date = "2020-05-16"
 		modified = "2023-12-05"
 		reference = "https://csirt.egi.eu/academic-data-centers-abused-for-crypto-currency-mining/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_academic_data_centers_camp_may20.yar#L20-L35"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_academic_data_centers_camp_may20.yar#L20-L35"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "a73883f9fdf3d53694d9f9efec5f8f15994c5fd80c5f2a87b1741db6b954a023"
 		score = 75
 		quality = 85
@@ -375688,8 +376241,8 @@ rule SIGNATURE_BASE_Crime_Ole_Loadswf_Cve_2018_4878 : PURPORTED_NORTH_KOREAN_ACT
 		date = "2025-01-01"
 		modified = "2023-12-05"
 		reference = "hxxps://www[.]krcert[.]or[.kr/data/secNoticeView.do?bulletin_writing_sequence=26998"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_ole_loadswf_cve_2018_4878.yar#L2-L31"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_ole_loadswf_cve_2018_4878.yar#L2-L31"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "716cad0c5a12cc360522e2649c7870a493bef4bec3d55c3a3e235f3a85c02a56"
 		score = 75
 		quality = 85
@@ -375723,8 +376276,8 @@ rule SIGNATURE_BASE_Codoso_Plugx_3 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L11-L27"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L11-L27"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "74e1e83ac69e45a3bee78ac2fac00f9e897f281ea75ed179737e9b6fe39971e3"
 		logic_hash = "51615c2583bb672f148f216e4856e7e346b17884f0740d69f6a24f08b594bda4"
 		score = 75
@@ -375750,8 +376303,8 @@ rule SIGNATURE_BASE_Codoso_Plugx_2 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L28-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L28-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b9510e4484fa7e3034228337768176fce822162ad819539c6ca3631deac043eb"
 		logic_hash = "5ee652a135d4865340d2ce6421144ec76ccc7ab69704e92904b2e2ebfc72edfc"
 		score = 75
@@ -375778,8 +376331,8 @@ rule SIGNATURE_BASE_Codoso_Customtcp_4 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L46-L71"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L46-L71"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "fcabbd37acf75e1233894682e77abad95a849ed68c7e8ce2690dde03d8160f8b"
 		score = 75
 		quality = 85
@@ -375812,8 +376365,8 @@ rule SIGNATURE_BASE_Codoso_Customtcp_3 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L72-L93"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L72-L93"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "d66106ec2e743dae1d71b60a602ca713b93077f56a47045f4fc9143aa3957090"
 		logic_hash = "fb486985587fc28c45cbdf6a63550e60e8d6c18f218544adc19c5604193fe8ea"
 		score = 75
@@ -375844,8 +376397,8 @@ rule SIGNATURE_BASE_Codoso_Customtcp_2 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L94-L114"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L94-L114"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "3577845d71ae995762d4a8f43b21ada49d809f95c127b770aff00ae0b64264a3"
 		logic_hash = "a355ac60dca5ca880a90a5c2720690b4691630fd434411758fa7ff006f7389ba"
 		score = 75
@@ -375875,8 +376428,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_6 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L115-L129"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L115-L129"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "4b16f6e8414d4192d0286b273b254fa1bd633f5d3d07ceebd03dfdfc32d0f17f"
 		logic_hash = "0907274bd6c97b7d7b2913e42aa748c92012aeeb32196ddcbcd30332f4e95ac9"
 		score = 75
@@ -375900,8 +376453,8 @@ rule SIGNATURE_BASE_Codoso_Gh0St_3 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L130-L151"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L130-L151"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "bf52ca4d4077ae7e840cf6cd11fdec0bb5be890ddd5687af5cfa581c8c015fcd"
 		logic_hash = "e24d434d8f08b83f8e4b1f4aa75a84a040e4f56cdbd9a58ff49c463437e78c24"
 		score = 75
@@ -375931,8 +376484,8 @@ rule SIGNATURE_BASE_Codoso_Gh0St_2 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L152-L170"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L152-L170"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "5402c785037614d09ad41e41e11093635455b53afd55aa054a09a84274725841"
 		logic_hash = "5864e52820578769a31a6925795d13283d7b3bc5f9ac50ac8aea6578a5919e71"
 		score = 75
@@ -375960,8 +376513,8 @@ rule SIGNATURE_BASE_Codoso_Customtcp : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L171-L188"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L171-L188"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "b95d7f56a686a05398198d317c805924c36f3abacbb1b9e3f590ec0d59f845d8"
 		logic_hash = "4f0333de25b9f84ecaa3e63c5f600f53929244cd63a681d21cb78cfe17ca15f9"
 		score = 75
@@ -375988,8 +376541,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_5 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L192-L208"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L192-L208"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e248bada3ac46611bbe2cf1e1afee902191a2c1fb9611c4a052318e5e093b015"
 		score = 75
 		quality = 85
@@ -376015,8 +376568,8 @@ rule SIGNATURE_BASE_Codoso_Gh0St_1 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L209-L247"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L209-L247"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "799ae0946464e5b4980f792e525da9eec46aa7844ec977f892a80f58d8b22afd"
 		score = 75
 		quality = 85
@@ -376060,8 +376613,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_4 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L248-L275"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L248-L275"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f24100c0fe837511ce6144224eda397fed3931072e364f1b5be49c7bb4102aa4"
 		score = 75
 		quality = 85
@@ -376097,8 +376650,8 @@ rule SIGNATURE_BASE_Codoso_Plugx_1 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L276-L294"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L276-L294"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "34736c85699a94b1413e5f9934e1a55841e8296df61d558bccf2d477e545d156"
 		score = 75
 		quality = 85
@@ -376126,8 +376679,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_3
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L295-L314"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L295-L314"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "371a91b08747b8025baba79797baf9f29487f9c3541f27fc2c2716b531d30b54"
 		score = 75
 		quality = 85
@@ -376156,8 +376709,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_2 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L315-L337"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L315-L337"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7eab3d398b5172127383047de7106a9713ec5b149f8e8ca1506b3382b007f648"
 		score = 75
 		quality = 85
@@ -376189,8 +376742,8 @@ rule SIGNATURE_BASE_Codoso_PGV_PVID_1 : FILE
 		date = "2016-01-30"
 		modified = "2023-12-05"
 		reference = "https://www.proofpoint.com/us/exploring-bergard-old-malware-new-tricks"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_codoso.yar#L339-L367"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_codoso.yar#L339-L367"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "8cecf96c7732becf83eb900bc36fa44daee466da6b483ea4f8c25ae9aeffcb7b"
 		score = 75
 		quality = 85
@@ -376226,8 +376779,8 @@ rule SIGNATURE_BASE_STUXSHOP_Config
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://medium.com/chronicle-blog/who-is-gossipgirl-3b4170f846c0"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stuxshop.yar#L2-L30"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stuxshop.yar#L2-L30"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c1961e54d60e34bbec397c9120564e8d08f2f243ae349d2fb20f736510716579"
 		logic_hash = "9dd57f8b4e25a53dcf54dc75a1bb26675c7dd04dbb4d96286bcc0a6527a21782"
 		score = 75
@@ -376260,8 +376813,8 @@ rule SIGNATURE_BASE_STUXSHOP_Oscheck
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_stuxshop.yar#L32-L47"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_stuxshop.yar#L32-L47"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "c1961e54d60e34bbec397c9120564e8d08f2f243ae349d2fb20f736510716579"
 		logic_hash = "3dca26e622289c2d244e3af035e892455a47daa67dbe0c6fad29d9f7403cbc6b"
 		score = 75
@@ -376289,8 +376842,8 @@ rule SIGNATURE_BASE_EXT_APT32_Goopdate_Installer
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://about.fb.com/news/2020/12/taking-action-against-hackers-in-bangladesh-and-vietnam/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt32.yar#L3-L20"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt32.yar#L3-L20"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "69730f2c2bb9668a17f8dfa1f1523e0e1e997ba98f027ce98f5cbaa869347383"
 		logic_hash = "1dcb3009c5c19ff4e54d82d3a4b99b3431e78664f1660522a781e815d96958c4"
 		score = 75
@@ -376316,8 +376869,8 @@ rule SIGNATURE_BASE_EXT_APT32_Osx_Backdoor_Loader : FILE
 		date = "2023-12-05"
 		modified = "2023-12-05"
 		reference = "https://about.fb.com/news/2020/12/taking-action-against-hackers-in-bangladesh-and-vietnam/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/apt_apt32.yar#L22-L49"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/apt_apt32.yar#L22-L49"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		hash = "768510fa9eb807bba9c3dcb3c7f87b771e20fa3d81247539e9ea4349205e39eb"
 		logic_hash = "26964f95a9298b838e06fb9d7f739c8b87a976d8da7fb08416e952d26e84b84e"
 		score = 75
@@ -376346,8 +376899,8 @@ rule SIGNATURE_BASE_Flash_CVE_2015_5119_APT3_Leg : CVE_2015_5119 FILE
 		date = "2015-08-01"
 		modified = "2023-12-05"
 		reference = "https://github.com/Neo23x0/signature-base"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/exploit_cve_2015_5119.yar#L2-L21"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/exploit_cve_2015_5119.yar#L2-L21"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "99af6b9ecc18b87b14968eb8fffefac7be10dd727d8af2d0488fae4a96196e85"
 		score = 70
 		quality = 85
@@ -376376,8 +376929,8 @@ rule SIGNATURE_BASE_Powershdll
 		date = "2017-08-03"
 		modified = "2023-12-05"
 		reference = "https://github.com/p3nt4/PowerShdll"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/gen_powershdll.yar#L9-L25"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/gen_powershdll.yar#L9-L25"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "6c93eca642cc29e6ce661e6ea975bc1a88fff4e6a4825c1da3f82b3a6701392a"
 		score = 75
 		quality = 85
@@ -376403,8 +376956,8 @@ rule SIGNATURE_BASE_Notpetya_Ransomware_Jun17 : FILE
 		date = "2017-06-27"
 		modified = "2023-12-05"
 		reference = "https://goo.gl/h6iaGj"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/crime_nopetya_jun17.yar#L12-L41"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/crime_nopetya_jun17.yar#L12-L41"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "e49fd918e9cc09a60434e62767794cd908f195cb71fd7a752a2b4802973bc92e"
 		score = 75
 		quality = 85
@@ -376441,8 +376994,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Commvault_CVE_2025_57791_Aug25_1 : FILE
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_commvault_cve_2025_57791.yar#L1-L14"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_commvault_cve_2025_57791.yar#L1-L14"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "d5c6815a5ca3b03ef8f76ed7b378800012c763f90fcba2187bb07d81ce01d832"
 		score = 60
 		quality = 85
@@ -376464,8 +377017,8 @@ rule SIGNATURE_BASE_SUSP_EXPL_Commvault_CVE_2025_57791_Aug25_2 : FILE
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_commvault_cve_2025_57791.yar#L16-L28"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_commvault_cve_2025_57791.yar#L16-L28"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "61e3ddc09157badb2a1abf30da2cc35cac1a723db1134a37cb667be78209b845"
 		score = 65
 		quality = 85
@@ -376487,11 +377040,11 @@ rule SIGNATURE_BASE_SUSP_EXPL_Commvault_CVE_2025_57791_Artifact_Aug25 : FILE
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_commvault_cve_2025_57791.yar#L30-L45"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_commvault_cve_2025_57791.yar#L30-L45"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "7a3f57509dc7e986fd6d00204deb5baec815e04e0e140a7751bab8ce18e8da62"
 		score = 75
-		quality = 35
+		quality = 60
 		tags = "FILE"
 
 	strings:
@@ -376512,8 +377065,8 @@ rule SIGNATURE_BASE_EXPL_JSP_Commvault_CVE_2025_57791_Aug25_1 : FILE
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_commvault_cve_2025_57791.yar#L47-L59"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_commvault_cve_2025_57791.yar#L47-L59"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "359b35ced874244901f64bc09456cfec7079421ef6bab58ea95a3b1887ecc858"
 		score = 75
 		quality = 85
@@ -376535,8 +377088,8 @@ rule SIGNATURE_BASE_EXPL_JSP_Commvault_CVE_2025_57791_Aug25_2 : FILE
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_commvault_cve_2025_57791.yar#L61-L74"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_commvault_cve_2025_57791.yar#L61-L74"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "3375a33556a9b479f0c170de6e06c80ab0277f1356e4ac44bfe51d6a65a578fe"
 		score = 75
 		quality = 85
@@ -376559,11 +377112,11 @@ rule SIGNATURE_BASE_EXPL_LOG_Commvault_CVE_2025_57791_Indicator_Shell_Drop_Aug25
 		date = "2025-08-21"
 		modified = "2025-08-21"
 		reference = "https://labs.watchtowr.com/guess-who-would-be-stupid-enough-to-rob-the-same-vault-twice-pre-auth-rce-chains-in-commvault/"
-		source_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/yara/expl_commvault_cve_2025_57791.yar#L76-L87"
-		license_url = "https://github.com/Neo23x0/signature-base/blob/246b83ab6e030ba699da86296b851027328a9e98/LICENSE"
+		source_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/yara/expl_commvault_cve_2025_57791.yar#L76-L87"
+		license_url = "https://github.com/Neo23x0/signature-base/blob/e1e4eeda2287ab19e4f674bafa0049e43f12605e/LICENSE"
 		logic_hash = "f0e9fedba803b0cd8b1469bad7a50bf4647f7e2f786520caf5a79ac626879125"
 		score = 70
-		quality = 60
+		quality = 85
 		tags = ""
 
 	strings: